Hi, I have configured shorewall to run properly without tc. However when i enable tc it does not start. this is my >shorewall debug start errror code + cut -d# -f1 /etc/shorewall/tcrules + grep -v ''^[[:space:]]*$'' + read mark sources dests proto ports sports + run_iptables -t mangle -A FORWARD -j tcfor + iptables -t mangle -A FORWARD -j tcfor iptables: No chain/target/match by that name + ''['' -z '''' '']'' + stop_firewall + set +x Processing /etc/shorewall/stop ... Processing /etc/shorewall/stopped ... I have tried it with different information in the tcrules and tcstart file. I have tried marking every packet with a 1 in the tcrules file and the then putting a simple simple one line tc command in the tcstart file like "tc qdisc add dev eth0 root tbf rate 100kbit latency 50ms burst 1540" I have also copied the configurations available on shorewall.net with no luck. my shorewall version = 1.3.14a kernel 2.4.6 running red hat 7.2 The documentation says to check the kernel but I couldn''t figure out how to bring up the screeen at http://www.shorewall.net/images/QoS.png I patched iproute. Jason Mahon Systems Engineer Totalnet, Inc. 1300 Industrial Rd. Suite 1 San Carlos, CA 94070 Office (650) 593-2000 Fax (650) 593-5630
On Wed, 19 Mar 2003, Jason Mahon wrote:> Hi, > I have configured shorewall to run properly without tc. However when i > enable tc it does not start. > this is my >shorewall debug start errror code > + cut -d# -f1 /etc/shorewall/tcrules > + grep -v ''^[[:space:]]*$'' > + read mark sources dests proto ports sports > + run_iptables -t mangle -A FORWARD -j tcfor > + iptables -t mangle -A FORWARD -j tcfor iptables: No chain/target/match by > that name > + ''['' -z '''' '']'' > + stop_firewall + set > +x Processing /etc/shorewall/stop ... Processing /etc/shorewall/stopped ... >Please post the rest of this trace. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net
On Wed, 19 Mar 2003, Jason Mahon wrote:> my shorewall version = 1.3.14a > kernel 2.4.6 running red hat 7.2You can not set MARK_IN_FORWARD_CHAIN=Yes with kernel 2.4.6. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net
On Wed, 19 Mar 2003, Tom Eastep wrote:> On Wed, 19 Mar 2003, Jason Mahon wrote: > > > my shorewall version = 1.3.14a > > kernel 2.4.6 running red hat 7.2 > > You can not set MARK_IN_FORWARD_CHAIN=Yes with kernel 2.4.6. >Actually, with current Shorewall releases, you can''t use Traffic Shaping/control at all with kernel 2.4.6. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.sf.net Washington USA \ teastep@shorewall.net