Florian Eitel
2012-Sep-26 13:52 UTC
Error message starting Shorewall with TC simple enabled
Hi, Hi, I get an error with TC Simple. System: shorewall 4.5.6.2 kernel 3.5.3 iptables 1.4.13 xtables 1.45 iproute2 3.5.1 OS: gentoo/linux amd64 when shorewall executes this command: tc filter add dev eth0 protocol all prio 1 parent 1011: handle 1011 flow hash keys nfct-src divisor 1024 It fails with this error: RTNETLINK answers: No such file or directory We have an error talking to the kernel All modules mentioned in http://www.shorewall.net/FAQ.htm#TC are loaded With empty tcinterfaces it gets no error. Content of tcinterfaces: #INTERFACE TYPE IN-BANDWIDTH OUT-BANDWIDTH eth0 External 3mbit 256kbit With empty tcpri same error. Content of tcprio: #BAND PROTO PORT(S) ADDRESS IN-INTERFACE HELPER 1 - - - br0 sip COMMENT Bit Torrent is in band 3 3 ipp2p:all bit COMMENT 2 udp 53 COMMENT And place echo requests in band 1 to avoid false line-down reports 1 icmp 8 COMMENT shorewall dump: http://indeedgeek.de/~feitel/tmp/shorewall_dump shorewall trace restart: http://indeedgeek.de/~feitel/tmp/shorewall_restart_trace Interfaces: eth0 - uplink wlan0 - wifi eth1 - wired br0 - bridge over wlan0 & eth1 Something I can try to get around this error? Thanks, Flo ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
Tom Eastep
2012-Sep-26 14:24 UTC
Re: Error message starting Shorewall with TC simple enabled
On 09/26/2012 06:52 AM, Florian Eitel wrote:> Hi, > > Hi, I get an error with TC Simple. > > System: > shorewall 4.5.6.2 > kernel 3.5.3 > iptables 1.4.13 > xtables 1.45 > iproute2 3.5.1 > OS: gentoo/linux amd64 > > > when shorewall executes this command: > > tc filter add dev eth0 protocol all prio 1 parent 1011: handle 1011 flow hash keys nfct-src divisor 1024 > > It fails with this error: > > RTNETLINK answers: No such file or directory > We have an error talking to the kernel > > > > All modules mentioned in http://www.shorewall.net/FAQ.htm#TC are loaded > > > > With empty tcinterfaces it gets no error. > > Content of tcinterfaces: > > #INTERFACE TYPE IN-BANDWIDTH OUT-BANDWIDTH > eth0 External 3mbit 256kbit > > > > With empty tcpri same error. > > Content of tcprio: > > #BAND PROTO PORT(S) ADDRESS IN-INTERFACE > HELPER > 1 - - - br0 > sip > > COMMENT Bit Torrent is in band 3 > 3 ipp2p:all bit > COMMENT > > 2 udp 53 > > COMMENT And place echo requests in band 1 to avoid false line-down reports > 1 icmp 8 > COMMENT > > shorewall dump: http://indeedgeek.de/~feitel/tmp/shorewall_dump > shorewall trace restart: http://indeedgeek.de/~feitel/tmp/shorewall_restart_trace > > Interfaces: > eth0 - uplink > wlan0 - wifi > eth1 - wired > br0 - bridge over wlan0 & eth1 > > > Something I can try to get around this error?Is the ''cls_flow'' module loaded? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
Florian Eitel
2012-Sep-26 15:07 UTC
Re: Error message starting Shorewall with TC simple enabled
Hi, * Tom Eastep <teastep@shorewall.net> [2012-09-26 16:31]:> Is the ''cls_flow'' module loaded?Yes, this was the issue. Sorry for my stupid Question. And thanks for your fast help! Flo ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today''s security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/