similar to: HTB: shaping internet bandwidth but don''t shape local network traffic

Dear All, I''m using the kernel 2.6.6, iproute2-2.4.7.20020116, iptables v1.2.9, and gentoo. I have a leased-line 64 kbps. I can see the counter works in iptables, but in the htb, it doesn''t go to the right class (it always go to the default class). Any help will be appreciated here''s my htb conf #!/bin/bash tc qdisc del dev eth1 root tc qdisc add dev eth1 root

How to do ensure a class not lended and not borrowed each other. I do cburst burst 0b ,but ctokens tokens go to negative! --------------------------------- Do You Yahoo!? "更多惊喜，同样精彩，NetVista A30 热卖" --0-611462377-1048485942=:33792 Content-Type: text/html; charset=gb2312 Content-Transfer-Encoding: 8bit <P>How to do ensure a class not lended and not borrowed each

I`m trying to shape both upload (eth0) and download(eth1). I made this script to acomplishthis but the filters are not working even though the classes and qdiscs are created. What am I doing wrong? #!/bin/bash tc qdisc del dev eth0 root tc qdisc add dev eth0 root handle 1 htb default 10 r2q 5 tc qdisc del dev eth1 root tc qdisc add dev eth1 root handle 1 htb default 10 r2q 5 tc class add dev

Hi All , My first message and I have a little problem with my FC6 box trying to block emule traffic using layer7 . Here my network : Internet --------- ADSL Router ------------------- FC6 Box -------------------- Emule Box external ADSL : Dynamic Internal ADSL : 192.168.254.1 external FC6 : 192.168.254.3 internal FC6 : 192.168.253.1 Emule Box : 192.168.253.3 I guess that everything

I''m attempting to setup Squid as shown on: http://shorewall.sourceforge.net/Shorewall_Squid_Usage.html#DMZ The firewall is a Bering 1.0 firewall running Shorewall 1.3.11, Red Hat 7.2 on the server in the DMZ. I''m not seeing the requests come in to the server using tcpdump. The server is 192.168.2.1 connecting to eth2 on the firewall, the local traffic I''m trying to

Hi, I have a default class for my un-marked traffic (prio 5) and a prio 0 class for the important stuff, but I do not understand why my download traffic is duplicated in both. It work fine for my upload traffic (same setting except the red class but I have the same result if I create an esfq instead). Any comments/information will be appreciated. Below my config : tc commands from my scirpt :

Good day to all. I don''t like to Post unless I am really stuck. Guess what? Redhat with Shorewall. Been using this for years. I have a new client that we have setup with Redhat and Shorewall. The problem is that his outside address (ETH0 = NET) is dynamic (i.e. DHCP enabled). All the rules work fine when we use a STATIC address on Eth0, so we know the rules, filters, tos etc work fine

Folks, I''m so surprised what happened to my box just in the few weeks lately. Here is my setup: INTERNET <----------> [eth0] SHAPER-BOX [eth1] <----------> USER-FARM both eth0 & eth1 got public ips (202.x.x.x) Why traffic monitored at eth0 is bigger than eth1 ? eth1 shaped just exactly the same as rate i defined in HTB. I just have 1024Kbps from my ISP and i defined the

I apologize for the first message. :) --------------------------------------- I have an FTP server running in the DMZ section of my home network. It uses port 23000 for connection and ports 19990 to 19994 for data transfer. I have setup the following rule for outside people to connect to it: DNAT net dmz:192.168.2.2 tcp 23000 I''m at work right now and I can''t use

Hey all. I''m trying to set up QoS using the HTB qdisc in a very basic setup, but it the example shown in the howto doesn''t seem to be working. While the packets show up in the correct classes, they appear to be completely ignoring the rates, meaning nothing gets shaped. My setup is that I''ve got a a bunch of machines behind my firewall/router: 1.2.3.1

Hi, I have a install of shorewall I have 2 interfaces(I think) ppp0[connection device] and eth0 [LAN device], I want to allow all traffic from the the internet in or aleast port 80 and CVS and webmin and mail and everything normal to the main machine with shorewall on it. I changed to policy file but it just gave me errors as to double interfaces. I also what still to alow connection sharing

Hello again all, Question: I have a number of users, who need to be shaped at different rates. My question is this: Is there a way that I can shape both *inbound* and *outbound* traffic to not exceed a single threshold, ie. they can get x kbps traffic in or x kbps out, but no more than x kbps in/out combined? Best Regards, -AL.

Hi, Trying to figure out why I cannot get access to dell.com Their site is up because I can browse using a different firewall. Trying to find out where the logs are located and what log files it would write to if it were to deny browsing to a website. I can see the [UNREPLIED] when using the shorewall status. Was hoping to know what logfile it is writing it to. Thanks in advance, Elmer

Hello, I''ve installed on a debian squeeze server, xen 4 with one VM which run in route mode configuration with an IP failover. I wanted to create another VM which turn in nat mode, so I make that : - I let my xend-config.sxp with : (network-script ''network-route netdev=eth0'') (vif-script vif-route) because my first VM is the most important.... For the second, I

I try to shape traffic using HTB and mark packets within iptables using PREROUTING. But the filterrules seems to ignore the marks set with PREROUTING Only POSTROUTING marks are accepted. First my configuration I have a router connected to the internet via ADSL over interface ppp0. eth0 is a tunnel to ppp0 and eth1 serves the LAN. LAN is 192.168.57.0/24 on 10Mbit ppp0 is 80.126.16.44 on

Hello all, this is my first post here. Sorry for my english. Gentoo LAN router, 2.4.26-hardened-r2 There are 2 WAN links, one LAN link. I am doing some iptables/routing/tc magic in my scripts. What''s interesting is marking packets traveling from all IP''s in LAN. Interesting commands are: ------------- for ip in `seq 50`; do $IPTABLES -t mangle -A FORWARD -o eth2 -d

Hello! I''ve put some questions on this list some weeks ago and I''ve got good answers. Thank you! Now I''ve finished my (beautyful) script and I ran it on my router... About my script: It routes packages based on their destination on the Internet. I have about 1650 preffered destination networks listed in some file. The script read this file and marks every package for

I''m very new to shorewall. My setup is IP Gateway (CentOS 4 + Shorewall) with 3 NIC cards. Shorewall works great on the firewall machine. Bind also works (local net machines get IPs fine). Under firestarter, all works great. With shorewall, the loc machines can not route past the firewall. They can connect to the firewall, but not past it. Exactly what information should I post to get

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=429 ------- Additional Comments From laforge@netfilter.org 2006-01-25 11:00 MET ------- Please specifically tell us about the exact kernel version, any patches that you might have applied, and the iptables version that you're using. -- Configure bugmail: https://bugzilla.netfilter.org/bugzilla/userprefs.cgi?tab=email ------- You

Hi All, I''m using iptables-1.2.7a on RedHat8 kernel 2.4.20. I wanted to limit the file-sharing traffic to the internet. I marked the packets with iptables: iptables -A FORWARD -t mangle -p tcp -s 192.168.1.1/24 -d ! 192.168.1.1/24 --dport 1024:1862 -j MARK --set-mark 1 iptables -A FORWARD -t mangle -p tcp -s 192.168.1.1/24 -d ! 192.168.1.1/24 --dport 1864:65535 -j MARK --set-mark 1