similar to: Running Shorewall with WonderShaper on a dual-ISP setup.

Season Greetings to all Tom, in your faq, u have this noted: While I am currently using the HTB version of The Wonder Shaper (I just copied wshaper.htb to /etc/shorewall/tcstart and modified it as shown in the Wondershaper README), I treid this with wondershaper, using Bearing Leaf 1.0 stable i even changed the tc command to run_tc, and tried it in both angles, and i receive the following..

Question to the list, Has anyone here had experience using Shorewall (multi-isp configuration) with Snort inline? First, is this possible? Second, if anyone has done this, what documentation, if any did they use to set it up? Third, does snort have to run inline on a firewall (I''m under the impression it does)?

Hi, first of all, let me thank you for your great Shoreline Firewall. I use it with great success at home (protecting my WiFi connection). And now if I could have a question about traffic shaping. I did read everything I could find but I still have two problems: first, the MARK from tcrules is not working in HTB based simple tc filter line ("handle $MARK fw classid 1:20"). If I switch

Hi Guys, I''m asking this question again because I have exhausted resources for understanding how to get it to work. I''ve read the howto on getting traffic shaping to work (shorewall''s web site) as well as trying out wondershaper''s htb and cbq scripts. Somehow both does not seem to happen as I want it to. I''ve also read through the lartc

Hi all, I moved wshaper 1.1 cbq file to tcstart, but none of my tcrules are being observed. The only way I can set the marks is by editing the tcstart file. Is there a way to incorporate for tcstart to read and apply my set marks in tcrules? Thank you, ~Andrew Nady.

I don''t know whether this is the right place to ask, but kindly point me to an FM that I can R if it isn''t. My wife is creating lots of Kazaa traffic, and I am using rsync to create a full mirror of Red Hat''s FTP site, Aurora Linux FTP site, the LDP site, and some other stuff. Clearly, when one is moving well over 100GB over a 128 Kbps link, this is going to take a

I'm attempting to get a recent build of S4 rc5 + Bind9 + ISC DHCP server running. I've got everything pretty much set up, have attempted to implement a modified version of the script from here: http://blog.michael.kuron-germany.de/2011/02/isc-dhcpd-dynamic-dns-updates-against-secure-microsoft-dns/ but I keep getting a "TKEY is unacceptable" error. I've even attempted to

Hello, Today I restarted the firewall machine during an outage of the ADSL line overhere. At the boot Shorewall did not start but stopped during start. The problem was that the ADSL line was down so no DNS server available to resolve hostnames. I have a hostname in "blacklist" file and therefore shorewall did not start. Is this problem solvable without putting an IP address in the

Hi, I just installed wondershapper 1.1a on my ipcop firewall box. I have roadrunner cable with a ftp server setup. My download speed is 2mbit (I get 225 KBytes) and my upload is 384kbit (I send at 43 KBytes). What should the settings in wshaper? I can ping yahoo.com at 90msec with little traffic.....and at around 220msec with full upload traffic. Mark

While I was doing come compatibility testing with various shells, I noticed the following: Using /bin/sh (which is ''bash'' on my RedHat installation): Shorewall Restarted real 0m21.246s user 0m9.650s sys 0m11.460s Using /bin/ash: Shorewall Restarted real 0m9.054s user 0m3.880s sys 0m5.070s The version of ash that I used is the one available from the

greetings all, i''ve searched high and low for this, but can''t seem to find an answer anywhere.. having read the docs and the wondershaper script itself, it occurred to me that the documentation promises an immediate drop in interactive app latency, specifically mentioning SSH as a big winner. however, looking through the script i can''t really tell just *how*

So after reading the traffic control documentation at shorewall.net I am a little confused. I don''t understand how to use the tcrules file. What I would ideally like to do is setup htb on a per user basis (either by IP or MAC address). If anybody has any hints on the best way to do this or is willing to explain the use of tcrules file a little better (how I could mark it per IP or MAC)

Hi everybody! I know this discussion list isn´t just about wondershaper, but i think someone can help me. I used to have a linux box running red hat 8, as firewall on my lan. I upgraded to debian 3.0 and tried to use the same wondershaper files under debian, but, when i run wondershaper on ppp0 device, it just stops transfering. Remember: its the same files i used with success under red hat 8.

Hello Thilo, What did you find superior with CBQ-wondershaper over HTB-wondershaper? We have not been using wondershaper specifically but our simple tests so far seem to show that htb is much easier to configure for a given target shape (i.,e accurate) compared to CBQ. Torsten -----Original Message----- From: Thilo Schulz [mailto:arny@ats.s.bawue.de] Sent: Saturday, June 14, 2003 8:55 AM To:

Hi all, ive got wondershaper working well with the highest download while maintaing minimal latency but the problem is this: ive got 2 nics in the linux router eth0 and eth1. eth1= internet interface but this is connected to a router say 10.0.0.190, now off that router there are other servers, mail server, domino server etc now if i shape on eth1 ingress and egress using the wondershaper script

I have wondershaper to limit my upload at 400kilobits (my line is 600kbps). I do a lot of torrent seeding and I dont want my pings killed when I''m uploading so I set low prority source ports as follows (by the way, I have bittornet to only use ports 6881-6910): NOPRIOPORTSRC="6881 6882 6883 6884 6885 6886 6887 6888 6889 6890 6891 6892 6893 6894 6895 6896 6897 6898 6899 6900 6901

I''ve been using the wondershaper 1.1 with much success. My problem is that I want to guarantee bandwidth to mail/VPN & web surfing and make sure that I don''t break the existing script. If not how do I make sure that I can guarantee bandwidth for mail, VPN & web surfing without hurting ftp uploads. Thanks

Is there a way to apply wondershaper w/ htb to a port range? I have a ftp server on port 65432 and passive ports 50000-60000. Is there a way to set a range? or do they have to be individually listed? The following doesnt seem to work: # low priority source ports NOPRIOPORTSRC=65432, 50000:60000 # low priority destination ports NOPRIOPORTDST= Mark

Hi ! I´ve been using the wonderful wondershaper from chapter 15.8 of the LARTC Howto for some time. It´s really wonderful. Actually, I use the version from http://freshmeat.net/projects/wshaper/?topic_id=87 Now I tried to put some hosts to low priority, and it doesn´t work. The traffic is splitted equally between the noprio and the other hosts. Is this because I use ip masquerading, and all

Hi ! I found an excellent article about QoS and traffic shaping for VoIP (Asterisk IAX protocol), which is designed to improve sound quality even over very busy lines. http://www.howtoforge.com/voip_qos_traffic_shaping_iproute2_asterisk Should I just cut and paste all that to shorewall''s tcrules (replacing 4569 with 5060)? Additionally, author of this article uses IAX protocol,