Hi! I am quite new to shorewall - worked a lot with isa 2004 -, but while I found it easy to config, still i have a question: My FW config is following: eth0 fix ip 40/40mbs Internet eth1 fix ip 100Mbps DMZ (192.168.100.0/24) (we host websites) eth2 fix ip 100Mbps Local net with dhcp (192.168.101.0/24) eth3 fix ip 100Mbps sales net with dhcp (lot less allowed than local net) (192.168.102.0/24) I got this config to work already. My question begins here: I was asked to limit the bandwidth of the users on Local and Sales have towards and from the Internet to 1mbps/1mbps each. (So that users dont eat the bandwidth) Browsing the website i found the following solution: make classes for each ip and make rules for them (i did the tables with TAB-s, just i couldn't get it to work with my webmail) 1. Set TC_ENABLED to Internal in shorewall.conf 2. make a tcdevices file looking like this: #INTERFACE IN-BANDWITH OUT-BANDWIDTH eth0 40mbps 40mbps eth2 100mbps 100mbps 3. make a tcclasses file looking like this #INTERFACE MARK RATE CEIL PRIORITY OPTIONS eth0 1 full full 1 default eth2 1 full full 1 default eth0 2 100kbps 1mbps 2 eth2 2 100kbps 1mbps 2 eth0 3 100kbps 1mbps 2 eth2 3 100kbps 1mbps 2 eth0 4 100kbps 1mbps 2 eth2 4 100kbps 1mbps 2 ... 4. make a tcrules file looking like this #MARK SOURCE DESTINATION PROTIOCOL PORT(s) 2:F 192.168.101.11 eth0 all 2:F eth0 192.168.101.11 all 3:F 192.168.101.12 eth0 all 3:F eth0 192.168.101.12 all 4:F 192.168.101.13 eth0 all 4:F eth0 192.168.101.13 all ... Is This configuration correct? Becouse this means i have to create shedloads of classes! I can have around 500 Clients in the DHCP ranges, but in the description of the website, it is mentioned that 256 classes is the max..... Is there any other way to do this? thx 4 the help (in advance 8)) ) Laszlo Balogh ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
László Balogh wrote:> Hi! > > I am quite new to shorewall - worked a lot with isa 2004 -, > but while I found it easy to config, still i have a question: > > My FW config is following: > > eth0 fix ip 40/40mbs Internet > eth1 fix ip 100Mbps DMZ (192.168.100.0/24) (we host websites) > eth2 fix ip 100Mbps Local net with dhcp (192.168.101.0/24 > eth3 fix ip 100Mbps sales net with dhcp (lot less allowed than local > net) (192.168.102.0/24) > > I got this config to work already. > > My question begins here: > > I was asked to limit the bandwidth of the users on Local and Sales > have towards and from the Internet to 1mbps/1mbps each. (So that > users dont eat the bandwidth)HTB (the queuing discipline used by Shorewall) is ill-suited for implementing this Draconian policy. It is rather intended to allocate bandwidth by type of traffic rather than by individual host. SFQ is then used within each HTB class to ensure fairness. Limiting each user to 1mbps: a) Makes all users suffer for the sins of a few b) Ensures that the internet link will be under-utilized much of the time. c) Does nothing to help when the system is really busy (more than 40 users downloading large files simultaneously).> Browsing the website i found the following solution: > make classes for each ip and make rules for them > > (i did the tables with TAB-s, just i couldn''t get it to work with my webmail) >And I''ve deleted them in my response since my mailer made them totally unreadable.> > Is This configuration correct?No. The sum of the RATE column for each interface exceeds the OUT-BANDWIDTH for the interface. The RATE column specifies what you GUARANTEE each class, no matter how congested the link is, so the sum of the numbers in that column cannot exceed the OUT-BANDWIDTH.> > Becouse this means i have to create shedloads of classes! > I can have around 500 Clients in the DHCP ranges, > but in the description of the website, it is mentioned that > 256 classes is the max.....Again, HTB in general (and Shorewall''s use of it in particular) is ill-suited for implementing your policy. But then, your policy is a poor one IMO. One additional note about Shorewall traffic shaping. SFQ, by default, assures fairness within *flows* which correspond closely to TCP connections. So it is possible for a single user to dominate a particular class by having many flows. You can use CONNLIMIT in your policy and rules file to limit the number of outgoing connections that each local station can have but a better solution would be for Shorewall to use the *flow* classifier to cause SFQ to ensure fairness between local systems rather than connections. Unfortunately, we have been unable to make that classifier work correctly, but hopefully we will have that feature available soon. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------
Hello!> László Balogh wrote: >> Hi! >> >> I am quite new to shorewall - worked a lot with isa 2004 -, >> but while I found it easy to config, still i have a question: >> >> My FW config is following: >> >> eth0 fix ip 40/40mbs Internet >> eth1 fix ip 100Mbps DMZ (192.168.100.0/24) (we host websites) >> eth2 fix ip 100Mbps Local net with dhcp (192.168.101.0/24 >> eth3 fix ip 100Mbps sales net with dhcp (lot less allowed than local >> net) (192.168.102.0/24) >> >> I got this config to work already. >> >> My question begins here: >> >> I was asked to limit the bandwidth of the users on Local and Sales >> have towards and from the Internet to 1mbps/1mbps each. (So that >> users dont eat the bandwidth) > > HTB (the queuing discipline used by Shorewall) is ill-suited for > implementing this Draconian policy. It is rather intended to allocate > bandwidth by type of traffic rather than by individual host. SFQ is then > used within each HTB class to ensure fairness. > > Limiting each user to 1mbps: > > a) Makes all users suffer for the sins of a few > b) Ensures that the internet link will be under-utilized much of the time. > c) Does nothing to help when the system is really busy (more than 40 > users downloading large files simultaneously).Well, I forgot to mention background information about the company. We host websites that are used for webmail and client access and having enough bandwidth for those is the primary thing. Most of the users don't have anything to do on the internet. Even if the users go on the net, they shouldn't be able to eat bandwidth. Secondary, i have to deal with private used laptops, and there have been cases on infected hardware eating all the bandwidth (botnet client), that is why i have to limit each user to a maximum of bandwidth. (closing all unnecessary ports is not an option, regretfully)>> Browsing the website i found the following solution: >> make classes for each ip and make rules for them >> >> (i did the tables with TAB-s, just i couldn't get it to work with my webmail) >> > And I've deleted them in my response since my mailer made them totally > unreadable.I will ll try to paste them again with one space between each word. tcdevices #INTERFACE IN-BANDWITH OUT-BANDWIDTH eth0 40mbps 40mbps eth2 100mbps 100mbps tcclasses #INTERFACE MARK RATE CEIL PRIORITY OPTIONS eth0 1 full full 1 default eth2 1 full full 1 default eth0 2 100kbps 1mbps 2 eth2 2 100kbps 1mbps 2 eth0 3 100kbps 1mbps 2 eth2 3 100kbps 1mbps 2 eth0 4 100kbps 1mbps 2 eth2 4 100kbps 1mbps 2 tcrules #MARK SOURCE DESTINATION PROTIOCOL PORT(s) 2:F 192.168.101.11 eth0 all 2:F eth0 192.168.101.11 all 3:F 192.168.101.12 eth0 all 3:F eth0 192.168.101.12 all 4:F 192.168.101.13 eth0 all 4:F eth0 192.168.101.13 all ...>> >> Is This configuration correct? > > No. The sum of the RATE column for each interface exceeds the > OUT-BANDWIDTH for the interface. The RATE column specifies what you > GUARANTEE each class, no matter how congested the link is, so the sum of > the numbers in that column cannot exceed the OUT-BANDWIDTH.Do you mean that this works, but if more than 40 users use the 1 mbit, then traffic shaping becomes useless, or do you mean that shorewall won't even accept it? We currently have about 20 workers, so i thought later i 'll adjust the numbers.>> Becouse this means i have to create shedloads of classes! >> I can have around 500 Clients in the DHCP ranges, >> but in the description of the website, it is mentioned that >> 256 classes is the max..... > > Again, HTB in general (and Shorewall's use of it in particular) is > ill-suited for implementing your policy. But then, your policy is a poor > one IMO.Well, it is my first go at it, i didn't expect to master it in one night. The problem is that shorewall is already implemented. I have to add this to it as an extra. If u know any other sw that works beside shorewall and is better suited, please write and url.> One additional note about Shorewall traffic shaping. SFQ, by default, > assures fairness within *flows* which correspond closely to TCP > connections. So it is possible for a single user to dominate a > particular class by having many flows. You can use CONNLIMIT in your > policy and rules file to limit the number of outgoing connections that > each local station can have but a better solution would be for Shorewall > to use the *flow* classifier to cause SFQ to ensure fairness between > local systems rather than connections. Unfortunately, we have been > unable to make that classifier work correctly, but hopefully we will > have that feature available soon.(TT_TT) My boss wouldn't be able to digest that he can only have x pieces of net connections, plus we have software that opens a lot of connections to the net (while not eating much bandwidth.).> -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > >Thx 4 your answer Laszlo Balogh ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
László Balogh wrote:> Well, I forgot to mention background information about the company. > We host websites that are used for webmail and client access > and having enough bandwidth for those is the primary thing. > Most of the users don''t have anything to do on the internet. > Even if the users go on the net, they shouldn''t be able to eat > bandwidth. > > Secondary, i have to deal with private used laptops, > and there have been cases on infected hardware eating all the > bandwidth (botnet client), that is why i have to limit each user to a maximum > of bandwidth. (closing all unnecessary ports is not an option, regretfully)Then Shorewall''s traffic shaping does not offer you a workable solution.> >>> Browsing the website i found the following solution: >>> make classes for each ip and make rules for them >>> >>> (i did the tables with TAB-s, just i couldn''t get it to work with my webmail) >>> >> And I''ve deleted them in my response since my mailer made them totally >> unreadable. > > I will ll try to paste them again with one space between each word. > > tcdevices > #INTERFACE IN-BANDWITH OUT-BANDWIDTH > eth0 40mbps 40mbps > eth2 100mbps 100mbps > > tcclasses > #INTERFACE MARK RATE CEIL PRIORITY OPTIONS > eth0 1 full full 1 default > eth2 1 full full 1 default > eth0 2 100kbps 1mbps 2 > eth2 2 100kbps 1mbps 2 > eth0 3 100kbps 1mbps 2 > eth2 3 100kbps 1mbps 2 > eth0 4 100kbps 1mbps 2 > eth2 4 100kbps 1mbps 2 > > tcrules > #MARK SOURCE DESTINATION PROTIOCOL PORT(s) > 2:F 192.168.101.11 eth0 all > 2:F eth0 192.168.101.11 all > 3:F 192.168.101.12 eth0 all > 3:F eth0 192.168.101.12 all > 4:F 192.168.101.13 eth0 all > 4:F eth0 192.168.101.13 all > ... > > >>> Is This configuration correct? >> No. The sum of the RATE column for each interface exceeds the >> OUT-BANDWIDTH for the interface. The RATE column specifies what you >> GUARANTEE each class, no matter how congested the link is, so the sum of >> the numbers in that column cannot exceed the OUT-BANDWIDTH. > > Do you mean that this works, but if more than 40 users use the 1 mbit, then > traffic shaping becomes useless, or do you mean that shorewall won''t > even accept it?No -- I mean this won''t work at all. You are guaranteeing ALL OF THE BANDWIDTH to the default class (''full'' in the RATE column). So there is none left over for the other classes. When HTB is configured like this, it just plain doesn''t work.> > If u know any other sw that works beside shorewall and is better suited, > please write and url.I know of no good solution on Linux that scales to 100s of internal systems. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------
Hello again! Well, I forgot to mention background information about the company. We host websites that are used for webmail and client access and having enough bandwidth for those is the primary thing. Most of the users don''t have anything to do on the internet. Even if the users go on the net, they shouldn''t be able to eat bandwidth. Secondary, i have to deal with private used laptops, and there have been cases on infected hardware eating all the bandwidth (botnet client), that is why i have to limit each user to a maximum of bandwidth. (closing all unnecessary ports is not an option, regretfully) Then Shorewall''s traffic shaping does not offer you a workable solution. Ok, I think I get what you are suggesting. But if I make one class per subnet (for eaxmple sales), then it would work, not? (Saying I don''t care about how the bandwidth gets divided in a subnet) Browsing the website i found the following solution: make classes for each ip and make rules for them (i did the tables with TAB-s, just i couldn''t get it to work with my webmail) And I''ve deleted them in my response since my mailer made them totally unreadable. I will ll try to paste them again with one space between each word. tcdevices #INTERFACE IN-BANDWITH OUT-BANDWIDTH eth0 40mbps 40mbps eth2 100mbps 100mbps Ok, I updated the tcclasses table tcclasses #INTERFACE MARK RATE CEIL PRIORITY OPTIONS eth0 1 10mbps full 1 default eth2 1 10mbps full 1 default eth0 2 100kbps 1mbps 2 eth2 2 100kbps 1mbps 2 eth0 3 100kbps 1mbps 2 eth2 3 100kbps 1mbps 2 eth0 4 100kbps 1mbps 2 eth2 4 100kbps 1mbps 2 tcrules #MARK SOURCE DESTINATION PROTIOCOL PORT(s) 2:F 192.168.101.11 eth0 all 2:F eth0 192.168.101.11 all 3:F 192.168.101.12 eth0 all 3:F eth0 192.168.101.12 all 4:F 192.168.101.13 eth0 all 4:F eth0 192.168.101.13 all ... Is This configuration correct? No. The sum of the RATE column for each interface exceeds the OUT-BANDWIDTH for the interface. The RATE column specifies what you GUARANTEE each class, no matter how congested the link is, so the sum of the numbers in that column cannot exceed the OUT-BANDWIDTH. Do you mean that this works, but if more than 40 users use the 1 mbit, then traffic shaping becomes useless, or do you mean that shorewall won''t even accept it? No -- I mean this won''t work at all. You are guaranteeing ALL OF THE BANDWIDTH to the default class (''full'' in the RATE column). So there is none left over for the other classes. When HTB is configured like this, it just plain doesn''t work. So if I keep the bandwidth of all the classes under 40Mbps(in my case) then it would work. If u know any other sw that works beside shorewall and is better suited, please write and url. I know of no good solution on Linux that scales to 100s of internal systems. -Tom I am thinking about keeping about 30 classes for tha local net, (dhcp is configured to serve these adresses first and we have like 15-20 many clients today) and one class for the sales net. The rates would be: 30*100kbps=~ 3mbps for local net 10mbps for deafult 1mbps for sales and i am still under 40mbps. rule 1 for default rule 2-31 for local rule 32 for sales net tcdevices #INTERFACE IN-BANDWITH OUT-BANDWIDTH eth0 40mbps 40mbps eth2 100mbps 100mbps tcclasses #INTERFACE MARK RATE CEIL PRIORITY OPTIONS eth0 1 10mbps full 1 default eth2 1 10mbps full 1 default eth0 2 100kbps 1mbps 2 eth2 2 100kbps 1mbps 2 eth0 3 100kbps 1mbps 2 eth2 3 100kbps 1mbps 2 eth0 4 100kbps 1mbps 2 eth2 4 100kbps 1mbps 2 ... eth0 31 100kbps 1mbps 2 eth2 31 100kbps 1mbps 2 eth0 32 1mbps 5mbps 3 eth0 32 1mbps 5mbps 3 tcrules #MARK SOURCE DESTINATION PROTIOCOL PORT(s) 2:F 192.168.101.11 eth0 all 2:F eth0 192.168.101.11 all 3:F 192.168.101.12 eth0 all 3:F eth0 192.168.101.12 all 4:F 192.168.101.13 eth0 all 4:F eth0 192.168.101.13 all ... 31:F 192.168.101.40 eth0 all 31:F eth0 192.168.101.40 all 32:F 192.168.102.0/24 eth0 all 32:F eth0 192.168.102.0/24 all So do I get it right this time? Laszlo Balogh P.S.: sorry for my thickheadedness, and thank you for your patience --===============7960839951841045184=Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline ------------------------------------------------------------------------------ --===============7960839951841045184=Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
Balogh László wrote:> Ok, I think I get what you are suggesting. But if I make one class > per subnet (for eaxmple sales), > then it would work, not? (Saying I don''t care about how the bandwidth > gets divided in a subnet) >That will work.> So if I keep the bandwidth of all the classes under 40Mbps(in my case) > then it would work.The sum of the RATEs for eth0 must be less than or equal to 40Mpbs.> I am thinking about keeping about 30 classes for tha local net, > (dhcp is configured to serve these adresses first and we have > like 15-20 many clients today) > and one class for the sales net. > > The rates would be: > 30*100kbps=~ 3mbps for local net > 10mbps for deafult > 1mbps for sales > > and i am still under 40mbps. > > rule 1 for default > rule 2-31 for local > rule 32 for sales netrule 1 - RESTORE connection mark rule 2 - CONTINUE if mark is non-zero rule 3 - for default rule 4-33 - for local rule 34 for sales net rule 35 SAVE> > tcdevices > #INTERFACE IN-BANDWITH OUT-BANDWIDTH > eth0 40mbps 40mbps > eth2 100mbps 100mbps > > tcclasses > #INTERFACE MARK RATE CEIL PRIORITY OPTIONS > eth0 1 10mbps full 1 default > eth2 1 10mbps full 1 default > eth0 2 100kbps 1mbps 2 > eth2 2 100kbps 1mbps 2 > eth0 3 100kbps 1mbps 2 > eth2 3 100kbps 1mbps 2 > eth0 4 100kbps 1mbps 2 > eth2 4 100kbps 1mbps 2 > ... > eth0 31 100kbps 1mbps 2 > eth2 31 100kbps 1mbps 2 > eth0 32 1mbps 5mbps 3 > eth0 32 1mbps 5mbps 3 > > tcrules > #MARK SOURCE DESTINATION PROTIOCOL PORT(s) > 2:F 192.168.101.11 eth0 all > 2:F eth0 192.168.101.11 all > 3:F 192.168.101.12 eth0 all > 3:F eth0 192.168.101.12 all > 4:F 192.168.101.13 eth0 all > 4:F eth0 192.168.101.13 all > ... > 31:F 192.168.101.40 eth0 all > 31:F eth0 192.168.101.40 all > 32:F 192.168.102.0/24 eth0 all > 32:F eth0 192.168.102.0/24 all >See my suggestion above.> > So do I get it right this time? >Getting close. -Tom -- Tom Eastep \ The ultimate result of shielding men from the effects of Shoreline, \ folly is to fill the world with fools. Washington, USA \ -- Herbert Spencer ------------------------------------------------------------------------ http://www.shorewall.net ------------------------------------------------------------------------------
Hello again! I looked up the Packet Marking using /etc/shorewall/tcrules section on the website, to understand the RESTORE CONTINUE SAVE part that you mentioned , so i try to correct my tcrules config.> rule 1 - RESTORE connection mark > rule 2 - CONTINUE if mark is non-zero > rule 3 - for default > rule 4-33 - for local > rule 34 for sales net > rule 35 SAVE > > > > > tcdevices > > #INTERFACE IN-BANDWITH OUT-BANDWIDTH > > eth0 40mbps 40mbps > > eth2 100mbps 100mbps > > > > tcclasses > > #INTERFACE MARK RATE CEIL PRIORITY OPTIONS > > eth0 1 10mbps full 1 default > > eth2 1 10mbps full 1 default > > eth0 2 100kbps 1mbps 2 > > eth2 2 100kbps 1mbps 2 > > eth0 3 100kbps 1mbps 2 > > eth2 3 100kbps 1mbps 2 > > eth0 4 100kbps 1mbps 2 > > eth2 4 100kbps 1mbps 2 > > ... > > eth0 31 100kbps 1mbps 2 > > eth2 31 100kbps 1mbps 2 > > eth0 32 1mbps 5mbps 3 > > eth0 32 1mbps 5mbps 3 > > > > tcrules > > #MARK SOURCE DESTINATION PROTIOCOL PORT(s) > > 2:F 192.168.101.11 eth0 all > > 2:F eth0 192.168.101.11 all > > 3:F 192.168.101.12 eth0 all > > 3:F eth0 192.168.101.12 all > > 4:F 192.168.101.13 eth0 all > > 4:F eth0 192.168.101.13 all > > ... > > 31:F 192.168.101.40 eth0 all > > 31:F eth0 192.168.101.40 all > > 32:F 192.168.102.0/24 eth0 all > > 32:F eth0 192.168.102.0/24 all > >So I corrected it to the following: #MARK SOURCE DEST PROTO PORT(S) CLIENT USER TEST LENGTH TOS # RESTORE 0.0.0.0/0 0.0.0.0/0 all CONTINUE 0.0.0.0/0 0.0.0.0/0 all - - - !0 2:F 192.168.101.11 eth0 all 2:F eth0 192.168.101.11 all 3:F 192.168.101.12 eth0 all 3:F eth0 192.168.101.12 all 4:F 192.168.101.13 eth0 all 4:F eth0 192.168.101.13 all ... 31:F 192.168.101.40 eth0 all 31:F eth0 192.168.101.40 all 32:F 192.168.102.0/24 eth0 all 32:F eth0 192.168.102.0/24 all SAVE 0.0.0.0/0 0.0.0.0/0 all Although... I don''t know if I surely understand what I have done here.... Does it mean that the first rule (restore)resets the mark to zero so that the bandwidth management rules can process it, and the last rule (SAVE) hardwires this mark into the remaining packets of the connection, so that those packets don''t get processed by the by the bandwidth control rules anymore, couse of the second (continue) rule? Or is it that the rest of the packets get their mark reseted to zero every time they arrive on the $FW? Why use Save then? I hope I am getting closer. Laszlo Balogh ------------------------------------------------------------------------------
László Balogh wrote:> > So I corrected it to the following: > > #MARK SOURCE DEST PROTO PORT(S) CLIENT USER > TEST LENGTH TOS > # > RESTORE 0.0.0.0/0 0.0.0.0/0 allRESTORE:F 0.0.0.0/0 0.0.0.0/0 # RESTORE ANY MARK PREVIOUSLY SAVED BELOW # IF THERE WAS SUCH A MARK, IT IS NOW # THE PACKET''S MARK> CONTINUE 0.0.0.0/0 0.0.0.0/0 all - - - !0CONTINUE 0.0.0.0/0 0.0.0.0/0 all - - - !0 # IF THE PACKET IS NOW MARKED, # DON''T RUN THE CHAIN OF # RULES AGAIN> 2:F 192.168.101.11 eth0 all > 2:F eth0 192.168.101.11 all > 3:F 192.168.101.12 eth0 all > 3:F eth0 192.168.101.12 all > 4:F 192.168.101.13 eth0 all > 4:F eth0 192.168.101.13 all > ... > 31:F 192.168.101.40 eth0 all > 31:F eth0 192.168.101.40 all > 32:F 192.168.102.0/24 eth0 all > 32:F eth0 192.168.102.0/24 all > SAVE 0.0.0.0/0 0.0.0.0/0 allSAVE:F 0.0.0.0/0 0.0.0.0/0 # SAVE THE MARK WE MADE ON THIS PACKET IN # IN THE CONNECTION SO THAT WE DON''T HAVE # TO PASS *EVERY PACKET IN THE # CONNECTION* THROUGH THE SAME SET OF 64 # RULES!!! -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------
Tom Eastep wrote:> > CONTINUE 0.0.0.0/0 0.0.0.0/0 all - - - !0 # IF THE PACKET IS NOW MARKED, > # DON''T RUN THE CHAIN OF > # RULES AGAINCONTINUE s/b CONTINUE:F -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------
Hello! About the TC configuration. I had some debugging to do, the tc files didn''t accept mbps and kbps bandwidths. kbit works. I run it on ubuntu 8.04, and my version number is: 4.0.12 Laszlo Balogh Tom Eastep írta:> Tom Eastep wrote: > >> CONTINUE 0.0.0.0/0 0.0.0.0/0 all - - - !0 # IF THE PACKET IS NOW MARKED, >> # DON''T RUN THE CHAIN OF >> # RULES AGAIN >> > > CONTINUE s/b CONTINUE:F > > -Tom > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------------ > > ------------------------------------------------------------------------ > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com
Balogh László wrote:> Hello! > > About the TC configuration. > > I had some debugging to do, > the tc files didn''t accept mbps and kbps > bandwidths. kbit works. > > I run it on ubuntu 8.04, and my version > number is: > 4.0.12Shorewall-shell or Shorewall-perl? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com
Shorewall-shell 4.0.12 The debian package Laszlo Balogh Tom Eastep írta: Balogh László wrote: Hello! About the TC configuration. I had some debugging to do, the tc files didn''t accept mbps and kbps bandwidths. kbit works. I run it on ubuntu 8.04, and my version number is: 4.0.12 Shorewall-shell or Shorewall-perl? -Tom ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. 300 plus technical and hands-on sessions. Register today. Use priority code J9JMT32. http://p.sf.net/sfu/p