Shorewall users - Nov 2005 - Internal shorewall traffic shaping don't work

I''m using shorewall 3.0.1 upgraded from some 2.4.x on two router
boxes: debian and mandriva. Both are very similar and have simple
masquarading setups with external eth0 and internal eth1 interfaces.
Both have the same troublesome beavior:

I''m trying to turn on internal firewall traffic shaping. Manual says
to turn on TC_ENABLED in shorewall.conf.
But shorewall says "unable to find tcstart file". Manual says to use
supplied? tcstart file if you want internal shorewall traffic shaping,
but both my systems have no supplied tcstart file, nor I was able to
find such in source tarball.
If I create empty tcstart file, it looks like shorewall don''t do
internal shaping, and is trying to load shaping rules from tcstart. As
tcstart is empty, there are no any shaping, if I understand it right.

shorewall show tc output:

Shorewall-3.0.1 Traffic Control at xxx.xxx.xxx - Mon Nov 28 04:44:02 EET 2005

Device eth0:
qdisc pfifo_fast 0: bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
 Sent 118298500 bytes 201727 pkts (dropped 0, overlimits 0)

Device eth1:
qdisc pfifo_fast 0: bands 3 priomap  1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
 Sent 58654504 bytes 119610 pkts (dropped 0, overlimits 0)

Can somebody help me please? I am new to all these things. I''ll
provide more debug info if it is necessary.


--
Sincerely Yours, Vladislav Kugelevich


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click

Vladislav Kugelevich wrote:
> I''m using shorewall 3.0.1 up
> 
> I''m trying to turn on internal firewall traffic shaping. Manual
says
> to turn on TC_ENABLED in shorewall.conf.
Where the manual says that ??

Manual says:

"Set TC_ENABLED to "Internal" in
/etc/shorewall/shorewall.conf"

On Monday 28 November 2005 16:52, Vladislav Kugelevich wrote:
>
> Can somebody help me please? I am new to all these things. I''ll
> provide more debug info if it is necessary.
>
>
Sounds to me like the documentation that you are reading doesn''t match
the
version of Shorewall you are running. You seem to be running Shorewall 3.0.1 
so you should be reading http://www.shorewall.net/traffic_shaping.htm

As described in that document, you must:

a) Set TC_ENABLED=Internal in /etc/shorewall/shorewall.conf
b) Define your traffic shaping parameters in /etc/shorewall/tcdevices 
and /etc/shorewall/tcclasses
c) Classify traffic in /etc/shorewall/tcrules as required.

-Tom
-- 
Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
Shoreline,     \ http://shorewall.net
Washington USA  \ teastep@shorewall.net
PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key

Ooops, big thanks to everyone, especially Tom, who''s wasting his time
not only to develop such great software, but also to help us poor
users ;-)
Looks like it works now. I think I should read docs more carefully in
the future.


On 11/29/05, Tom Eastep <teastep@shorewall.net>
wrote:
> On Monday 28 November 2005 16:52, Vladislav Kugelevich wrote:
>
> >
> > Can somebody help me please? I am new to all these things.
I''ll
> > provide more debug info if it is necessary.
> >
> >
>
> Sounds to me like the documentation that you are reading doesn''t
match the
> version of Shorewall you are running. You seem to be running Shorewall
3.0.1
> so you should be reading http://www.shorewall.net/traffic_shaping.htm
>
> As described in that document, you must:
>
> a) Set TC_ENABLED=Internal in /etc/shorewall/shorewall.conf
> b) Define your traffic shaping parameters in /etc/shorewall/tcdevices
> and /etc/shorewall/tcclasses
> c) Classify traffic in /etc/shorewall/tcrules as required.
>
> -Tom
> --
> Tom Eastep    \ Nothing is foolproof to a sufficiently talented fool
> Shoreline,     \ http://shorewall.net
> Washington USA  \ teastep@shorewall.net
> PGP Public Key   \ https://lists.shorewall.net/teastep.pgp.key
>
>
>

--
Sincerely Yours, Vladislav Kugelevich


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_idv37&alloc_id865&op=click