Roberto C. Sánchez
2010-Mar-14 18:04 UTC
Bug#573847: shorewall-shell: Bandwidth limiting no longer works
On Sun, Mar 14, 2010 at 01:45:18PM +0100, Torquil Macdonald Sørensen wrote:> Package: shorewall-shell > Version: 4.4.7.5-1 > Severity: normal > > I have configured shorewall for bandwidth limiting, and this worked fine before. > Now it no longer works. The contents of my /etc/shorewall/tcdevices is > > eth1 800kbit 400kbit > > and eth1 is the interface of my wireless network card, which I use exclusively. > > ''iptables --list'' shows me that shorewall has been enabled, and the log file > /var/log/shorewall-init.log shows: > > .. > .. > .. > Mar 14 01:11:46 Adding rules for DHCP > Mar 14 01:11:46 Compiling TCP Flags filtering... > Mar 14 01:11:46 Compiling Kernel Route Filtering... > Mar 14 01:11:46 Compiling Martian Logging... > Mar 14 01:11:46 Compiling /etc/shorewall/tcdevices... > Mar 14 1:11:46 Tcdevice "eth1 800kbit 400kbit" Compiled. > Mar 14 01:11:46 Compiling MAC Filtration -- Phase 1... > Mar 14 01:11:46 Compiling /etc/shorewall/rules... > Mar 14 1:11:46 Rule "ACCEPT net fw tcp 8010" Compiled > Mar 14 1:11:46 Rule "ACCEPT net fw tcp 22" Compiled > ..Please provide the output of ''shorewall show tc'' as an attachment. Also, please keep the shorewall-users mailing list in the CC, as there are people there who use tc (I do not personally use it) and they will be able to provide further assistance. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
Torquil Macdonald Sørensen
2010-Mar-14 18:29 UTC
Bug#573847: shorewall-shell: Bandwidth limiting no longer works
Roberto C. Sánchez wrote:> On Sun, Mar 14, 2010 at 01:45:18PM +0100, Torquil Macdonald Sørensen wrote: >> Package: shorewall-shell >> Version: 4.4.7.5-1 >> Severity: normal >> >> I have configured shorewall for bandwidth limiting, and this worked fine before. >> Now it no longer works. The contents of my /etc/shorewall/tcdevices is >> >> eth1 800kbit 400kbit >> >> and eth1 is the interface of my wireless network card, which I use exclusively. >> >> ''iptables --list'' shows me that shorewall has been enabled, and the log file >> /var/log/shorewall-init.log shows: >> >> .. >> .. >> .. >> Mar 14 01:11:46 Adding rules for DHCP >> Mar 14 01:11:46 Compiling TCP Flags filtering... >> Mar 14 01:11:46 Compiling Kernel Route Filtering... >> Mar 14 01:11:46 Compiling Martian Logging... >> Mar 14 01:11:46 Compiling /etc/shorewall/tcdevices... >> Mar 14 1:11:46 Tcdevice "eth1 800kbit 400kbit" Compiled. >> Mar 14 01:11:46 Compiling MAC Filtration -- Phase 1... >> Mar 14 01:11:46 Compiling /etc/shorewall/rules... >> Mar 14 1:11:46 Rule "ACCEPT net fw tcp 8010" Compiled >> Mar 14 1:11:46 Rule "ACCEPT net fw tcp 22" Compiled >> .. > > Please provide the output of ''shorewall show tc'' as an attachment. > Also, please keep the shorewall-users mailing list in the CC, as there > are people there who use tc (I do not personally use it) and they will > be able to provide further assistance. > > Regards, > > -Roberto >Hi! I have attached the output of ''shorewall show tc'' as a text file. Thanks, Torquil Sørensen
Tom Eastep
2010-Mar-14 18:57 UTC
Re: Bug#573847: shorewall-shell: Bandwidth limiting no longer works
Torquil Macdonald Sørensen wrote:> Roberto C. Sánchez wrote: >> On Sun, Mar 14, 2010 at 01:45:18PM +0100, Torquil Macdonald Sørensen >> wrote: >>> Package: shorewall-shell >>> Version: 4.4.7.5-1 >>> Severity: normal >>> >>> I have configured shorewall for bandwidth limiting, and this worked >>> fine before. >>> Now it no longer works. The contents of my /etc/shorewall/tcdevices is >>> >>> eth1 800kbit 400kbit >>> >>> and eth1 is the interface of my wireless network card, which I use >>> exclusively. >>> >>> ''iptables --list'' shows me that shorewall has been enabled, and the >>> log file >>> /var/log/shorewall-init.log shows: >>> >>> .. >>> .. >>> .. >>> Mar 14 01:11:46 Adding rules for DHCP >>> Mar 14 01:11:46 Compiling TCP Flags filtering... >>> Mar 14 01:11:46 Compiling Kernel Route Filtering... >>> Mar 14 01:11:46 Compiling Martian Logging... >>> Mar 14 01:11:46 Compiling /etc/shorewall/tcdevices... >>> Mar 14 1:11:46 Tcdevice "eth1 800kbit 400kbit" Compiled. >>> Mar 14 01:11:46 Compiling MAC Filtration -- Phase 1... >>> Mar 14 01:11:46 Compiling /etc/shorewall/rules... >>> Mar 14 1:11:46 Rule "ACCEPT net fw tcp 8010" Compiled >>> Mar 14 1:11:46 Rule "ACCEPT net fw tcp 22" Compiled >>> .. >> >> Please provide the output of ''shorewall show tc'' as an attachment. >> Also, please keep the shorewall-users mailing list in the CC, as there >> are people there who use tc (I do not personally use it) and they will >> be able to provide further assistance. >> >> Regards, >> >> -Roberto >> > > Hi! I have attached the output of ''shorewall show tc'' as a text file. >That output shows no evidence of ANY traffic shaping configuration. Please: tar -czf shorewall.tgz /etc/shorewall Send the tarball as an attachment to upload@shorewall.net Thanks, -Tom -- -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
Torquil Macdonald Sørensen
2010-Mar-14 19:22 UTC
Bug#573847: shorewall-shell: Bandwidth limiting no longer works
Tom Eastep wrote:> Torquil Macdonald Sørensen wrote: >> Roberto C. Sánchez wrote: >>> On Sun, Mar 14, 2010 at 01:45:18PM +0100, Torquil Macdonald Sørensen >>> wrote: >>>> Package: shorewall-shell >>>> Version: 4.4.7.5-1 >>>> Severity: normal >>>> >>>> I have configured shorewall for bandwidth limiting, and this worked >>>> fine before. >>>> Now it no longer works. The contents of my /etc/shorewall/tcdevices is >>>> >>>> eth1 800kbit 400kbit >>>> >>>> and eth1 is the interface of my wireless network card, which I use >>>> exclusively. >>>> >>>> ''iptables --list'' shows me that shorewall has been enabled, and the >>>> log file >>>> /var/log/shorewall-init.log shows: >>>> >>>> .. >>>> .. >>>> .. >>>> Mar 14 01:11:46 Adding rules for DHCP >>>> Mar 14 01:11:46 Compiling TCP Flags filtering... >>>> Mar 14 01:11:46 Compiling Kernel Route Filtering... >>>> Mar 14 01:11:46 Compiling Martian Logging... >>>> Mar 14 01:11:46 Compiling /etc/shorewall/tcdevices... >>>> Mar 14 1:11:46 Tcdevice "eth1 800kbit 400kbit" Compiled. >>>> Mar 14 01:11:46 Compiling MAC Filtration -- Phase 1... >>>> Mar 14 01:11:46 Compiling /etc/shorewall/rules... >>>> Mar 14 1:11:46 Rule "ACCEPT net fw tcp 8010" Compiled >>>> Mar 14 1:11:46 Rule "ACCEPT net fw tcp 22" Compiled >>>> .. >>> Please provide the output of ''shorewall show tc'' as an attachment. >>> Also, please keep the shorewall-users mailing list in the CC, as there >>> are people there who use tc (I do not personally use it) and they will >>> be able to provide further assistance. >>> >>> Regards, >>> >>> -Roberto >>> >> Hi! I have attached the output of ''shorewall show tc'' as a text file. >> > > That output shows no evidence of ANY traffic shaping configuration. > > Please: > > tar -czf shorewall.tgz /etc/shorewall > Send the tarball as an attachment to upload@shorewall.net > > Thanks, > -TomAfter doing some more debugging, it seems that the bandwidth limit works better after doing a restart of shorewall, after my computer has started up. So it might be a Debian problem that causes this. I now noticed that the output of ''shorewall show tc'' is not the same when running after on shorewall restart. Maybe shorewall isn''t started correctly when the computer boots? I know shorewall is started automatically, as seen by the massive output of "iptables --list" after boot. Also, I have "startup=1" in my /etc/default/shorewall. Directly after startup, neither download or upload bandwidth are limited. After one restart of shorewall, the download speed is correctly limited, however the upload speed is not... In my current configuration, the limits according to ''tcdevices'' are supposed to be 400kbit/s down, 50kbit/s up. After startup, the results from the bandwidth test was around 1900kbit/s down and 400kbit/s up. After one restart, the results were around 400kbit/s down and the still the same speed up. After one manual shorewall restart, the output of ''shorewall show tc'' is: ********************************************************** Shorewall 4.4.7.5 Traffic Control at tmac - Sun Mar 14 20:19:02 CET 2010 Device eth0: qdisc pfifo_fast 0: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 Device eth1: qdisc htb 1: root refcnt 2 r2q 5 default 0 direct_packets_stat 3026 ver 3.17 Sent 834620 bytes 3026 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 qdisc ingress ffff: parent ffff:fff1 ---------------- Sent 1013552 bytes 2968 pkt (dropped 120, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 class htb 1:1 root prio 0 quantum 1250 rate 50000bit ceil 50000bit burst 1599b/8 mpu 0b overhead 0b cburst 1599b/8 mpu 0b overhead 0b level 0 Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 lended: 0 borrowed: 0 giants: 0 tokens: 3999984 ctokens: 3999984 ********************************************************* Does this contain "upload speed" limiting for eth1? As mentioned, this is after a manual shorewall restart, and therefore download limiting seems to work fine when this output was taken. My configuration has been sent to upload@shorewall.net as requested. Torquil -- To UNSUBSCRIBE, email to debian-bugs-dist-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Tom Eastep
2010-Mar-14 19:33 UTC
Re: Bug#573847: shorewall-shell: Bandwidth limiting no longer works
Torquil Macdonald Sørensen wrote:> After doing some more debugging, it seems that the bandwidth limit works > better after doing a restart of shorewall, after my computer has started > up. So it might be a Debian problem that causes this. > > I now noticed that the output of ''shorewall show tc'' is not the same > when running after on shorewall restart. > > Maybe shorewall isn''t started correctly when the computer boots? I know > shorewall is started automatically, as seen by the massive output of > "iptables --list" after boot. Also, I have "startup=1" in my > /etc/default/shorewall. >Have you recently added any packages? Possibly some other package is clearing your traffic shaping configuration (I''ve seen Snort do that, although not at startup).> Directly after startup, neither download or upload bandwidth are > limited. After one restart of shorewall, the download speed is correctly > limited, however the upload speed is not... In my current configuration, > the limits according to ''tcdevices'' are supposed to be 400kbit/s down, > 50kbit/s up.No -- your current configuration is limiting to 400kbits up. No download limiting because you have not defined any tcclasses.> > Does this contain "upload speed" limiting for eth1?No. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
Torquil Macdonald Sørensen
2010-Mar-14 19:54 UTC
Bug#573847: shorewall-shell: Bandwidth limiting no longer works
Tom Eastep wrote:> Torquil Macdonald Sørensen wrote: > >> After doing some more debugging, it seems that the bandwidth limit works >> better after doing a restart of shorewall, after my computer has started >> up. So it might be a Debian problem that causes this. >> >> I now noticed that the output of ''shorewall show tc'' is not the same >> when running after on shorewall restart. >> >> Maybe shorewall isn''t started correctly when the computer boots? I know >> shorewall is started automatically, as seen by the massive output of >> "iptables --list" after boot. Also, I have "startup=1" in my >> /etc/default/shorewall. >> > > Have you recently added any packages? Possibly some other package is > clearing your traffic shaping configuration (I''ve seen Snort do that, > although not at startup).It is possible, but not anything I remember at the moment. I''ll have to hunt around on my system a bit, and check more thoroughly what happens at boot-time. Although I now found something else in my /var/log/shorewall-init.log which I should have seen before. The log file ends with: Mar 14 20:24:14 Starting Shorewall.... 20:24:14 Initializing... Mar 14 20:24:14 Initializing... 20:24:14 Loading Modules... Mar 14 20:24:14 Loading Modules... 20:24:15 Setting up Route Filtering... Mar 14 20:24:15 Setting up Route Filtering... 20:24:15 Setting up Martian Logging... Mar 14 20:24:15 Setting up Martian Logging... 20:24:15 Setting up Traffic Control... Mar 14 20:24:15 Setting up Traffic Control... WARNING: Device eth1 is not in the UP state -- traffic-shaping configuration skipped 20:24:15 Preparing iptables-restore input... Mar 14 20:24:15 Preparing iptables-restore input... 20:24:15 Running /sbin/iptables-restore... Mar 14 20:24:15 Running /sbin/iptables-restore... 20:24:15 done. Mar 14 20:24:15 done. So this clearly warns about the problem. I guess this is likely related to the fact that I''m using Network-Manager to activate my wireless network eth1? Maybe I need to change my setup, although I though that this worked before...> >> Directly after startup, neither download or upload bandwidth are >> limited. After one restart of shorewall, the download speed is correctly >> limited, however the upload speed is not... In my current configuration, >> the limits according to ''tcdevices'' are supposed to be 400kbit/s down, >> 50kbit/s up. > > No -- your current configuration is limiting to 400kbits up. No download > limiting because you have not defined any tcclasses.Hm, I guess I don''t understand how to configure this then. I''ll have to study the man pages some more! Thanks for all your help, I really appreciate it. Torquil -- To UNSUBSCRIBE, email to debian-bugs-dist-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Tom Eastep
2010-Mar-14 20:01 UTC
Re: Bug#573847: shorewall-shell: Bandwidth limiting no longer works
Torquil Macdonald Sørensen wrote:> Mar 14 20:24:15 Setting up Traffic Control... > WARNING: Device eth1 is not in the UP state -- traffic-shaping > configuration skipped> > So this clearly warns about the problem. I guess this is likely related > to the fact that I''m using Network-Manager to activate my wireless > network eth1?Yes -- your eth1 device is not started until you log in. Maybe I need to change my setup, although I though that> this worked before... >I can''t believe that it did.> > Hm, I guess I don''t understand how to configure this then. I''ll have to > study the man pages some more! >Complex Traffic Shaping (which you are trying to use) is documented extensively at http://www.shorewall.net/traffic_shaping.htm. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
Torquil Macdonald Sørensen
2010-Mar-14 20:06 UTC
Bug#573847: shorewall-shell: Bandwidth limiting no longer works
Tom Eastep wrote:> Torquil Macdonald Sørensen wrote: > >> Mar 14 20:24:15 Setting up Traffic Control... >> WARNING: Device eth1 is not in the UP state -- traffic-shaping >> configuration skipped > >> So this clearly warns about the problem. I guess this is likely related >> to the fact that I''m using Network-Manager to activate my wireless >> network eth1? > > Yes -- your eth1 device is not started until you log in. > > Maybe I need to change my setup, although I though that >> this worked before... >> > > I can''t believe that it did.Me neither... :-) I must have restarted shorewall back then aswell.>> Hm, I guess I don''t understand how to configure this then. I''ll have to >> study the man pages some more! >> > > Complex Traffic Shaping (which you are trying to use) is documented > extensively at http://www.shorewall.net/traffic_shaping.htm. > > -TomThanks, I think I''ll be able to get this working after some reconfiguration .I even found a shorewall FAQ item for configuring shorewall and network manager. Thanks again, Tom Torquil -- To UNSUBSCRIBE, email to debian-bugs-dist-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Roberto C. Sánchez
2010-Mar-14 20:11 UTC
Bug#573847: shorewall-shell: Bandwidth limiting no longer works
On Sun, Mar 14, 2010 at 09:06:41PM +0100, Torquil Macdonald Sørensen wrote:> > Thanks, I think I''ll be able to get this working after some > reconfiguration .I even found a shorewall FAQ item for configuring > shorewall and network manager. > > Thanks again, Tom > > TorquilThen can we consider this to not be a bug after all? Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com