Displaying 20 results from an estimated 800 matches similar to: "Debian Lenny very simple traffic shaping not working"
2012 Sep 27
5
Understanding IFB
I''m experiencing a problem with masquerade downloads saturating my
internet connection. I''ve implemented an IFB and now am looking into
flow keys. Although I''ve read the documentation, I''m not sure I have
this right. Can someone help?
/etc/shorewall/params:
MID_IF=eth0
MID_IF_TC=1
INET1_IF=eth1
INET1_IF_TC=2
INET1_IFB_IF=ifb0
INET1_IFB_TC=3
Note: MID_IF
2012 Sep 30
12
shorewall dynamic zones confusion
Hi,
I''ve been successfully using shorewall in our K12 school since the 2.x
days initially on Mandrake and now on Debian. Because of that my config
has got quite complicated. The firewall has a working MultiISP setup
with four interfaces (I''ve renamed them with udev to easy their
identification): lan-if, dmz-if, snt-if and dnt-if (one of the providers
(the one on dnt-if) is a DSL
2011 Apr 23
6
TC: Simple and complex configs interplay
Hello,
From a user perspective, the simple (tcpri) and complex TC configs
offers two rather distinct choices. A user can very well be OK with
only using the simple way and that''s very fine. Then again, even in
doing so, the more complex config options are available. What is the
interplay between the two as far as having some parameters configured
in both at the same time ? So far
2012 Sep 28
1
nat & providers & route_rules questions
hi
I''ve got the situation that I have a virtual shorewall firewall/router
which will get different single ip''s on one interface in different
subnets with different gateways which need to be nat''ed to the inside
network. I''d really love to do proxy arp but the provider isn''t able to
give me an ip range (cloud computing hooray).
If I understand it
2012 Nov 20
3
Simple Traffic Shaping Problem
Hello,
I have a problem with simple traffic shapping in shorewall, my current
configuration is:
zones
vlan10 ipv4 #
interfaces
vlan10 vlan10 detect tcpflags,routeback
shorewall.conf
TC_ENABLED=Simple
tcinterfaces
vlan10 Internal 1mbit:50kb
shorewall show tc
Device vlan10:
qdisc prio 5: root refcnt 2 bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
2006 Mar 03
3
tcdevices Error
Version 3.0.5 with the two-devices setup (eth0 - net, eth1 - loc).
Kernel 2.4.29
tcdevices, tcrules, and tcclasses are clones of the wondershaper example
(http://www.shorewall.net/traffic_shaping.htm) with eth0 replacing ppp.
With TC_ENABLED=Internal in shorewall.conf:
----
Validating /etc/shorewall/tcdevices...
Validating /etc/shorewall/tcclasses...
ERROR: device A seems not to be
2013 Sep 16
7
Rsync rules for Shorewall
Hi folks,
I''m having an issue with rsync between my firewall and an internal
box. It seems to be a shorewall issue (or correctly speaking, an
issue with my shorewall config) because if I disable shorewall my
rsync works fine.
And I just can''t find it documented anywhere what I need to do.
I have rules like this :
root@userver:/etc/shorewall# grep -i Rsync rules
2005 Jan 01
2
htb bridge problem, please chceck my config
hello. i have following setup:
a machine (winChip 200mhz cpu, 32mb ram, linux 2.4.28) acting like a bridge
with
2 interfaces (eth0 - to our ISP, eth1 - to our network)
machine does not have any IP
there is a 802.1q vlan eth0.2
eth0.2 and eth1 are bridged in br0
i have one 4mbit link which i share with my friend, i have 3mbit and he has
1mbit
all our IP addresses are public and we have the
2013 Dec 03
5
Multiple ISP + traffic shapping = poor download speed
Hello,
Thanks for the great Shorewall which has replaced my hard to maintain home-made scripts.
First, what works.
Our local network is 10.48.X.X with multiple vlan, each on a dedicated interface. We use Shorewall 4.4.11 from Debian Squeeze.
We have a 2 ISP:
- isp1 : an optical fiber provider with 10 Mbps.
- isp2 : a DSL provider with 15Mbits/1Mbits.
We use isp2 as the default outgoing
2007 Aug 15
28
traffic shaping
I try use setup traffic shaping with Shorewall-4.0.2 and have fault.
When i start Shorewall with tc-files configured i get follow messages:
...
RTNETLINK answers: No such file or directory
We have an error talking to the kernel
ERROR: Command "tc filter add dev eth2 parent ffff: protocol ip prio
50 u32 match ip src 0.0.0.0/0 police rate 500kbit burst 10k drop flowid
:1" Failed
2007 Dec 06
3
HTB performance improvement
HTB performance improvement
Hi all !
i''m looking at the performance of the HTB algorithm/implementation because i would like more packets/sec !!
this is the scenario of the performance test:
i''m using an embedded system with:
SPEED CPU: 399,999 MHz
RAM: 128 MByte
FLASH: 16 MByte
EEPROM: 8Kbyte
PROCESSOR MPC8272
a lan to lan 10/100 and in particular we are sending
2012 Sep 28
0
Shorewall and ipsets
Hello,
I''m new to shorewall and ipsets but have experience on low level
iptables rules.
I read already the following documentation:
http://www.shorewall.net/Introduction.html
http://www.shorewall.net/three-interface.htm
http://www.shorewall.net/GettingStarted.html
http://www.shorewall.net/shorewall_quickstart_guide.htm
http://www.shorewall.net/shorewall_setup_guide.htm
2015 May 11
2
appdynamics php agent prevented by SELinux
Hey guys,
I've got another C7 problem I was hoping to solve. I
installed appdynamics-php-agent-4.0.5.0-1.x86_64 on a C7.1 host.
It's failing to communicate with it's controller on another host. And this
is the interesting part. Whether or not I have SELinux enabled, I have
apache reporting SELinux problems.
[root at web1:~] #getenforce
Permissive
May 10 20:47:56 web1 python[25735]:
2015 May 11
3
appdynamics php agent prevented by SELinux
>
> If rpm is configured for _that_ location of log files, I would remove the
> repository this rpm comes from from configuration and will remember to
> never-never ever use that repository for anything.
>
> Just my $0.02
>
Yeah I completely get where you're coming from there. However it's not an
RPM from a repo. I downloaded the rpm from the appdynamics site itself.
2015 May 12
2
appdynamics php agent prevented by SELinux
Well, I was having a heck of a time with the rpm install in terms of
customizing the install directory.
So I thought the easy way out might be to go for a source install. Which I
tried and this was the output from the install:
[root at web1:/opt/AppDynamics/appdynamics-php-agent] #./install.sh
appd.jokefire.com 443 beta.jokefire.com "Web Front End" web1.jokefire.com
Install script for
2012 Sep 26
2
Error message starting Shorewall with TC simple enabled
Hi,
Hi, I get an error with TC Simple.
System:
shorewall 4.5.6.2
kernel 3.5.3
iptables 1.4.13
xtables 1.45
iproute2 3.5.1
OS: gentoo/linux amd64
when shorewall executes this command:
tc filter add dev eth0 protocol all prio 1 parent 1011: handle 1011 flow hash keys nfct-src divisor 1024
It fails with this error:
RTNETLINK answers: No such file or directory
We have an error
2013 Jul 12
3
new Shorewall + strongSwan blog
Hi Tom,
Thanks for the feedback about my Shorewall evaluation
I''ve published a blog today covering general things I''ve observed about
the way to combine Shorewall with strongSwan:
http://danielpocock.com/practical-linux-vpns-with-strongswan-shorewall-and-openwrt
Please let me know if anything is inaccurate or if there is anything
substantial that I missed and I''ll
2015 May 11
3
appdynamics php agent prevented by SELinux
>
> That's a rather odd (personally, I think bad) place for a log (or
> even logfile lock) and I'm not at all surprised that selinux is
> keeping your application from writing there. I would check to see if
> there is a setup/configuration option for your application to put
> the log files and related in a more standard location (/var/log,
> /var/run), where it is less
2012 Oct 25
2
How to refresh blacklist without resetting counters
Hi,
Is it possible to get Shorewall to reload the static blacklist file without
resetting the packet and byte counters?
I am following the guide at
http://mudy.wordpress.com/2009/02/21/shorewall-blacklist-spamhaus-dshield/
to periodically generate a blacklist, but "shorewall -qq refresh -n
blacklst" resets all my accounting. Is there a way to do this without
resetting the counters?
I
2005 Feb 10
5
priorizing vlans in a bridge
Hi, this is my Linux Box
----------------------------
LAN 1 -----|--eth1 <---br1--->eth0.1 |
| \ |
| eth0--|----- 802.1q tagged 1 Mbps link
| / |
LAN 2 -----|--eth2 <---br2--->eth0.2 |
----------------------------
I have to bridge the 2 lans