similar to: Control Trafic

Hi Andreas! I mainly understand what you mean, I tried to fix something on the script, I don''t know if I did it well. Can you take another look on it please and if is wrong to make the corrections directly on it so that I see where the mistake is... With this script I want to make limits for IP class 85.120.48.0/25 for international traffic in 256 KBps classes and for metropolitan

Hello, I have problems with htb. The problem is that when I download any file via shaper with htb, the traffic is very dinamic, it jumps, for example: if i have set ceil = 128kbit the results that it jumps from 112kbps to 144kbps or smth like that maybe its not very bad, but when the traffic drops down to 40kbps or less and then after 1 or 2 seconds jumps to 144kbps, its bad :-( and it is often.

Hi All, I have an asterisk box on my DMZ, and I'm using a PF for my firewall, I can make a call but some reasons I have a dead air. Any Ideas? below are my rules... ext_if = "bce0" int_if = "bce1" altitude = "172.16.1.0/24" #### machines #### vbox = "172.16.1.1" uci = "172.16.1.4" voices = "203.172.x.1" ipc =

I'm trying to use pf + ftp-proxy n a 6.1-PRERELEASE machine. I have this line on inetd.conf: ftp-proxy stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy -n And this lines on pf.conf: rdr on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port ftp-proxy pass in quick on $ext_if inet proto tcp from any port ftp-data to $ext_if:0 user proxy flags S/SA keep

I've got a server running FreeBSD 6.2 and PF. The server has a couple dozen jails on it. Previously, I had a few "private" services such as MySQL running on loopback IPs (127.0.0.2+) and the rest of the jails running on the public IPs. I have to renumber my machine with a new block of public IPs so I thought I'd be clever and move all the jails onto loopback IPs. Then

Hey list and possible Arne... I try to get traffic shaping working on my firewall but getting cunfused with settings, but first my current setup: tcclasses file: #INTERFACE MARK RATE CEIL PRIORITY OPTIONS $EXT_IF 10 64kbit full 1 tcp-ack,tos-minimize-delay $EXT_IF 20 full/3 full/2 2 default $EXT_IF 30

Tinc OpenBSD masquerading firewall users: I just found that in OpenBSD's 3.2 and greater kernel, the packet filter (pf) added the ability to specify a source port for NATing. Therefore, my UDP rig outlined in my last post is not a desirable solution for OpenBSD users. I am unsure if Darren Reed's ipf has a similar function (pf's syntax was originally based on Darren Reed's

Has anybody on this managed to get ChilliSpot and Shorewall to work together? I have managed to get it to work with the supplied firewall script but if I wanted to do my firewall like that I would not be using Shorewall. At any rate, I am having all kinds of trouble translating the supplied rules to something that Shorewall would understand. If anybody has already done it I would love to see the

https://bugzilla.netfilter.org/show_bug.cgi?id=1248 Bug ID: 1248 Summary: The rr-load-balance part doesn't actually work on 0.7 Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: minor Priority: P5 Component: nft Assignee: pablo at

I am running 2.4.20 with Julian Anastasov''s patches (routes-2.4.20-9.diff), iptables v1.2.6a, iproute2-ss010824 on Debian. I have set up our internal gateway to multihome 2 T1''s as described in http://www.linuxvirtualserver.org/~julian/nano.txt . The only difference is that I use multiple IP''s on the external interfaces. EXA A.B.C.225 --------------------

Hi, I was reading document http://shorewall.net/MultiISP.html#idp3634200. Inspired by the document I was trying to establish the following changes: * one additional interface: COMA_IF * COM[A,B,C]_IF interfaces request IP address via DHCP * all non-RFC 1918 destined trafic is NATed from INT_IF to COMA_IF * all non-RFC 1918 destined trafic from GW is routed via COMB_IF by default * non-RFC 1918

Hello list, I discover strange behaviour of shaping traffic that i setup from Shorewall-4.0.2. I know that this is not Shorewall problem but may be somebody from list can help me or explain this situation. I have follow interfaces in 'tcdevices' files: #INTERFACE IN-BANDWITH OUT-BANDWIDTH # $EXT_IF 500kbit 248kbit $INT1_IF 500mbit

I try use setup traffic shaping with Shorewall-4.0.2 and have fault. When i start Shorewall with tc-files configured i get follow messages: ... RTNETLINK answers: No such file or directory We have an error talking to the kernel ERROR: Command "tc filter add dev eth2 parent ffff: protocol ip prio 50 u32 match ip src 0.0.0.0/0 police rate 500kbit burst 10k drop flowid :1" Failed

Hello to everybody, We want integrate in a router/firewall (Debian Based, 2.6 Kernel), an HTB shaper. The goal is to divide the traffic for classes of workstations, at example in three classes, let say A, B and C. Example: A 70 Mb/s B 20 Mb/s C 10 Mb/s If B don''t make traffic, 7/8 of 20Mb/s must be assigned to A and all the rest at B We have used CBQ and HTB, with poor succes. Anybody

If you are willing to patch your iptables and kernel to support the ROUTE target, the code in CVS project Shorewall2/ now supports very flexible routing. As an example, I run Squid in my DMZ for transparent proxy. Rather than the complex routing setup described in http://shorewall.net/Shorewall_Squid_Usage.html, I now use this single entry in /etc/shorewall/routes to route all HTTP requests from

Gang, For months now, we're all seeing repeated bruteforce attempts on SSH. I've configured my pf install to ratelimit TCP connections to port 22 and to automatically add IP-addresses that connect too fast to a table that's filtered: table <lamers> { } block quick from <lamers> to any pass in quick on $ext_if inet proto tcp from any to ($ext_if) port 22 modulate

>Submitter-Id: current-users >Originator: Janos Mohacsi >Organization: NIIF/HUNGARNET >Confidential: no >Synopsis: pf does not use IPv6 interface addresses at startups >Severity: serious >Priority: low >Category: bin >Class: sw-bug >Release: FreeBSD 6.2-STABLE i386 >Environment: System: FreeBSD scone.ki.iif.hu 6.2-STABLE FreeBSD 6.2-STABLE #23: Wed May 9 18:23:24

hi, I''ve successfully implemented shaping and policing with HTB for my SDSL line. Some tips&tricks I discovered which were not covered in the FAQs and docs I read: - To discover the appropriate rate for your line, flood it with traffic and reduce the rate until the matching class starts to show a consistent backlog -- only then you''ve managed to take the queue away

Hi, I am using icecast2-2.4.1,1 on FreeBSD 10.1-RELEASE. In order to be able to stream on port 80, I have redirected port 8080 to port 80 by means of firewall on icecast server itself (packet filter): rdr pass on $ext_if proto tcp to port 80 -> 127.0.0.1 port 8000 The only thing that bothers me is the fact that autogenerated playlist files (m3u, xspf and vclt) in web interface direct to port

Message: 12 From: Gery Kahn <geryk@sphera.com> To: "''lartc@mailman.ds9a.nl''" <lartc@mailman.ds9a.nl> Date: Tue, 5 Jun 2001 20:28:30 +0200 Subject: [LARTC] priority of class ->split traffic in 2 more classes ->tc class add dev eth0 parent 2:0 classid 2:21 cbq avpkt 1000 bandwidth ->100Mbit \ ->rate 70Mbit prio 3 maxburst 20 ->tc qdisc add