Adrian Mak
2006-Jul-21 03:43 UTC
how do I know whether my netfilter support all the traffic/bandwidth feature provided in shorewall
my linux kernel is 2.6.9-34, shorewall 3.0.x here is a list of netfilter modules list by lsmod command ipt_REJECT 6593 4 ipt_LOG 6465 5 ipt_state 1857 13 ipt_pkttype 1601 4 iptable_raw 1985 0 ipt_owner 4417 1 ipt_recent 13133 0 ipt_iprange 1985 0 ipt_physdev 2001 0 ipt_multiport 1985 8 ipt_conntrack 2369 3 iptable_mangle 2753 0 ip_nat_irc 4401 0 ip_nat_tftp 3761 0 ip_nat_ftp 4913 0 ip_conntrack_irc 71921 1 ip_nat_irc ip_conntrack_tftp 3953 0 ip_conntrack_ftp 72689 1 ip_nat_ftp autofs4 23237 0 ipt_MASQUERADE 3649 3 iptable_nat 23037 5 ip_nat_irc,ip_nat_tftp,ip_nat_ftp,ipt_MASQUERADE ip_conntrack 40565 10 ipt_state,ipt_conntrack,ip_nat_irc,ip_nat_tftp,ip_nat_ftp,ip_conntrack_irc,ip_conntrack_tftp,ip_conntrack_ftp,ipt_MASQUERADE,iptable_nat iptable_filter 2753 1 ip_tables 16705 15 ipt_REJECT,ipt_LOG,ipt_state,ipt_pkttype,iptable_raw,ipt_owner,ipt_recent,ipt_iprange,ipt_physdev,ipt_multiport,ipt_conntrack,iptable_mangle,ipt_MASQUERADE,iptable_nat,iptable_filter Are the above netfilter modules available on my system, able to use all the bandwith/traffic features provided in shorewall ? ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Tom Eastep
2006-Jul-21 03:59 UTC
Re: how do I know whether my netfilter support all the traffic/bandwidth feature provided in shorewall
Adrian Mak wrote:> m > > Are the above netfilter modules available on my system, able to use all the > bandwith/traffic features provided in shorewall ? >Rather than asking that question, you should be looking at the output of "shorewall show capabilities". -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Adrian Mak
2006-Jul-21 07:11 UTC
Re: how do I know whether my netfilter support all the traffic/bandwidth feature provided in shorewall
Here is shorewall detected capabilities. With avilaibale capabiltiies shown here , does my linux netfilter support traffic/bandwidth feature of shorewall ? Shorewall has detected the following iptables/netfilter capabilities: NAT: Available Packet Mangling: Available Multi-port Match: Available Extended Multi-port Match: Not available Connection Tracking Match: Available Packet Type Match: Available Policy Match: Not available Physdev Match: Available IP range Match: Available Recent Match: Available Owner Match: Available Ipset Match: Not available ROUTE Target: Not available Extended MARK Target: Not available CONNMARK Target: Not available Connmark Match: Not available Raw Table: Available ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Tom Eastep
2006-Jul-21 13:44 UTC
Re: how do I know whether my netfilter support all the traffic/bandwidth feature provided in shorewall
Adrian Mak wrote:> Here is shorewall detected capabilities. With avilaibale capabiltiies shown > here , does my linux netfilter support traffic/bandwidth feature of > shorewall ? >Sorry -- I mis-read your question the first time. Looking at lsmod output and the output of ''shorewall show capabilities'' isn''t enough to tell if traffic shaping support is available. The oldest kernel that I run 2.6.13; there you need these modules: sch_sfq police cls_u32 sch_ingress sch_htb So if you can ''modprobe'' each of those without an error, you should have what you need. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV