similar to: block p2p

I have tried to follow the HOWTO''s as best I could to add some traffic shaping to my existing shorewall firewall/router. What I am trying to achieve Top priority to all voip traffic, regardless of sip, iax2 etc. Higher priority for interactive traffic - ssh, http General queue for everything else, but A low priority queue for any ipp2p traffic What I have achieved..... Almost

Hey list and possible Arne... I try to get traffic shaping working on my firewall but getting cunfused with settings, but first my current setup: tcclasses file: #INTERFACE MARK RATE CEIL PRIORITY OPTIONS $EXT_IF 10 64kbit full 1 tcp-ack,tos-minimize-delay $EXT_IF 20 full/3 full/2 2 default $EXT_IF 30

Does anyone here implement traffic shaping with shorewall? I need to shape BitTorrent traffic on my network so that upload/downloads do not overwhelm normal function or, even more importantly, my imminent conversion to VOIP for all telephone service. I followed the shorewall documentation guide but am not sure if what I have done is the Right Way Of Doing Things. Nor am I satsified with the

Version 3.0.5 with the two-devices setup (eth0 - net, eth1 - loc). Kernel 2.4.29 tcdevices, tcrules, and tcclasses are clones of the wondershaper example (http://www.shorewall.net/traffic_shaping.htm) with eth0 replacing ppp. With TC_ENABLED=Internal in shorewall.conf: ---- Validating /etc/shorewall/tcdevices... Validating /etc/shorewall/tcclasses... ERROR: device A seems not to be

Hi, I''m trying to configure QOS , but I''m don''t have success. My files: #/etc/shorewall/tcdevices #INTERFACE IN-BANDWITH OUT-BANDWIDTH eth0 256kbit 256kbit eth1 256kbit 256kbit eth2 256kbit 256kbit #/etc/shorewall/tcclasses #INTERFACE MARK RATE CEIL PRIORITY OPTIONS eth1

Hello Shorewall users, I have some questions I am hoping someone can answer. I have searched around the archives but so far I have been unable to find answers. I am trying to configure traffic shaping on my router/firewall box running Shorewall 3.0.5/kernel 2.4.31 and have run into some problems/questions. My basic set up is: 1500/256kbit ADSL (PPPoE/ppp0) -> Shorewall box

Hello Tom! After i read and analyze some docs about IFB i decide that for implement this feature in Shorewall not need more efforts (of course i may be wrong). If we have 'ifb0' device then we must activate ingress discipline on real device (f.e. eth2) and redirect 'egress' from it to 'ifb0'. tc qdisc add dev eth2 ingress tc filter add dev eth2 parent ffff: protocol ip

Hi i want see if my QoS are good because i am not very sure ... the VoIP quality are not very good when i download. I have on my Linux routeur/Firewall Asterisk .. and i have into my config : ================================================ tcdevices: eth0 2000kbit 2000kbit tcclasses: eth0 1 100kbit 180kbit 1 tos=0x68/0xfc,tos=0xb8/0xfc eth0 2 full/4 full

Hi I using ipp2p to block p2p traffic. How to enable to use p2p to me host in my net ? I using this setup: iptables -A FORWARD -m ipp2p --ipp2p --bit --apple --winmx --soul --ares -j DROP This setup: iptables -A FORWARD -m ipp2p --ipp2p --bit --apple --winmx --soul --ares -d ! mynet -j DROP iptables -A FORWARD -m ipp2p --ipp2p --bit --apple --winmx --soul --ares -s ! mynet -j DROP not

Hi.... I''m trying to setup a LAN router with P2P filter but the problem is that can''t "catch" Ares. There is a way to DROP "ares" p2p packets ? I''ve tried with last "ipp2p" snapshot without sucess... I''ve Kernel 2.4.28 iptables 1.3.0 Various Patches from patch-o-matic-ng-20040621 iproute2-ss020116 IMQ Patch Esfq Patch

Hi, I''ve a linux as router nat + firewall (POLICY DROP for INPUT OUTPUT and FORWARD) but, I''ve put next rules for p2p software on FORWARD chain [... snip ... ] iptables -F FORWARD iptables -P FORWARD DROP iptables -A FORWARD -p tcp --dport 80 -j ACCEPT iptables -A FORWARD -p tcp --dport 25 -j ACCEPT [... snip ... ] iptables -A FORWARD -m ipp2p --ipp2p -j ACCEPT iptables -A

Hello, I am trying to set up traffic shaping/control for my voip connection. I am running 4.4.22.3. Here is my current configuration: --- tcdevices --- #NUMBER: IN-BANDWITH OUT-BANDWIDTH OPTIONS REDIRECTED #INTERFACE INTERFACES eth1 2048kbps 1500kbps -- tcclasses --- #INTERFACE:CLASS MARK RATE: CEIL PRIORITY OPTIONS # DMAX:UMAX eth1 1 100kbps

Hi all. I have a bridge running Linux 2.4.24 that I use as a bandwidth manager on a broadband wireless network. I''m using HTB and SFQ to prioritize that share bandwidth on a per-cell basis. My IP tables rules divide the traffic based on IPand traffic type (using layer-7 filter and ipp2p). My goal is to make sure that p2p traffic on the network doesn''t sink all of the

I stumbled upon a problem while upgrading Ubuntu 13.04, Shorewall version from 4.4.26.1 to 4.5.16.1. Everything was working fine before, after upgrading the script wouldn''t start. First some config files. tcdevices: #INTERFACE IN-BANDWIDTH OUT-BANDWIDTH OPTIONS REDIRECTED eth1 - 6300kbit hfsc,classify ifb0 - 6300kbit hfsc

The Shorewall team is pleased to announce the availability of Shorewall 4.2.10. Astute users will notice that the version of Shorewall-perl included in this release is 4.2.10.1. We corrected a problem which was discovered after the release was initially uploaded, and we wanted to avoid the confusion that would inevitabley result if we were to release a different set of code with the same version

Hey, one more question for ipp2p iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j CONNMARK --restore-mark iptables -t mangle -A DSL-IN -p tcp -m mark ! --mark 0 -j ACCEPT iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j MARK --set-mark 7 iptables -t mangle -A DSL-IN -p tcp -m ipp2p --ipp2p -j CONNMARK --save-mark iptables -t mangle -A DSL-IN -p udp -m ipp2p --ipp2p -j MARK

hi who can ever help me out with the shaping of torrent traffic? i have a pptp at ppp0 over eth0 (10.0.0.1/8) i would like to shape outgoing traffic of rtorrent on these two interfaces, assume rtorrent is running at port 6999 need 3mbit for ppp0 and 50mbit for eth0 i supposed: [tcclasses] ppp0 1 2mbit 3mbit 1 eth0 2 20mbit 50mbit 2 [tcrules] 1 0.0.0.0/0 0.0.0.0/0 tcp

I''m experiencing a problem with masquerade downloads saturating my internet connection. I''ve implemented an IFB and now am looking into flow keys. Although I''ve read the documentation, I''m not sure I have this right. Can someone help? /etc/shorewall/params: MID_IF=eth0 MID_IF_TC=1 INET1_IF=eth1 INET1_IF_TC=2 INET1_IFB_IF=ifb0 INET1_IFB_TC=3 Note: MID_IF

Hello, I am trying to shape p2p trafik to 256kbps on my dsl line. I wrote this set of commands: DEV=eth2 ip link set imq0 up tc qdisc add dev imq0 root handle 1:0 htb default 21 r2q 2 tc class add dev imq0 parent 1:0 classid 1:1 htb rate 530kbit tc class add dev imq0 parent 1:1 classid 1:20 htb rate 530kbit ceil 530kbit prio 0 tc class add dev imq0 parent 1:1 classid 1:21 htb rate 64kbit

Hi, my shorewall is version 4.0.15 on Debian Lenny. I have 3 following interfaces: eth0 net (4mbit/512kbit) eth1 loc (100mbit) eth2 loc (100mbit) I want to shape traffic from net on two lan interfaces like: - default is 2000mbit for each local interface - if is no traffic on eth1 is 4mbit for eth2 (and vice versa) My tcdevices eth0 4000mbit 512kbit eth1 -