Displaying 20 results from an estimated 30000 matches similar to: "$FW in tcrules"
2005 Feb 27
10
tcrules question
Hi,
I am confused about the tcrules syntax. When I try to shape a web server
running on fw with this line:
4 fw 0.0.0.0/0 tcp - 80
it works
but the "80" must be in CLIENT PORT, my logic says it should be in the
"PORT" column (doesn''t work there)
am I missing something or are the columns labeled wrong?
thx
Jan
2005 Jan 26
11
Question on tcrules implementation
Hi all,
I moved wshaper 1.1 cbq file to tcstart, but none of my tcrules are being
observed. The only way I can set the marks is by editing the tcstart file.
Is there a way to incorporate for tcstart to read and apply my set marks in
tcrules?
Thank you,
~Andrew Nady.
2004 Sep 30
5
tcrules for proto "all" still not working in 2.0.9
I have just installed shorewall 2.0.9, having spent a day and a
half tracking down why my tcrules wasn''t working properly in 2.0.8.
I didn''t see the announcement of 2.0.9 because it didn''t go to -announce.
Anyway I have 2.0.9 now (the package from Debian incoming) and the problem
is still there.
My tcrules file says:
1 0.0.0.0/0 0.0.0.0/0 tcp 22
1 0.0.0.0/0 0.0.0.0/0
2004 Jan 20
6
[PATCH] Marking packets according to user in tcrules
Hi,
First of all, thanks to all shorewall developers. Shorewall is really
great.
Here is a patch to add the following feature :
This patch allows you to mark packets according to the user name under
which the program generating output is running.
To do so, the patch will allow you to write rules in the tcrules file
looking like that :
#MARK SOURCE DEST PROTO PORT(S) CLIENT USER
#
2004 Oct 17
8
Shorewall and IPP2P
Hi!
I''m wondering whether anyone has successfully set up a bandwidth control
system using ipp2p and shorewall. I have been able to drop connecions
altogether, but I don''t seem to be able to get CONNMARK working with ipp2p.
Any pointers would be greatly appreciated :)
______________________________
Mario R. Pizzolanti
2003 Oct 15
4
tcrules ignored? wondershaper integration?
Hi,
first of all, let me thank you for your great Shoreline Firewall. I use
it with great success at home (protecting my WiFi connection).
And now if I could have a question about traffic shaping. I did read
everything I could find but I still have two problems: first, the MARK
from tcrules is not working in HTB based simple tc filter line ("handle
$MARK fw classid 1:20"). If I switch
2004 Nov 24
14
traffic shaping on ftp server don''t work
Having study a number of documents on linux traffic shaper, I started
to setup my shaping rules in my network.
My linux box is running RH AS3 U3, shorewall 2.0.9.
It is using PPPoE connected to the Internet
firewall:
eth0: connect to the adsl modem
eth1: private net
ppp0: virtual dial up interface for pppoe
There is a ftp server on the private net
It is listen for port 21 and configured
2005 May 17
1
Support for inbound traffic from multiple ISPs in CVS
The Shorewall2/ project in CVS contains my initial attempt to establish
correct routing for traffic forwarded from two different ISPs to
internal servers.
>From the release notes:
Shorewall 2.3.2 includes support for multiple Internet interfaces to
different ISPs. This feature is enabled by setting the "default"
option for each Internet interface in
2004 Sep 13
17
Problem with openvpn tunnel
Hello,
I have the following situation :
Server with 2 nics
1 nics connected to the internet, 1 connected to the LAN
I have OpenVPN running on the system and the following setting in the
tunnels file :
===================================
openvpn:2000 net 62.58.0.226
openvpn:2001 net 62.58.0.226
openvpn:2002 net 62.58.0.226
===================================
All tunnels ran for weeks
2004 Dec 14
4
fwmark
how can I check whether packets are being marked as per my tcrules file?
4 0.0.0.0/0 202.37.230.93 udp 500
4 fw 0.0.0.0/0 udp 500
also can someone confirm what ports are needed to be opened for ipsec?
1701,1723,47,500 ???
P.
2004 May 07
5
mark ack with shorewall 2.x
Hi!
how can I mark ack packets with shorewall 2.x?
(In 1.x I have done it with own rule in common file)
TiA
CU
2006 May 07
3
bandwidth limitation in passive mode
Hello.
I´m using an ftp server in passive mode using ports 30000-50000 and i have a
question: how i can limit bandwidth using shorewall for multiple ports? It´s
possible? Can someone send me an example?
Thanks
Wilson
-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated
2005 Feb 16
6
Re: Bandwith Control with a firewall/bridge
>Miguel Ángel Domínguez Durán wrote:
>> Hello again,
>> First, excuse me for my poor english.
>> I''m trying now to make bandwith control in a firewall machine running
>> Shorewall. This machine is also a bridge using bridge-utils
>> bridge-utils-devel. It is a mandrake 10. The configuration is something
>> like
>> this:
>>
>>
2004 Aug 07
11
Traffic shaping?
Ok, shaping on Linux is new to me.. so bear with me if i am just stupid.
curtain:/etc/shorewall# grep TC shorewall.conf | grep -v ^#
TCP_FLAGS_LOG_LEVEL=info
TC_ENABLED=Yes
CLEAR_TC=Yes
TCP_FLAGS_DISPOSITION=DROP
curtain:/etc/shorewall#
So it should be enabled, right?
---- tcrules ----
1 eth0 0.0.0.0/0 all
2 eth1 0.0.0.0/0 all
2 eth2 0.0.0.0/0
2004 Nov 28
5
include directive doesn''t expand parameters?
Hello all,
I tried to include a file from within the accounting config-file.
The filename was specified using a parameter in params as:
ACCFILE=/var/lib/shorewall/accounting.generated
and then included in accounting as:
INCLUDE $ACCFILE
However when (re)starting shorewall, it gave some error about being
unable to find ''/etc/shorewall/$ACCFILE'' (with the $ACCFILE parameter
2007 Jan 25
4
":T" flags in 3.4.0-RC1
I am trying to apply the new :T flag in tcrules. the man page for this
file [1] sayas that if SOURCE is $FW then rules are applied in OUTPUT.
this doesn''t seem to work on my setup. I have in tcrules :
------------------------------------------------------------------------
RESTORE:T 0.0.0.0/0 0.0.0.0/0 all - - - 0
CONTINUE:T 0.0.0.0/0 0.0.0.0/0
2004 Aug 10
11
who gives access? was: why ADD_DNAT_ALIASES missing?
hi,
there was some email problems and i repeat my question too fast, but
this is the second part of my questions.
- only the rules and policy files give access right? ie. rules in the
FORWARD chain of the filter table in iptables ?
- is a line in masq file automaticaly add an accept rule too? eg. in
msaq file
eth0 <internal ip>
allow connection from <internal ip> (local zona) to the
2004 Jan 31
5
Shorewall 2.0.0 Alpha 1
http://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0
ftp://shorewall.net/pub/shorewall/Alpha/shorewall-2.0.0
-Tom
--
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
2004 Nov 27
16
bridge and dynamically adding hosts to zones
Hi,
I''ve set up a bridge which connects two parts of the same subnet with
each other.
I''ve set up everything as described in the Documentation and it works
very nicely.
However: I have a problem with adding hosts to zones dynamically.
The zone I want to add hosts to is called ''work''.
Since only the bridge br0 is defined in /etc/shorewall/interfaces
2007 Apr 18
12
multiple providers and tcrules without highmarks
I was previously using multiple providers on my "real linux" gateway
which had a kernel that supported high marks and I was policy routing in
tcrules. I''ve now moved to openwrt where their kernel apparently does
not have high marks.
I want to continue to be able to have multiple providers and a) policy
route between them and b) be able to set marks for other things like