similar to: bypassing qdisc for some traffic

Hello. I have a pretty strange problem with routing and iptables mark. My firewall has a classic 3 NIC config: one nic connected to the ISP routers, one network for DMZ and the third network for my private network. Here is the schema: HUB HDSL router----+----ADSL router | | HDSL IP---eth0---ADSL IP | | +-------+------+ | | | | | | | | |

Hi, my shorewall is version 4.0.15 on Debian Lenny. I have 3 following interfaces: eth0 net (4mbit/512kbit) eth1 loc (100mbit) eth2 loc (100mbit) I want to shape traffic from net on two lan interfaces like: - default is 2000mbit for each local interface - if is no traffic on eth1 is 4mbit for eth2 (and vice versa) My tcdevices eth0 4000mbit 512kbit eth1 -

Hi I would want to use the patch for squid released by patrick mcHardy, but it requires that squid is located on the same machine that does traffic shaping. My configuration is different: i have the screening HDSL router directly connected to a multi-ethernet firewall and the proxy located on a DMZ box. i would want the firewall doing traffic shaping. Internet |

Hi list... I work for a school in the netherlands with a 2mbit Internet uplink and about 3800 eager student who want to play games on the Internet using one of our 800 workstations. Problem was that those game playing students are concentrated in 2 of our 6 physical locations... and they consumed the bandwidth which the other location would like to use for educational purposes. The thing we did

Hi I have Linux box (Debian) that acting as a bridge. Eth0 and Eth1 are bridged (br0). Br0 have public IP. Eth0 connects to the internet. Eth1 connect to servers in DMZ (with public IPs). Eth2 connects my Lan (192.168.1.0/24). My connections is 2Mbit/2Mbit. I''m doing SNAT for my Lan. QoS on eth0 works fine for DMZ, but is there a possibility to doing QoS on

Sorry for the long descritpion of the problem, I''d like to know If I misunderstand something or if I meet an intrinsic limit of my setup. 217.58.51.162 HDSL eth1 - SRV_XP: 192.168.254.10 eth0: 192.168.254.1 -----+------------------+------- 81.121.243.250 ADSL eth3 - I want to allow incoming pptp request (port 1723) to be forwarded to srv_xp

Hi, I''m trying to use Shorewall (3.0.6) to accomplish what I thought was going to be fairly simple. Unfortunately, I can''t get the dmz to work correctly, and I''m getting martians logged against the interface at issue. Any help I could get would be greatly appreciated! A picture of my physical setup is attached. I have also attached a shorewall dump. To make a long

Hi! First, thanks for this great howto! Second, sorry for my english, it''s not the best! I have a question about the Linux qdisc. My configuation in short: Linux Box with 4 100Mbit ethernet inferfaces: - eth0 goes to a switch with ~60 PC''s connected wo use the internet connection. (192.168.1.200) - eth1 goes to an cable Modem with 5Mbit transfer speed - eth2 connects the 2.

Hi, I''m interesting in CBQs.... :) (nice) Here at my ISP i''ve three Remote Access servers (2 TC ''Total Control'' enterprise Manager from USRobotics and one PortMaster). The first TC is with one range of IP 200.210.18.0/0 and 200.210.66.0/8 I knew the comand: tc filter add dev eth2 parent 10:0 protocol ip prio 100 u32 match ip dst

Hi All, I''m using HTB to shape traffic, a little like this: tc qdisc add dev eth2 root handle 1:0 htb tc qdisc add dev eth3 root handle 1:0 htb tc filter add dev eth2 parent 1: protocol 0x8100 prio 5 u32 match u16 3000 0x0fff at 0 flowid 1:1 action ipt -j MARK --or-mark 0x01000000 tc filter add dev eth3 parent 1: protocol 0x8100 prio 5 u32 match u16 3000 0x0fff at 0 flowid 1:1 action

Dear Sir : About the Samba, could you do us a favor to advise us if any comment = about the following problem. We used Samba v2.0.7. We are porting the Samba into Linux box. The Linux box is an embedded system with 32MB memory only. Because Samba takes around 1.5MB memory for each connections, it = takes lot sof memory for multiple connections. It exhausted the memory of

Hi All, I''m using Shorewall 3.0.4 and I''m wondering if it is possible to do traffic shapping on only one interface from a bridge. The firewall has got 3 NIC, eth0, eth1, eth2. eth0 and eth2 are bridged, but if I''m right, when you specify a traffic rate for a link, you do it for the interface. In my case, eth0 and eth2 do not appear in the interface file, but it is

Hi all, I''m having some problems setting up qdiscs on a bridge.The config looks a little like this: ifconfig ifb0 up # Bring up the IFB for this bridge. tc qdisc add dev eth2 ingress tc qdisc add dev eth3 ingress tc qdisc add dev ifb0 root handle 1:0 cbq bandwidth 100Mbit avpkt 1000 cell 8 # Raw qdiscs on each bridge port tc qdisc add dev eth2 root handle 1:0 cbq bandwidth

Hi all, I have a problem with a new Shorewall box I''m trying to migrate from iptables rules to shorewall 2.2.0. I have a 3 interfaces setup: - eth0 ---> internet (ip address) - eth1 ---> remote office (10.0.0.0/8) - eth2 ---> lan (192.168.16.0/24) I''m using a very simple and common setup, with just a few DNAT rules in my /etc/shorewall/rules file, and about twenty

Hi there, I have two ethernet connections of 2Mbit/s each and I''m trying to add them together to one 4Mbit/s connection but I cannot get more than approximate 1Mbit/s! My setup: I have a LAN (10.2.18.0/24), connected to a larger network (10.0.0.0/8) by two WAN-connections with 2Mbit/s each. On each end I have a Linux router. I first setup the routers to use TEQL with one of the

Hello !! I ve just install shorewall-common and shorewall-shell I can''t defined a network using the CIDR format for my DMZ in /etc/shorewall/hosts fast eth2:172.17.0.0/16 epac eth2:172.18.0.0/16 fsa eth2:172.19.0.0/16 bu eth2:172.20.0.0/16 recto eth2:172.21.0.0/16 dmz eth1:81.91.225.224/27 I receive this error: ERROR: Invalid zone definition for

Hi I have Linux box (Debian) that acting as a bridge. Eth0 and Eth1 are bridged (br0). Br0 have public IP. Eth0 connects to the internet. Eth1 connect to servers in DMZ (with public IPs). Eth2 connects my Lan (192.168.1.0/24). My connections is 2Mbit/2Mbit. I want to limit upload speed for each service on each server in DMZ, but also for users on my Lan. The same for

Hi Marcin, There is no problem to make limitation on a linux bridge. The rule must be the same as for a router: there must be applied on eth0 and eth1. All my best, Liviu On Wed, 2005-04-13 at 10:48 +0200, lartc-request@mailman.ds9a.nl wrote: > Send LARTC mailing list submissions to > lartc@mailman.ds9a.nl > > To subscribe or unsubscribe via the World Wide Web, visit >

Hello everybody. I have a problem with my firewall rules on my Slackware Linux box 9.0 (kernel 2.4.20-xfs). This system is configured with 3 NIC (one for the router, one for the dmz, and the other for the private net). I have written a firewall (iptables) that is processing packet based also on the incoming interface. This firewall is connected in a not good environment where all the NIC (and the

Hello, I've been trying to implement a bridge in place for a clustered firewall at one of our office locations. Currently we NAT two class C's internally. We decided, for performance reasons, that it would make sense to put our servers into an official DMZ. So we started this bridging project. Our goal is to have two redundant firewalls in place. There is no need for active/active.