similar to: HTB. QoS and Shorewall

Hi all I have a trouble configuring the qdiscs, when I indicate the "perturb 10" option to tc, i gives me this error: tc qdisc add dev eth0 parent 5:1323 handle 1323 sfq perturb 10 RTNETLINK answers: Invalid argument if I don''t put the "perturb 10" option, it works. another question is about iptables, when I indicate the " --set-mark" option: iptables -t

Hello all, I am trying to match some conections using u32 but I tryed this: [root@ns1 ~]# tc filter add dev eth1 parent 1:0 protocol ip prio 1 u32 match ip src 0/0 match ip dst 0/0 match ip sport 80 0xffff flowid 1:10 RTNETLINK answers: Invalid argument We have an error talking to the kernel [root@ns1 ~]# I have this class at device eth1: [root@ns1 ~]# tc class show dev eth1 class

Dear Admins and Hackers, maybe i am to stupid to use ''tc''. But i having logical Problems to understand the Filter Rules in tc. Common Config: There is a Linux Engine (Debian) with a 2.6.11.11 Kernel which act as Packetshaper. Two Interfaces eth0 and eth1 are installed. Interface ''eth0'' is the Firewall Side Net 195.185.185.0/24. Interface

While I''m in temporary retirement, I''ve decided spend a little time experimenting with new things and making some updates to the web site. The biggest result of this effort to date has been: http://shorewall.sf.net/Shorewall_Squid_Usage.html This outlines how to use Squid as a transparent proxy running on the firewall, in the DMZ or in the local network. In the latter two

That log message looks like someone (or some program) is trying to browse to moreover.com from your web server machine--it''s not a reply to an external request. You''d see messages like that if you were running some sort of HTTP proxy server (like Squid) on that box (although they''d likely be to multiple IPs, unless your users only browsed to p.moreover.com). It could

Hi everyone, I have a question regarding the default gateway for hosts on DMZ zone. I moved servers from parallel to the DMZ (outside the firewall, directly connected to I-net) to inside DMZ. The default gw for these servers was the DSL router(bridge) of my ISP. What should be the default gw (for the hosts inside the DMZ), when hosts are inside the DMZ now - still the DSL router (external

Two quick questions to the group: Anyone seen this before: Jan 14 02:55:45 gw1 kernel: Shorewall:all2all:REJECT:IN=eth1 OUT=eth0 SRC=66.58.99.83 DST=170.224.8.51 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=38676 DF PROTO=TCP SPT=1735 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 I mean my web server is trying to replay to some external host 170.224.8.51 (p.moreover.com) for some reason. What could be? It

Hi, I am trying to configure the SMTP service on DMZ host. Added the rule: ACCEPT wan dmz:66.58.99.84 tcp pop3 - ACCEPT wan dmz:66.58.99.84 tcp 25 - ACCEPT dmz:66.58.99.84 wan tcp 25 - ACCEPT dmz:66.58.99.84 wan tcp pop3 - issued shorewall clear, shorewall restart, but still couldn''t telnet to the mail server

When installing Mandrake 9.0 with the higher security option you cannot ping any of it interfaces, localhost (127.0.0.1) included. All other connections to the system are fine, e.g. ssh, www, squid, etc. "shorewall clear" doesn''t help. Does anyone know how to turn this off for at least localhost and eth1?? Yours truly, Ben

I am quite new to Linux and have moved (almost) from a windoze NT4 environment. My present configuration is running SuSE V 8.0 with KDE3.0.5 desktop on two machines, connecting with Samba to an NT4 PC, and an occasional laptop or other PC that connects locally to the network. After a deal of searching, researching, and seeking advice I have decided to use Shorewall as my firewall.

Can someone help me with this problem: My host on the DMZ is inaccessible from the WAN on port 25. I tried to telnet but getting: $ telnet 66.58.99.84 25 Trying 66.58.99.84... telnet: Unable to connect to remote host: No route to host My shorewall/proxyarp is: #address interface external haveroute 66.58.99.82 eth1 eth0 No 66.58.99.84 eth1

Hi all, I''m trying to get some DiffServ QoS shaping to work on an XScale machine, running big endian. I''m setting it up with tc. Using the tcindex filter I found that regardless what shift value I enter, only ''0'' is returned when I list the filters afterwards. The very same rules work fine on my (little endian) PC. Looking at the code

>From http://shorewall.net/ProxyARP.htm (and the Setup Guide): > A word of warning is in order here. ISPs typically configure their > routers with a long ARP cache timeout. If you move a system from > parallel to your firewall to behind your firewall with Proxy ARP, it > will probably be HOURS before that system can communicate with the > internet. You can call your ISP and ask

hello, this is my new qdisc patch, when i recompile the kernel with this patch i dn''nt succeed please look at it and if there are any mistakes plesease send me a mail thanks in advance ___________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Mail : http://fr.mail.yahoo.com

hi all, i want to try htb3 with imq downloaded & patched imq & htb3 with kernel-2.4.18 on rh7.2 but got STUCK on step 1 :( this are what i did can anyone guide me what went wrong on the first step itself !! [root@cab1 root]# modprobe imq numdevs=1 modprobe: Can''t locate module imq [root@cab1 root]# [root@cab1 root]# tc qdisc add dev imq0 handle 1: root htb default 1 Cannot find

To rephrase the question, "Can I use masquerading and proxy ARP in the same zone simultaneously?" It''s not a stupid question--I couldn''t see any reason why it wouldn''t work, but I had actually try it out to convince myself that it did (which isn''t a bad thing to do before posting the question to the list, by the way). In any case, the answer is

my supervisor ask me to add CSZ scheduler to TC, and used to do traffic control. is there anyone who add CSZ scheduler to TC? is it possible? ----------------------------------------- This email was sent using SquirrelMail. "Webmail for nuts!" http://squirrelmail.org/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl

Witold Szczerba spent his time evaluating fairness of borrowing. His troubles inspired me enough to analyze the problem: When a class changes from yellow to green it disconnects itself from parent''s feedlist. Unfortunately it resets feed pointer to the first child. I created a patch where the class uses classid to remember its position in the feedlist. The patch for 2.4.24 and hopefully

Anyone, willing to take a lead on this one, since Tom is taking a rest: " I am hosting all servers by myself. I have five static IP addreses with a DSL line. My DSL router from the ISP provider is configured as bridge, so no traffic is filtered. I checked the logs and getting: Jan 5 23:05:12 gw1 kernel: Shorewall:all2all:REJECT:IN= OUT=eth0 SRC=66.58.99.86 DST=216.35.73.164 LEN=68

Hi, I''m new to HTB and CBQ, and i want to try it. But i failed the first step: load modules. I patch the kernel 2.4.17 succesfully, add QoS support, and all QoS scheds in modules instead off kernel. make clean dep bzImage modules modules_install copy the new kernel reboot fine But when i : server:~# insmod sch_htb Using /lib/modules/2.4.17/kernel/net/sched/sch_htb.o