similar to: Traffic Shaping

Greetings; My syslog is getting 100s of thousands of messages like the following (these are just a sample); (BTW I am running Debian/lenny) > May 11 12:41:31 gatekeeper kernel: BANDWIDTH_IN:IN=eth1 OUT=eth0 SRC=192.168.0.4 DST=64.15.118.171 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=37901 DF PROTO=TCP SPT=1307 DPT=80 WINDOW=17640 RES=0x00 ACK URGP=0 > May 11 12:41:31 gatekeeper kernel:

Version 3.0.5 with the two-devices setup (eth0 - net, eth1 - loc). Kernel 2.4.29 tcdevices, tcrules, and tcclasses are clones of the wondershaper example (http://www.shorewall.net/traffic_shaping.htm) with eth0 replacing ppp. With TC_ENABLED=Internal in shorewall.conf: ---- Validating /etc/shorewall/tcdevices... Validating /etc/shorewall/tcclasses... ERROR: device A seems not to be

Hello, The shorewall version is shorewall-3.0.7-1 installed in Centos 5.1 (kernal 2.6.18-53.el5) on March. Number one problem is: I edited the policy file was dmz loc ACCEPT info I could use 3389 remote desktop to loc Windows 2003 server but couldn''t use SSH (22 port) to loc Linux server. Also I tried open that two ports in

. "Saluton", Sorry by my poor english, I speak Portuguese. I does a captive portal using: - shorewall - dhcpd - thttpd (in port 8080) - maradns With Shorewall I use dinamic zones. The initial zone in shorewall is configured to redirects access to internal thttpd port 8080, that shows a login.cgi page. With thttpd I rewrite original url. The apache rewrite is very cool, but thttpd

Hi, 1. We have 20+ VLANs behind shorewall firewall. We would like to distribute the Internet bandwidth to different VLANs having minimumm, typical and maximum values based on IP ranges after NAT e.g., 172.17.4.0/24. What rules need to be created to do so? 2. We also would like to time the access of internet of some of the VLANs, i.e., 172.17.4.0/24 should be allowed to access the internet only

Hi, I''m trying to configure QOS , but I''m don''t have success. My files: #/etc/shorewall/tcdevices #INTERFACE IN-BANDWITH OUT-BANDWIDTH eth0 256kbit 256kbit eth1 256kbit 256kbit eth2 256kbit 256kbit #/etc/shorewall/tcclasses #INTERFACE MARK RATE CEIL PRIORITY OPTIONS eth1

Hello, I am trying to block or at least drastically reduced the amount of wasted bandwidth—due to p2p—on a building wide network. My first attempt, was to block it out right. I am running debian etch on my router/proxy/dhcp/dns server. I loaded the ipp2p kernel module and the iptables module. Then I put the following rule in my rules file: SECTION ESTABLISHED REJECT loc net ipp2p:all ipp2p

Hi i want see if my QoS are good because i am not very sure ... the VoIP quality are not very good when i download. I have on my Linux routeur/Firewall Asterisk .. and i have into my config : ================================================ tcdevices: eth0 2000kbit 2000kbit tcclasses: eth0 1 100kbit 180kbit 1 tos=0x68/0xfc,tos=0xb8/0xfc eth0 2 full/4 full

Hello, I am trying to set up traffic shaping/control for my voip connection. I am running 4.4.22.3. Here is my current configuration: --- tcdevices --- #NUMBER: IN-BANDWITH OUT-BANDWIDTH OPTIONS REDIRECTED #INTERFACE INTERFACES eth1 2048kbps 1500kbps -- tcclasses --- #INTERFACE:CLASS MARK RATE: CEIL PRIORITY OPTIONS # DMAX:UMAX eth1 1 100kbps

Hello Tom! After i read and analyze some docs about IFB i decide that for implement this feature in Shorewall not need more efforts (of course i may be wrong). If we have 'ifb0' device then we must activate ingress discipline on real device (f.e. eth2) and redirect 'egress' from it to 'ifb0'. tc qdisc add dev eth2 ingress tc filter add dev eth2 parent ffff: protocol ip

Hello Shorewall users, I have some questions I am hoping someone can answer. I have searched around the archives but so far I have been unable to find answers. I am trying to configure traffic shaping on my router/firewall box running Shorewall 3.0.5/kernel 2.4.31 and have run into some problems/questions. My basic set up is: 1500/256kbit ADSL (PPPoE/ppp0) -> Shorewall box

Does anyone here implement traffic shaping with shorewall? I need to shape BitTorrent traffic on my network so that upload/downloads do not overwhelm normal function or, even more importantly, my imminent conversion to VOIP for all telephone service. I followed the shorewall documentation guide but am not sure if what I have done is the Right Way Of Doing Things. Nor am I satsified with the

Hi! It''s me again bothering you guys, what I want to do is to give full bandwidth to VPN traffic and limit the rest to 30KB/s (kilobytespersecond), ok? Here''s what I have: tcclasses ################################## eth0 1 1kbps 70kbps 1 eth0 2 1kbps 30kbps 2 default eth1 3 15kbps 10000kbps 1 eth1 4

Hi, I want to configure QoS in my shorewall conf but I have a doubt. Now I am using tcrules with prerouting and with the file providers, like this. 2:P 192.168.0.11 0.0.0.0/0 tcp 25 So, with this way I route my smtp traffic with my provider number 2. Well, now I want to configure QoS with tcclasses and tcdevices, but if I do that I need to use the MARK in the tcclasses So, how

Hi, I have this message in my syslog: HTB: quantum of class 10001 is big. Consider r2q change. I don''t know why it''s there. I think all my setup is right. I am shaping traffic from my web server. It lives at three IP addresses, first is fast (and most important - aaa.bbb.ccc.1), second slower (aaa.bbb.ccc.2), third slowest (aaa.bbb.ccc.3). Total bandwidth is 2700kBps. Other

Hi all, This might be more suitable for the shorewall list, but no one has replied yet for several days. I'm trying bandwidth management feature of shorewall-3.4.1-3 on Centos 4.4 with no updates. I've got this error: May 4 22:30:14 gateway shorewall: ERROR: Command "tc qdisc add dev eth0 root handle 1: htb default 13" Failed I've checked the kernel conf (make

I have two boxes for the purpose of testing traffic control and my knowledge thereof (which is at the inkling stage). The boxes are connected by 100Mbit ethernet cards via a switch. For egress traffic via eth0 I achieve a throughput that is close to the specified CEILing, particularly for values above 1mbit. Ingress traffic does not seem so well behaved. Above about 1mbit rates achieved are

I stumbled upon a problem while upgrading Ubuntu 13.04, Shorewall version from 4.4.26.1 to 4.5.16.1. Everything was working fine before, after upgrading the script wouldn''t start. First some config files. tcdevices: #INTERFACE IN-BANDWIDTH OUT-BANDWIDTH OPTIONS REDIRECTED eth1 - 6300kbit hfsc,classify ifb0 - 6300kbit hfsc

The Shorewall team is pleased to announce the availability of Shorewall 4.2.10. Astute users will notice that the version of Shorewall-perl included in this release is 4.2.10.1. We corrected a problem which was discovered after the release was initially uploaded, and we wanted to avoid the confusion that would inevitabley result if we were to release a different set of code with the same version

I''m experiencing a problem with masquerade downloads saturating my internet connection. I''ve implemented an IFB and now am looking into flow keys. Although I''ve read the documentation, I''m not sure I have this right. Can someone help? /etc/shorewall/params: MID_IF=eth0 MID_IF_TC=1 INET1_IF=eth1 INET1_IF_TC=2 INET1_IFB_IF=ifb0 INET1_IFB_TC=3 Note: MID_IF