similar to: tcrules for proto "all" still not working in 2.0.9

Hello, It seems that the following restriction is not shown in the online man page for tcrules: ERROR: SOURCE/DEST PORT(S) not allowed with PROTO all : /tmp/shorewall/tcrules (line 2) Please let me know if this is expressed otherwise in the documentation. Thanks. ------------------------------------------------------------------------------ EditLive Enterprise is the world''s most

Hi, first of all, let me thank you for your great Shoreline Firewall. I use it with great success at home (protecting my WiFi connection). And now if I could have a question about traffic shaping. I did read everything I could find but I still have two problems: first, the MARK from tcrules is not working in HTB based simple tc filter line ("handle $MARK fw classid 1:20"). If I switch

Hi, First of all, thanks to all shorewall developers. Shorewall is really great. Here is a patch to add the following feature : This patch allows you to mark packets according to the user name under which the program generating output is running. To do so, the patch will allow you to write rules in the tcrules file looking like that : #MARK SOURCE DEST PROTO PORT(S) CLIENT USER #

Hi Folks, I''m a new user to Shorewall, it came installed on the redWall firewall that I am using and I''m really happy with both projects! Thanks for all your work on it! I have a question about tcrules and $FW. I''m doing source policy routing and need to be able to add an output rule to the mangle chain with a source that is specific network, not 0.0.0.0/0. It

Hello Guys I have problem with internet bank. I have 2 Internet links balancing mode, thus the bank is charging connection down. I tried to force Internet traffic (port 80 and 443) for only a link, however it did not work. How do I make a setting to force the connection to these ports for a specific link. Note: I can not use the file as route_rules have neither the source IP (ltsp) nor of

Hi, I am confused about the tcrules syntax. When I try to shape a web server running on fw with this line: 4 fw 0.0.0.0/0 tcp - 80 it works but the "80" must be in CLIENT PORT, my logic says it should be in the "PORT" column (doesn''t work there) am I missing something or are the columns labeled wrong? thx Jan

Hi all, I moved wshaper 1.1 cbq file to tcstart, but none of my tcrules are being observed. The only way I can set the marks is by editing the tcstart file. Is there a way to incorporate for tcstart to read and apply my set marks in tcrules? Thank you, ~Andrew Nady.

I''m starting this on the users list because it''s not impossible I''m getting something wrong :-) However, the search functions on www.shorewall.net do not seem to return any hits any more. I am sure that they have done in the past. Over the last couple of days I''ve tried searching both the site, the lists, and both, and have had no hits - even for single word

Hi to the list, I configured a multi-provider setup with /etc/shorewall/providers: Orange 1 1 main eth1 81.255.74.150 track,balance=1 eth0 Free 2 2 main eth2 88.180.116.254 track,balance=3 eth0 and /etc/shorewall/tcrules: 2:P 192.168.2.0/24 0.0.0.0/0 tcp 143 2:P 192.168.2.0/24

Hello Asterisk sits in a Vserver guest (192.168.3.9) on the firewall. I can''t seem to get the sip helper to mark the SIP packets though. I have an ftp client on a different Vserver guest on the firewall. If I put ftp in the HELPER column of tcrules I can mark those packets. With sip in the HELPER column though nothing happens. Attached is a "shorewall dump > dump.txt"

Hi! This is another thread of "setting gateway in interfaces file" and while i dont want to create any confusion here, i have decided to open a new thread.(which mean Diamond King no longer a subscriber to shorewall-users) Actually, i turned out not to be the MARK issues. Something is missing and i got this error instead :- Setting up Accounting... Creating Interface Chains...

I have two (interconnected) questions: First of all, I''m trying to use IPP2P to classify my P2P traffic and give it a lower network priority. I''ve already successfully built IPP2P into iptables and the kernel. I read http://www.shorewall.net/IPP2P.html, but it''s confusing me. Using the documentation for normal tcrules in 3.0

Hi all I have been working with Shorewall connected to two ISPs lately, and I would like to suggest a couple of improvements to the MultiISP.html documentation page. I followed the examples in that page (but the legacy setup and the USE_DEFAULT_RT one), but I had problems with locally (by the firewall) generated packets: I wanted them to go out using only one ISP, but if I use a tcrules rule to

According to the documentation there is a limit to marking of 255. Why is this? Can I work around it?

-- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net -------------- next part -------------- An embedded message was scrubbed... From: =?ISO-8859-1?Q?Fr=E9d=E9ric?= LESPEZ <frederic.lespez@free.fr> Subject: Re: [Shorewall-devel] Re: [PATCH] Marking packets according to user in tcrules Date:

In order to do some custom stuff after starting shorewall, I found that I wanted a "started" hook, as well as the "start" one. This small patch adds it to the firewall script. I didn''t include a started script in the patch but it can be copied from /etc/shorewall/start. I hope this is useful to you, Nick

Hi, I was reading document http://shorewall.net/MultiISP.html#idp3634200. Inspired by the document I was trying to establish the following changes: * one additional interface: COMA_IF * COM[A,B,C]_IF interfaces request IP address via DHCP * all non-RFC 1918 destined trafic is NATed from INT_IF to COMA_IF * all non-RFC 1918 destined trafic from GW is routed via COMB_IF by default * non-RFC 1918

Hello, When i restart the firewall when i put the HIGH_ROUTE_MARKS=Yes i can''t restart it, i receive the following message in the logs: 18:17:35 Compiling /etc/shorewall/providers ... ERROR: Invalid Mark Value (1) with HIGH_ROUTE_MARKS=Yes : /etc/shorewall/providers (line 13) My files have: tcrules: empty Providers:New 1 1 main eth0 192.168.1.1

Hello, I am trying to set up traffic shaping/control for my voip connection. I am running 4.4.22.3. Here is my current configuration: --- tcdevices --- #NUMBER: IN-BANDWITH OUT-BANDWIDTH OPTIONS REDIRECTED #INTERFACE INTERFACES eth1 2048kbps 1500kbps -- tcclasses --- #INTERFACE:CLASS MARK RATE: CEIL PRIORITY OPTIONS # DMAX:UMAX eth1 1 100kbps

>Miguel Ángel Domínguez Durán wrote: >> Hello again, >> First, excuse me for my poor english. >> I''m trying now to make bandwith control in a firewall machine running >> Shorewall. This machine is also a bridge using bridge-utils >> bridge-utils-devel. It is a mandrake 10. The configuration is something >> like >> this: >> >>