similar to: $FW in tcrules

Hi, I am confused about the tcrules syntax. When I try to shape a web server running on fw with this line: 4 fw 0.0.0.0/0 tcp - 80 it works but the "80" must be in CLIENT PORT, my logic says it should be in the "PORT" column (doesn''t work there) am I missing something or are the columns labeled wrong? thx Jan

Hi all, I moved wshaper 1.1 cbq file to tcstart, but none of my tcrules are being observed. The only way I can set the marks is by editing the tcstart file. Is there a way to incorporate for tcstart to read and apply my set marks in tcrules? Thank you, ~Andrew Nady.

I have just installed shorewall 2.0.9, having spent a day and a half tracking down why my tcrules wasn''t working properly in 2.0.8. I didn''t see the announcement of 2.0.9 because it didn''t go to -announce. Anyway I have 2.0.9 now (the package from Debian incoming) and the problem is still there. My tcrules file says: 1 0.0.0.0/0 0.0.0.0/0 tcp 22 1 0.0.0.0/0 0.0.0.0/0

Hi, First of all, thanks to all shorewall developers. Shorewall is really great. Here is a patch to add the following feature : This patch allows you to mark packets according to the user name under which the program generating output is running. To do so, the patch will allow you to write rules in the tcrules file looking like that : #MARK SOURCE DEST PROTO PORT(S) CLIENT USER #

Hi! I''m wondering whether anyone has successfully set up a bandwidth control system using ipp2p and shorewall. I have been able to drop connecions altogether, but I don''t seem to be able to get CONNMARK working with ipp2p. Any pointers would be greatly appreciated :) ______________________________ Mario R. Pizzolanti

Hi, first of all, let me thank you for your great Shoreline Firewall. I use it with great success at home (protecting my WiFi connection). And now if I could have a question about traffic shaping. I did read everything I could find but I still have two problems: first, the MARK from tcrules is not working in HTB based simple tc filter line ("handle $MARK fw classid 1:20"). If I switch

Having study a number of documents on linux traffic shaper, I started to setup my shaping rules in my network. My linux box is running RH AS3 U3, shorewall 2.0.9. It is using PPPoE connected to the Internet firewall: eth0: connect to the adsl modem eth1: private net ppp0: virtual dial up interface for pppoe There is a ftp server on the private net It is listen for port 21 and configured

The Shorewall2/ project in CVS contains my initial attempt to establish correct routing for traffic forwarded from two different ISPs to internal servers. >From the release notes: Shorewall 2.3.2 includes support for multiple Internet interfaces to different ISPs. This feature is enabled by setting the "default" option for each Internet interface in

Hello, I have the following situation : Server with 2 nics 1 nics connected to the internet, 1 connected to the LAN I have OpenVPN running on the system and the following setting in the tunnels file : =================================== openvpn:2000 net 62.58.0.226 openvpn:2001 net 62.58.0.226 openvpn:2002 net 62.58.0.226 =================================== All tunnels ran for weeks

how can I check whether packets are being marked as per my tcrules file? 4 0.0.0.0/0 202.37.230.93 udp 500 4 fw 0.0.0.0/0 udp 500 also can someone confirm what ports are needed to be opened for ipsec? 1701,1723,47,500 ??? P.

Hi! how can I mark ack packets with shorewall 2.x? (In 1.x I have done it with own rule in common file) TiA CU

Hello. I´m using an ftp server in passive mode using ports 30000-50000 and i have a question: how i can limit bandwidth using shorewall for multiple ports? It´s possible? Can someone send me an example? Thanks Wilson ------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated

>Miguel Ángel Domínguez Durán wrote: >> Hello again, >> First, excuse me for my poor english. >> I''m trying now to make bandwith control in a firewall machine running >> Shorewall. This machine is also a bridge using bridge-utils >> bridge-utils-devel. It is a mandrake 10. The configuration is something >> like >> this: >> >>

Ok, shaping on Linux is new to me.. so bear with me if i am just stupid. curtain:/etc/shorewall# grep TC shorewall.conf | grep -v ^# TCP_FLAGS_LOG_LEVEL=info TC_ENABLED=Yes CLEAR_TC=Yes TCP_FLAGS_DISPOSITION=DROP curtain:/etc/shorewall# So it should be enabled, right? ---- tcrules ---- 1 eth0 0.0.0.0/0 all 2 eth1 0.0.0.0/0 all 2 eth2 0.0.0.0/0

Hello all, I tried to include a file from within the accounting config-file. The filename was specified using a parameter in params as: ACCFILE=/var/lib/shorewall/accounting.generated and then included in accounting as: INCLUDE $ACCFILE However when (re)starting shorewall, it gave some error about being unable to find ''/etc/shorewall/$ACCFILE'' (with the $ACCFILE parameter

I am trying to apply the new :T flag in tcrules. the man page for this file [1] sayas that if SOURCE is $FW then rules are applied in OUTPUT. this doesn''t seem to work on my setup. I have in tcrules : ------------------------------------------------------------------------ RESTORE:T 0.0.0.0/0 0.0.0.0/0 all - - - 0 CONTINUE:T 0.0.0.0/0 0.0.0.0/0

hi, there was some email problems and i repeat my question too fast, but this is the second part of my questions. - only the rules and policy files give access right? ie. rules in the FORWARD chain of the filter table in iptables ? - is a line in masq file automaticaly add an accept rule too? eg. in msaq file eth0 <internal ip> allow connection from <internal ip> (local zona) to the

http://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0 ftp://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net

Hi, I''ve set up a bridge which connects two parts of the same subnet with each other. I''ve set up everything as described in the Documentation and it works very nicely. However: I have a problem with adding hosts to zones dynamically. The zone I want to add hosts to is called ''work''. Since only the bridge br0 is defined in /etc/shorewall/interfaces

I was previously using multiple providers on my "real linux" gateway which had a kernel that supported high marks and I was policy routing in tcrules. I''ve now moved to openwrt where their kernel apparently does not have high marks. I want to continue to be able to have multiple providers and a) policy route between them and b) be able to set marks for other things like