similar to: Traffic shaping?

Hi, I''m fighting seriously with a most simple HTB setup. I''d like to share the incoming 64kbps into 5 and 59 for two different machines under NAT. HTB seems to hold the required limits when ceil is not set (no borrowing), but when borrowing enabled it seems to share equally rather then keeping the specified ratio. My setup is below. A typical output of "tc -s -d qdisc

http://www.shorewall.net/traffic_shaping.htm Page says run_tc qdisc add dev eth0 parent 1:10 pfifo limit 5run_tc qdisc add dev eth0 parent 1:20 pfifo limit 10 Im willing to _bet_ there is a line feed missing in there ;)

Season Greetings to all Tom, in your faq, u have this noted: While I am currently using the HTB version of The Wonder Shaper (I just copied wshaper.htb to /etc/shorewall/tcstart and modified it as shown in the Wondershaper README), I treid this with wondershaper, using Bearing Leaf 1.0 stable i even changed the tc command to run_tc, and tried it in both angles, and i receive the following..

Hello Shorewall list, I''m a happy Shorewall user since a few years now and everything works fine for me except one thing that I try to implement since a week, the multi-isp. I''ve downloaded the 2.4.0 Stable release yesterday and tried the RC2 since a week. My config is a Debian running a kernel 2.4.27 home made with the CONNMARK.diff patch applied I''m using 2 ISP,

I did not subscribe to the list. I''ve been using shorewall for some time and I appreciate it very much. I think it would be useful to have an option to generate a script of the commands Shorewall is about to issue, instead of issuing the commands directly. This script could then be used for revision, modification, and could also be used on another system. I thought about modifying

Hi folks, I''m having an issue with rsync between my firewall and an internal box. It seems to be a shorewall issue (or correctly speaking, an issue with my shorewall config) because if I disable shorewall my rsync works fine. And I just can''t find it documented anywhere what I need to do. I have rules like this : root@userver:/etc/shorewall# grep -i Rsync rules

Hello guys, I past the last days trying to configure my shorewall 4.06 firewall to allow openvpn bridging connection. My scenario is the following: roadwarrior (openvpn client) -------------> Internet ------------> (X.Y.W.Z - eth0) Firewall/Gateway (10.x.x.254 - eth1) --------> Local Lan -------> OpenVPN Server (10.x.x.249 - br0) where 10.x.x.0-254 is my private lan X.Y.Z.W is

[192.168.0.0/24 Lan] v [Shorewall box ''Curtain'', 192.168.0.254, DHCP to ISP, and a OpenVPN tunnel 10.4.0.2] v [Internet] v [Shorewall box ''statler'' 130.241.25.165, and an OpenVPN tunnel 10.4.0.1] Now, i have set a rule on statler ACCEPT vpn $FW tcp smtp and i have as below. root@statler:/etc/shorewall# cat zones | grep -v ^# net Net Internet

Hello, My hoster updated its kernel packages... It contained some old problems that should have been fixed. My servers have now a wonderful 2.6.21.5 kernel + grsec running. Both are running Debian 4.0 (stable release). mx:/etc/shorewall# iptables --version iptables v1.3.6 mx:/etc/shorewall# uname -a Linux mx.network-hosting.com 2.6.21.5-grsec-xxxx-grs-ipv4-32 #1 SMP Fri Jul 27 17:18:23 CEST

I stumbled upon a problem while upgrading Ubuntu 13.04, Shorewall version from 4.4.26.1 to 4.5.16.1. Everything was working fine before, after upgrading the script wouldn''t start. First some config files. tcdevices: #INTERFACE IN-BANDWIDTH OUT-BANDWIDTH OPTIONS REDIRECTED eth1 - 6300kbit hfsc,classify ifb0 - 6300kbit hfsc

My experimentation with a Perl-based compiler for Shorewall is beginning to bear fruit. Here is a timing from the main firewall at shorewall.net using the Perl-based compiler. That compiler generates a script that uses iptables-restore to configure Netfilter. root@lists:~/shorewall# shorewall restart . Compiling... Shorewall configuration compiled to /var/lib/shorewall/.restart Restarting

Beta 1 is now available for testing. One of the problems I''ve had with the Shorewall products is trying to keep them all in sync. There have been two copies of each shell library and four CLI programs. To simplify maintenance, I have collapsed each of the library pairs into a single library and have reduced the number of CLI programs from four to two (one for the

Beta 1 is now available for testing. One of the problems I''ve had with the Shorewall products is trying to keep them all in sync. There have been two copies of each shell library and four CLI programs. To simplify maintenance, I have collapsed each of the library pairs into a single library and have reduced the number of CLI programs from four to two (one for the

Hi, I'm experiencing problems when doing phrase searches with adjacent repeated terms. Example: if I search for 'curtain curtain' and there are documents that matches the query, they aren't returned. But, if I search for 'curtain nice curtain' and there are documents that matches this query, it works ok. attached there is a python program that shows the problem. I tried

Hi, first of all, let me thank you for your great Shoreline Firewall. I use it with great success at home (protecting my WiFi connection). And now if I could have a question about traffic shaping. I did read everything I could find but I still have two problems: first, the MARK from tcrules is not working in HTB based simple tc filter line ("handle $MARK fw classid 1:20"). If I switch

Hi all, I moved wshaper 1.1 cbq file to tcstart, but none of my tcrules are being observed. The only way I can set the marks is by editing the tcstart file. Is there a way to incorporate for tcstart to read and apply my set marks in tcrules? Thank you, ~Andrew Nady.

Greetings, I have created a GUI to generate a output text file using wxruby. my program codes are about ~1400 lines. ruby : 1.8.6 wxruby : 1.9.7 rails : 2.1.0 FYI, I am using the TextCtrl & combobox in the main GUI to get the output file name and main settings. after clicking the button, it will pop up another frame which let user to select and modified settings with TextCtrl & combobox.

Hi there. Currently, our network design has two ISP lines and 3 subnets for LAN. Below are some details :- eth0 - isp1 eth1 - isp2 eth2 - subnet1 eth3 - subnet2 eth4 - subnet3 What i wanted to do is to assign incoming port 80 to our local squid server running on the firewall itself and assigned it to eth0(ISP1). I think it shouldnt be a problem as /etc/shorewall/rules provides a sample of the

Dear all: Im using shorewall 2.0.3a (debian) w/ ULOG. shorewall starts ok, and the firewall is running, but nothing is printed on the logs. I try, for example, to do a connection to a port that is opened on the server but closed by the FW and I get a connection refused. If I stop the firewall, this port is accesible from the outside. I think I''ve followed all the steps on

Hi all I have been working with Shorewall connected to two ISPs lately, and I would like to suggest a couple of improvements to the MultiISP.html documentation page. I followed the examples in that page (but the legacy setup and the USE_DEFAULT_RT one), but I had problems with locally (by the firewall) generated packets: I wanted them to go out using only one ISP, but if I use a tcrules rule to