similar to: [PATCH] Marking packets according to user in tcrules

-- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net -------------- next part -------------- An embedded message was scrubbed... From: =?ISO-8859-1?Q?Fr=E9d=E9ric?= LESPEZ <frederic.lespez@free.fr> Subject: Re: [Shorewall-devel] Re: [PATCH] Marking packets according to user in tcrules Date:

Hi, first of all, let me thank you for your great Shoreline Firewall. I use it with great success at home (protecting my WiFi connection). And now if I could have a question about traffic shaping. I did read everything I could find but I still have two problems: first, the MARK from tcrules is not working in HTB based simple tc filter line ("handle $MARK fw classid 1:20"). If I switch

I think it would be nice to be able to rate limit an action, too.. suppose I have an action named Accept_good_source : ACCEPT - - tcp - 1024:65535 ACCEPT - - udp - 1024:65535 and that i want to use it in an action called AllowCVS, i can''t limit the cvs usage, but only the general use of Accept_good_source... same goes for userset... as each rule will give one iptables command, I

Hi all, I''m trying to set up traffic shaping and I''m having some difficulty. Here is what I want, and where I am. 1. HTTP and SMTP traffic needs to be priority 1. 2. All other traffic priority 2 3. Torrent traffic priority 3. My distro is Fedora Core 4, and the torrent protocol does not appear in /etc/protocols. The only protocol is TCP, which HTTP and SMTP is built on top

Hi Folks, I''m a new user to Shorewall, it came installed on the redWall firewall that I am using and I''m really happy with both projects! Thanks for all your work on it! I have a question about tcrules and $FW. I''m doing source policy routing and need to be able to add an output rule to the mangle chain with a source that is specific network, not 0.0.0.0/0. It

Hi, I am confused about the tcrules syntax. When I try to shape a web server running on fw with this line: 4 fw 0.0.0.0/0 tcp - 80 it works but the "80" must be in CLIENT PORT, my logic says it should be in the "PORT" column (doesn''t work there) am I missing something or are the columns labeled wrong? thx Jan

I have just installed shorewall 2.0.9, having spent a day and a half tracking down why my tcrules wasn''t working properly in 2.0.8. I didn''t see the announcement of 2.0.9 because it didn''t go to -announce. Anyway I have 2.0.9 now (the package from Debian incoming) and the problem is still there. My tcrules file says: 1 0.0.0.0/0 0.0.0.0/0 tcp 22 1 0.0.0.0/0 0.0.0.0/0

Hi all, I moved wshaper 1.1 cbq file to tcstart, but none of my tcrules are being observed. The only way I can set the marks is by editing the tcstart file. Is there a way to incorporate for tcstart to read and apply my set marks in tcrules? Thank you, ~Andrew Nady.

Hello, It seems that the following restriction is not shown in the online man page for tcrules: ERROR: SOURCE/DEST PORT(S) not allowed with PROTO all : /tmp/shorewall/tcrules (line 2) Please let me know if this is expressed otherwise in the documentation. Thanks. ------------------------------------------------------------------------------ EditLive Enterprise is the world''s most

According to the documentation there is a limit to marking of 255. Why is this? Can I work around it?

I don''t know whether this is the right place to ask, but kindly point me to an FM that I can R if it isn''t. My wife is creating lots of Kazaa traffic, and I am using rsync to create a full mirror of Red Hat''s FTP site, Aurora Linux FTP site, the LDP site, and some other stuff. Clearly, when one is moving well over 100GB over a 128 Kbps link, this is going to take a

Hi there. Currently, our network design has two ISP lines and 3 subnets for LAN. Below are some details :- eth0 - isp1 eth1 - isp2 eth2 - subnet1 eth3 - subnet2 eth4 - subnet3 What i wanted to do is to assign incoming port 80 to our local squid server running on the firewall itself and assigned it to eth0(ISP1). I think it shouldnt be a problem as /etc/shorewall/rules provides a sample of the

Don''t know whether you''re interested in errors this trivial. Diff file attached. Regards Fog_Watch. ------------------------------------------------------------------------------

Hello Asterisk sits in a Vserver guest (192.168.3.9) on the firewall. I can''t seem to get the sip helper to mark the SIP packets though. I have an ftp client on a different Vserver guest on the firewall. If I put ftp in the HELPER column of tcrules I can mark those packets. With sip in the HELPER column though nothing happens. Attached is a "shorewall dump > dump.txt"

Hello. I´m using an ftp server in passive mode using ports 30000-50000 and i have a question: how i can limit bandwidth using shorewall for multiple ports? It´s possible? Can someone send me an example? Thanks Wilson ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated

So after reading the traffic control documentation at shorewall.net I am a little confused. I don''t understand how to use the tcrules file. What I would ideally like to do is setup htb on a per user basis (either by IP or MAC address). If anybody has any hints on the best way to do this or is willing to explain the use of tcrules file a little better (how I could mark it per IP or MAC)

Hi! This is another thread of "setting gateway in interfaces file" and while i dont want to create any confusion here, i have decided to open a new thread.(which mean Diamond King no longer a subscriber to shorewall-users) Actually, i turned out not to be the MARK issues. Something is missing and i got this error instead :- Setting up Accounting... Creating Interface Chains...

I have two (interconnected) questions: First of all, I''m trying to use IPP2P to classify my P2P traffic and give it a lower network priority. I''ve already successfully built IPP2P into iptables and the kernel. I read http://www.shorewall.net/IPP2P.html, but it''s confusing me. Using the documentation for normal tcrules in 3.0

Hi all and specially Mr. Tom.... (Please, do not be acid with me please! I am only a newbie, trying learn more about shorewall) I get involved with a Firewall Project in a customer here in my city... In this customer, he has two Internet Providers. So, he ask me how make certain connection following one routing path (like RT_1) and others connections type, following the other routing path

Hi Tom, I nearly completed the test and installation related to http://www.shorewall.net/PPTP.htm. However, there is no serious problem when it is operated as it is in the general companies, but there is Client Program for MS-Window that is operated only by Public IP. So I am very concerned about it. I would like to use Internet through Gateway in (B) as local computers in (A) receive Public