Hi, I have 2-interface shorewall setup. One inerface is connected to DSL, another to the rest of my PCs. Basically, I am need 3 things: 1) How to enable UPnP ? Need that for SIP VoIP system. Is it something like: accept net fw udp 1900 accept loc fw udp 1900 2) How to limit traffic over eth0 to 30k for example? There are examples in the manual, but they are too complex, and I am not great networking specialist. 3) How to install wondershaper? Just enough to copy wshaper.htb to /etc/shorewall/tcstart and adjust few vars? Is that tcstart activated automatically or I need to instruct shorewall somehow to start it up? Additionally, wshaper.htb is a shell script, do I need to chmod tcstart to +x? Thanks in advance for any suggestion(s) ************************************************ *** with best regards *** Andrei Verovski (aka MacGuru) *** Mac, Linux, DTP, Programming Web Site *** *** http://snow.prohosting.com/guru4mac/ ************************************************
Andrei Verovski (aka MacGuru) wrote:> Hi, > > I have 2-interface shorewall setup. One inerface is connected to DSL, another > to the rest of my PCs. Basically, I am need 3 things: > > 1) How to enable UPnP ? Need that for SIP VoIP system. Is it something like: > accept net fw udp 1900 > accept loc fw udp 1900Shorewall does not support UPnP. UPnP requires that the firewall change its rules dynamically based on requests from hosts inside the firewall (Only Microsoft could come up with that idea). Shorewall is not a daemon and hence cannot react to such requests (there is no Shorewall code running once "shorewall start" completes). There are UPnP solutions available for Linux but I haven''t seen one that plays well with Shorewall. Maybe someone else has.> > 2) How to limit traffic over eth0 to 30k for example? There are examples in > the manual, but they are too complex, and I am not great networking > specialist.From http://shorewall.net/traffic_shaping.htm: "Shorewall does not do any type of Traffic Shaping/Bandwidth management itself but it does contain some facilities to intergrate with traffic shaping/control solutions". So if you don''t want to create your own traffic shaping solution, you need to find one that fits your needs.> > 3) How to install wondershaper? Just enough to copy wshaper.htb > to /etc/shorewall/tcstart and adjust few vars? Is that tcstart activated > automatically or I need to instruct shorewall somehow to start it up?From http://shorewall.net/traffic_shaping.htm: To start traffic shaping when Shorewall starts: 1. Set TC_ENABLED=Yes and CLEAR_TC=Yes 2. Supply an /etc/shorewall/tcstart script to configure your traffic shaping rules. 3. Optionally supply an /etc/shorewall/tcclear script to stop traffic shaping. That is usually unnecessary. 4. If your tcstart script uses the “fwmark” classifier, you can mark packets using entries in /etc/shorewall/tcrules.> Additionally, wshaper.htb is a shell script, do I need to chmod tcstart to > +x?Only if you want to run it. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net
On Tue, 2004-07-20 at 23:04 +0300, Andrei Verovski (aka MacGuru) wrote:> Hi, > > I have 2-interface shorewall setup. One inerface is connected to DSL, another > to the rest of my PCs. Basically, I am need 3 things: > > 1) How to enable UPnP ? Need that for SIP VoIP system. Is it something like: > accept net fw udp 1900 > accept loc fw udp 1900 >This gets 1900/udp traffic to your firewall - now what? I seem to remember some uPnP server/agent/stack for Linux floating around, check freshmeat.> 2) How to limit traffic over eth0 to 30k for example? There are examples in > the manual, but they are too complex, and I am not great networking > specialist. >See your #3> 3) How to install wondershaper? Just enough to copy wshaper.htb > to /etc/shorewall/tcstart and adjust few vars? Is that tcstart activated > automatically or I need to instruct shorewall somehow to start it up? > Additionally, wshaper.htb is a shell script, do I need to chmod tcstart to > +x? >Best bet is to install wondershaper via it''s instructions, and in shorewall.conf set TC_ENABLED=yes, CLEAR_TC=no. Have wondershaper called before or after shorewall and it will be in effect. One word of warning, you mention that you aren''t great at networking so you may be better of not messing around with something like wondershaper. It probably won''t help as much as you think (besides the psychological effect). -- David T Hollis <dhollis@davehollis.com>