similar to: 2 NICS - local services not shaping correctly

Having a problem with classid and prio and position. Wondering if someone could help? Below I have pasted a part of my current rules, now it consists of one chain and two pipes. If they both use 60Kbit which one would get priority? Would it be the one with the better prio or the one with the lower classid or would it be the one which is first on the list? /sbin/tc class add dev eth1 parent

(if this post gets line-feed-mangled please read http://www.dl.reneschmidt.de/shorewallxenpost.txt - that''s an unmangled version, thank you) Hello, first I would like to thank the Mr. Eastep and contributors for this great piece of software and superb documentation. I have a SOHO server (Debian testing) that I''m using for several purposes so I''ve set up a Xen

Due to a critical dracut bug, and a strong dev focus on F16, we're dropping all F15 recipes. Signed-off-by: Mike Burns <mburns at redhat.com> --- recipe/ovirt15-install.ks | 1 - recipe/ovirt15-minimizer.ks | 1 - recipe/ovirt15-pkgs.ks | 2 - recipe/ovirt15-post.ks | 145 ------------------------------------------ recipe/ovirt16-install.ks | 2 +-

Torsten, I suffered a similar problem and was wondering if you found a better solution to the problem of dnatting on a transparent bridge. My setup: INTERNET <-> ROUTER <-> (linux)BRIDGE <-> INTERNAL NETWORK Solution: setup a bridge with ip x.x.x.51 and alias another ip to the bridge x.x.x.50 ( using a /16 network at home ) Now get the router to send all incomming traffic

Happy New Year. Finally got my fw and tc rules down pat for the bridge, now interested in introducing a third nic to have nat on the box as well. Does anyone have a idea of a good place to start reading up on the subject, mainly interested in how to setup the flow direction to start with as to get a overall understanding of the flow, found that help best. Internet --- eth0 --- eth1 ---

A note to confirm that "-m physdev --physdev-is-bridged" in the iptables command does enable iptables to work in a bridged environment. I was fighting the same problem and this indeed solved it. Below is my test script running on a two NIC Debian 3.1 266MHz bridge. Before adding the physdev flag, only the "tc filter" commands worked but now the iptables commands also

I've run into a problem on my KVM host where a single guest will be unreachable to other guests on the same host. This host has 2 bridged devices and guests assigned to each have the same issue. I've noticed that when I can't reach the problematic guest, the ARP entry for that system is incorrect. This issue seems to only be a problem about 75% of the time when making connections

Hello. I have a 1024/256kbit ADSL and tried to shape outgoing traffic in order to improve latency. Here is my config. UPLOAD_RATE="256" UPRATE="$[4*$UPLOAD_RATE/5]" (a little smaller) UP70="$[7*$UPRATE/10]kbit" UP30="$[3*$UPRATE/10]kbit" UP20="$[2*$UPRATE/10]kbit" UPRATE="${UPRATE}kbit" IF="eth2" IPTABLES="iptables -t

My hfsc rule .. tc qdisc add dev eth2 handle 1: root hfsc iptables -t mangle -N ms-all iptables -t mangle -N ms-all-chains iptables -t mangle -N ms-prerouting iptables -t mangle -A PREROUTING -j ms-prerouting iptables -t mangle -A ms-prerouting -j CONNMARK --restore-mark iptables -t mangle -A ms-prerouting -p udp --dport 4444 -j MARK --set-mark 1 iptables -t mangle -A ms-prerouting -p udp -m

Hello All, I am trying to implement OpenVPN on Fedora core Linux 3 with the latest pathces installed. This server is used only as firewall/internet gateway/proxy/VPN server, with kernel 2.6.1-1.27.FC3 and kernel 2.6.1-1.27.FC3 SMP It has two NIC''s eth0 (10.0.0.150) connected to ADSL, eth1 (192.168.3.12) connected to the local network. I use shorewall 2.4 on this machine. I like to test

Trying to use the policy drop rule with the bridged firewall, when I removed the first line the transparent proxy works great? It seems a bit strange as from reading several articles on it I thought the following occurs. 1st line - if it doest match it gets dropped on the local filter input. 2nd line - redirects the traffic off the link layer into the network layer ready for line 3. 3rd line -

When I start my script: * - Creating classes on br1 for upload control ... * - tc class add dev br1 parent 2:0 classid 2:46 hfsc ls m1 576.0Kbit d 2000ms m2 192.0Kbit ul m2 384Kbit ... [ ok ] * - tc class add dev br1 parent 2:46 classid 2:47 hfsc sc umax 1500b dmax 30ms rate 80Kbit . [ ok ] * - tc class add dev br1 parent 2:46 classid 2:48 hfsc ls m2 152.0Kbit ul m2 152.0Kbit

Hello, I''m using Linux kernel 2.6.x and tc (from iproute2 package). I''m trying to use HTB or HFSC scheduler in order to limite the rate of outgoing packets and also in order to minimiez delay for RTP stream. But I didn''t suceed in having this 2 QoS services working. I use Iptables in order to classify packets. Here is my HFSC conf. In fact the pings that i send from

Hello everyone. CONFIGURATION DESCRIPTION: I have a linux box doing masquerade for two lan''s. Here is a piece of mine network config: eth0 : ISP , one public ip address (DSL modem) eth1 : lan , private network address fe: 192.168.4.0/24 eth2 : wlan access point performing as lan2wlan bridge , private network addes fe. 192.168.67.0/24 This box use 2.6.20 kernel with iptables-1.3.8

Hi, I have a suspicious problem with multiple uplinks configuration. First of all my configuration: 1) kernel 2.6.20.3 2) iptables 1.3.7 3) last iproute (for masked marks) All wan interfaces are bridged (stp disabled) in only one interface (wan0), all lan interfaces are bridged (stp enabled) in only one interface (zlan0). The wan0 bridge is to allow UPnP works. To allow related

Hi all, Below is my network diagram: - eth0 (adsl 1) eth1 (adsl 2) | | | | | | | | ----------------- | | | Gateway | | | ----------------- | | | tun0 Below is my iptables scripting to mark certain ports: -

Hi,lartc I used iproute-060110 with iptables1.3.4 on gentoo 2005r1 kernel 2.6.14-5. I find some error messages in system logfile: HTB: quantum of class 10001 is big. Consider r2q change. HTB: quantum of class 10010 is big. Consider r2q change. tcf_action_init_1: successfull police HTB: quantum of class 20001 is big. Consider r2q change. HTB: quantum of class 20020 is big. Consider

I recently encountered this in the logs of a new Debian Xen Dom0, and having now spent the better part of a day researching and testing, I've come to the conclusion that this is not a bug in xen-utils-common or even iptables; it's merely the consequence of structural changes to the core netfilter code starting in the 2.6.20 kernel. This is rather long, but the issue is complicated. Please

Hi wondering if anyone can help. I have two NICs on a debian sarge based system and current running as a bridge (br0) which consists of eth0 and eth1. Is it possible to add a virtual interface to the eth1 so I can also do NAT on the box as well? I have tried many times and keep coming up with errors. Kind Regards William Bohannan

I''ve uploaded Beta 4. It corrects a bad bug involving exclusion in the hosts file. In addition, it contains the first release of a new Bridge/firewall implementation that uses the reduced-function physdev match found in kernel 3.6.20 and 3.6.21. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \