seem to have problems with my squeezebox rebuffering &
stuttering when playing music. I have homed the
problem to my firewall (shorewall) especially its
packet shaper.
When the packet shaper is disabled, but the firewall
running everything is fine. When i enable the internal
packet shaper my music starts stuttering and the
player keeps rebuffering.
I have created a TC class for the player giving it
full bandwidth and minimizing delay but it does not
seem to work.Let me know what i'm missing.
Here are my relevant rules and attached a dump of
shorewall config:
#Squeezebox
ACCEPT net:10.0.0.0/24 $FW tcp 9000
ACCEPT net:10.0.0.0/24 $FW tcp 3483
ACCEPT net:10.0.0.0/24 $FW udp 3483
I'm using Gentoo 2.6.21 and slimserver v6.5.3,
Shorewall 3.4.3.
Eric
____________________________________________________________________________________
Pinpoint customers who are looking for what you sell.
http://searchmarketing.yahoo.com/Shorewall 3.4.3 Dump at ndovu - Sat Aug 18 00:08:57 BST 2007
Counters reset Fri Aug 17 20:13:02 BST 2007
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
108K 51M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
28365 2144K eth0_in all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
108K 51M ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
30476 25M eth0_out all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain Drop (2 references)
pkts bytes target prot opt in out source destination
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113
48 8587 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11
0 0 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900
0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53
Chain Reject (4 references)
pkts bytes target prot opt in out source destination
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113
0 0 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11
0 0 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900
0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53
Chain all2all (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain dropBcast (2 references)
pkts bytes target prot opt in out source destination
48 8587 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = broadcast
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = multicast
Chain dropInvalid (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID
Chain dropNotSyn (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
Chain dynamic (2 references)
pkts bytes target prot opt in out source destination
Chain eth0_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
Chain eth0_in (1 references)
pkts bytes target prot opt in out source destination
2645 902K dynamic all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
2645 902K smurfs all -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
25713 1241K tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
28365 2144K net2fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain eth0_out (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
30476 25M fw2net all -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2net (1 references)
pkts bytes target prot opt in out source destination
30416 25M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
60 9327 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:logdrop:DROP:'
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logflags (5 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:logflags:DROP:'
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:logreject:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2all (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:'
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2fw (1 references)
pkts bytes target prot opt in out source destination
25720 1242K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 reject icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 6969,7070
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpts:6881:6889
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 6969,7070
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:6881:6889
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:37655
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:37655
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.0.0.1
multiport dports 6969,7070
0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.0.0.1
tcp dpts:6881:6889
0 0 ACCEPT udp -- * * 0.0.0.0/0 10.0.0.1
multiport dports 6969,7070
0 0 ACCEPT udp -- * * 0.0.0.0/0 10.0.0.1
udp dpts:6881:6889
2596 894K ACCEPT udp -- * * 10.0.0.0/24 0.0.0.0/0
udp spt:1900
1 44 ACCEPT tcp -- * * 10.0.0.0/24 0.0.0.0/0
tcp dpt:9000
0 0 ACCEPT tcp -- * * 10.0.0.0/24 0.0.0.0/0
tcp dpt:3483
0 0 ACCEPT udp -- * * 10.0.0.0/24 0.0.0.0/0
udp dpt:3483
48 8587 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:net2fw:DROP:'
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain reject (12 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = broadcast
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = multicast
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
Chain smurfs (2 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 10.0.0.255 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP all -- * * 10.0.0.255 0.0.0.0/0
0 0 LOG all -- * * 255.255.255.255 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 LOG all -- * * 224.0.0.0/4 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
Chain tcpflags (2 references)
pkts bytes target prot opt in out source destination
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x3F/0x29
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x3F/0x00
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x06/0x06
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x03/0x03
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:0 flags:0x17/0x02
Log (/var/log/messages)
Jul 19 20:55:58 net2fw:DROP:IN=eth0 OUT= SRC=87.244.131.201 DST=10.0.0.1 LEN=91
TOS=0x00 PREC=0x00 TTL=23 ID=26596 PROTO=UDP SPT=52982 DPT=37655 LEN=71
Jul 19 20:57:12 net2fw:DROP:IN=eth0 OUT= SRC=121.50.200.68 DST=10.0.0.1 LEN=91
TOS=0x00 PREC=0x20 TTL=110 ID=35479 PROTO=UDP SPT=43898 DPT=37655 LEN=71
Jul 19 20:58:01 net2fw:DROP:IN=eth0 OUT= SRC=203.214.72.225 DST=10.0.0.1 LEN=70
TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=63246 DPT=37655 LEN=50
Jul 19 20:58:11 net2fw:DROP:IN=eth0 OUT= SRC=121.50.200.68 DST=10.0.0.1 LEN=91
TOS=0x00 PREC=0x20 TTL=110 ID=36879 PROTO=UDP SPT=43898 DPT=37655 LEN=71
Jul 19 20:58:46 net2fw:DROP:IN=eth0 OUT= SRC=217.211.142.141 DST=10.0.0.1
LEN=91 TOS=0x00 PREC=0x00 TTL=108 ID=42779 PROTO=UDP SPT=39727 DPT=37655 LEN=71
Jul 19 20:59:12 net2fw:DROP:IN=eth0 OUT= SRC=88.134.150.242 DST=10.0.0.1 LEN=91
TOS=0x00 PREC=0x20 TTL=113 ID=28803 PROTO=UDP SPT=45359 DPT=37655 LEN=71
Jul 19 20:59:30 net2fw:DROP:IN=eth0 OUT= SRC=80.219.35.5 DST=10.0.0.1 LEN=91
TOS=0x00 PREC=0x20 TTL=112 ID=33414 PROTO=UDP SPT=24923 DPT=37655 LEN=71
Jul 19 20:59:37 net2fw:DROP:IN=eth0 OUT= SRC=217.211.142.141 DST=10.0.0.1
LEN=91 TOS=0x00 PREC=0x00 TTL=108 ID=47062 PROTO=UDP SPT=39727 DPT=37655 LEN=71
Jul 19 20:59:38 net2fw:DROP:IN=eth0 OUT= SRC=88.134.150.242 DST=10.0.0.1 LEN=91
TOS=0x00 PREC=0x20 TTL=113 ID=30156 PROTO=UDP SPT=45359 DPT=37655 LEN=71
Jul 19 20:59:39 net2fw:DROP:IN=eth0 OUT= SRC=88.134.150.242 DST=10.0.0.1 LEN=91
TOS=0x00 PREC=0x20 TTL=113 ID=30254 PROTO=UDP SPT=45359 DPT=37655 LEN=71
Jul 19 20:59:56 net2fw:DROP:IN=eth0 OUT= SRC=217.211.142.141 DST=10.0.0.1
LEN=91 TOS=0x00 PREC=0x00 TTL=108 ID=48546 PROTO=UDP SPT=39727 DPT=37655 LEN=71
Jul 19 21:00:25 net2fw:DROP:IN=eth0 OUT= SRC=88.134.150.242 DST=10.0.0.1 LEN=91
TOS=0x00 PREC=0x20 TTL=113 ID=32862 PROTO=UDP SPT=45359 DPT=37655 LEN=71
Jul 19 21:19:29 net2fw:DROP:IN=eth0 OUT= SRC=10.0.0.1 DST=239.255.67.250
LEN=170 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=1026 DPT=16680 LEN=150
Jul 19 21:49:29 net2fw:DROP:IN=eth0 OUT= SRC=10.0.0.1 DST=239.255.67.250
LEN=170 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=1026 DPT=16680 LEN=150
Jul 19 22:19:29 net2fw:DROP:IN=eth0 OUT= SRC=10.0.0.1 DST=239.255.67.250
LEN=170 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=1026 DPT=16680 LEN=150
Jul 19 22:49:29 net2fw:DROP:IN=eth0 OUT= SRC=10.0.0.1 DST=239.255.67.250
LEN=170 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=1026 DPT=16680 LEN=150
Jul 19 23:08:19 net2fw:DROP:IN=eth0 OUT= SRC=10.0.0.1 DST=239.255.67.250
LEN=170 TOS=0x00 PREC=0x00 TTL=4 ID=0 DF PROTO=UDP SPT=1026 DPT=16680 LEN=150
Aug 10 12:20:43 net2fw:DROP:IN=eth0 OUT= SRC=10.0.0.1 DST=255.255.255.255
LEN=180 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=1024 DPT=3865 LEN=160
Aug 11 17:34:11 net2fw:DROP:IN=eth0 OUT= SRC=10.0.0.20 DST=10.0.0.1 LEN=254
TOS=0x00 PREC=0x00 TTL=64 ID=85 PROTO=UDP SPT=59422 DPT=8008 LEN=234
Aug 11 17:35:13 net2fw:DROP:IN=eth0 OUT= SRC=10.0.0.20 DST=10.0.0.1 LEN=254
TOS=0x00 PREC=0x00 TTL=64 ID=213 PROTO=UDP SPT=58793 DPT=8008 LEN=234
NAT Table
Chain PREROUTING (policy ACCEPT 237 packets, 71788 bytes)
pkts bytes target prot opt in out source destination
237 71788 net_dnat all -- eth0 * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 950 packets, 57000 bytes)
pkts bytes target prot opt in out source destination
59 9177 eth0_masq all -- * eth0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 1009 packets, 66177 bytes)
pkts bytes target prot opt in out source destination
Chain eth0_masq (1 references)
pkts bytes target prot opt in out source destination
59 9177 MASQUERADE all -- * * 10.0.0.0/24 0.0.0.0/0
Chain net_dnat (1 references)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 6969,7070 to:10.0.0.1
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpts:6881:6889 to:10.0.0.1
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 6969,7070 to:10.0.0.1
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:6881:6889 to:10.0.0.1
Mangle Table
Chain PREROUTING (policy ACCEPT 136K packets, 53M bytes)
pkts bytes target prot opt in out source destination
136K 53M tcpre all -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 136K packets, 53M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 tcfor all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 481K packets, 546M bytes)
pkts bytes target prot opt in out source destination
138K 76M tcout all -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 138K packets, 76M bytes)
pkts bytes target prot opt in out source destination
138K 76M tcpost all -- * * 0.0.0.0/0 0.0.0.0/0
Chain tcfor (1 references)
pkts bytes target prot opt in out source destination
Chain tcout (1 references)
pkts bytes target prot opt in out source destination
Chain tcpost (1 references)
pkts bytes target prot opt in out source destination
0 0 MARK icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8 MARK set 0x2
0 0 MARK icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 0 MARK set 0x2
88 9872 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 80 MARK set 0x2
8 512 MARK udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 53 MARK set 0x2
6744 1333K MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 9000 MARK set 0x1
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0
ipp2p v0.8.2 --ipp2p MARK set 0x3
0 0 CLASSIFY all -- * eth0 0.0.0.0/0 0.0.0.0/0
MARK match 0x1/0xff CLASSIFY set 1:11
96 10384 CLASSIFY all -- * eth0 0.0.0.0/0 0.0.0.0/0
MARK match 0x2/0xff CLASSIFY set 1:12
0 0 CLASSIFY all -- * eth0 0.0.0.0/0 0.0.0.0/0
MARK match 0x3/0xff CLASSIFY set 1:13
Chain tcpre (1 references)
pkts bytes target prot opt in out source destination
Conntrack Table
tcp 6 46 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=58641 dport=9000
packets=13 bytes=2567 src=127.0.0.1 dst=127.0.0.1 sport=9000 dport=58641
packets=9 bytes=22501 [ASSURED] mark=0 use=1
tcp 6 87 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=58645 dport=9000
packets=13 bytes=2567 src=127.0.0.1 dst=127.0.0.1 sport=9000 dport=58645
packets=10 bytes=22553 [ASSURED] mark=0 use=1
tcp 6 59 ESTABLISHED src=10.0.0.34 dst=10.0.0.1 sport=55412 dport=9000
packets=8172 bytes=333658 src=10.0.0.1 dst=10.0.0.34 sport=9000 dport=55412
packets=9402 bytes=4271459 [ASSURED] mark=0 use=1
tcp 6 15 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=58638 dport=9000
packets=12 bytes=2514 src=127.0.0.1 dst=127.0.0.1 sport=9000 dport=58638
packets=10 bytes=22553 [ASSURED] mark=0 use=1
tcp 6 76 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=58644 dport=9000
packets=12 bytes=2515 src=127.0.0.1 dst=127.0.0.1 sport=9000 dport=58644
packets=10 bytes=22553 [ASSURED] mark=0 use=1
tcp 6 5 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=58637 dport=9000
packets=12 bytes=2514 src=127.0.0.1 dst=127.0.0.1 sport=9000 dport=58637
packets=10 bytes=22553 [ASSURED] mark=0 use=1
tcp 6 97 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=58646 dport=9000
packets=13 bytes=2567 src=127.0.0.1 dst=127.0.0.1 sport=9000 dport=58646
packets=10 bytes=22553 [ASSURED] mark=0 use=1
tcp 6 57 CLOSE_WAIT src=10.0.0.1 dst=212.58.226.33 sport=56714 dport=80
packets=14 bytes=1509 src=212.58.226.33 dst=10.0.0.1 sport=80 dport=56714
packets=13 bytes=14593 [ASSURED] mark=0 use=1
tcp 6 36 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=58640 dport=9000
packets=13 bytes=2566 src=127.0.0.1 dst=127.0.0.1 sport=9000 dport=58640
packets=10 bytes=22553 [ASSURED] mark=0 use=1
udp 17 26 src=10.0.0.254 dst=239.255.255.250 sport=1900 dport=1900
packets=11 bytes=3787 [UNREPLIED] src=239.255.255.250 dst=10.0.0.254 sport=1900
dport=1900 packets=0 bytes=0 mark=0 use=1
tcp 6 56 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=58642 dport=9000
packets=12 bytes=2514 src=127.0.0.1 dst=127.0.0.1 sport=9000 dport=58642
packets=10 bytes=22553 [ASSURED] mark=0 use=1
tcp 6 431989 ESTABLISHED src=10.0.0.1 dst=63.245.209.21 sport=55387
dport=80 packets=4 bytes=769 src=63.245.209.21 dst=10.0.0.1 sport=80
dport=55387 packets=2 bytes=725 [ASSURED] mark=0 use=1
tcp 6 66 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=58643 dport=9000
packets=12 bytes=2514 src=127.0.0.1 dst=127.0.0.1 sport=9000 dport=58643
packets=10 bytes=22553 [ASSURED] mark=0 use=1
tcp 6 107 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=58647 dport=9000
packets=12 bytes=2515 src=127.0.0.1 dst=127.0.0.1 sport=9000 dport=58647
packets=10 bytes=22553 [ASSURED] mark=0 use=1
tcp 6 117 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=58650 dport=9000
packets=13 bytes=2566 src=127.0.0.1 dst=127.0.0.1 sport=9000 dport=58650
packets=10 bytes=22553 [ASSURED] mark=0 use=1
udp 17 169 src=10.0.0.1 dst=10.0.0.254 sport=32770 dport=53 packets=2
bytes=128 src=10.0.0.254 dst=10.0.0.1 sport=53 dport=32770 packets=2 bytes=249
[ASSURED] mark=0 use=1
tcp 6 25 TIME_WAIT src=127.0.0.1 dst=127.0.0.1 sport=58639 dport=9000
packets=12 bytes=2515 src=127.0.0.1 dst=127.0.0.1 sport=9000 dport=58639
packets=10 bytes=22553 [ASSURED] mark=0 use=1
IP Configuration
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,NOTRAILERS,UP,10000> mtu 1500 qdisc htb qlen 1000
link/ether 00:11:d8:40:fe:b0 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.1/24 brd 10.0.0.255 scope global eth0
IP Stats
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
63522125 134954 0 0 0 0
TX: bytes packets errors dropped carrier collsns
63522125 134954 0 0 0 0
2: eth0: <BROADCAST,MULTICAST,NOTRAILERS,UP,10000> mtu 1500 qdisc htb qlen 1000
link/ether 00:11:d8:40:fe:b0 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
24640878 246720 0 0 0 3625
TX: bytes packets errors dropped carrier collsns
489020723 346931 0 0 0 0
/proc
/proc/version = Linux version 2.6.21-gentoo-r4y ([EMAIL PROTECTED]) (gcc
version 4.1.1 (Gentoo 4.1.1)) #4 Tue Jul 31 22:25:24 BST 2007
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 1
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 1
/proc/sys/net/ipv4/conf/default/log_martians = 0
/proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth0/arp_filter = 0
/proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth0/rp_filter = 0
/proc/sys/net/ipv4/conf/eth0/log_martians = 1
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 0
/proc/sys/net/ipv4/conf/lo/log_martians = 0
Routing Rules
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Table default:
Table local:
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
local 10.0.0.1 dev eth0 proto kernel scope host src 10.0.0.1
broadcast 10.0.0.0 dev eth0 proto kernel scope link src 10.0.0.1
broadcast 10.0.0.255 dev eth0 proto kernel scope link src 10.0.0.1
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table main:
10.0.0.0/24 dev eth0 scope link
127.0.0.0/8 dev lo scope link
default via 10.0.0.254 dev eth0
ARP
? (10.0.0.254) at 00:40:10:20:00:01 [ether] on eth0
Modules
ipt_ipp2p 7680 1
iptable_mangle 2432 1
ipt_ULOG 6404 0
ipt_TTL 2048 0
ipt_ttl 1792 0
ipt_TOS 2048 0
ipt_tos 1664 0
ipt_SAME 2048 0
ipt_REJECT 3584 4
ipt_REDIRECT 1920 0
ipt_recent 7576 0
ipt_owner 1920 0
ipt_NETMAP 1920 0
ipt_MASQUERADE 2688 1
ipt_LOG 6016 12
ipt_iprange 1792 0
ipt_ECN 2560 0
ipt_ecn 2048 0
ipt_ah 1792 0
ipt_addrtype 1792 0
iptable_nat 6020 1
iptable_filter 2432 1
ip_tables 9544 3 iptable_mangle,iptable_nat,iptable_filter
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Available
Connection Tracking Match: Available
Packet Type Match: Available
Policy Match: Available
Physdev Match: Not available
Packet length Match: Available
IP range Match: Available
Recent Match: Available
Owner Match: Available
Ipset Match: Not available
CONNMARK Target: Available
Extended CONNMARK Target: Available
Connmark Match: Available
Extended Connmark Match: Available
Raw Table: Not available
IPP2P Match: Available
CLASSIFY Target: Available
Extended REJECT: Available
Repeat match: Not available
MARK Target: Available
Extended MARK Target: Available
Mangle FORWARD Chain: Available
Comments: Available
Address Type Match: Available
Traffic Control
Device eth0:
qdisc htb 1: r2q 10 default 12 direct_packets_stat 0 ver 3.17
Sent 25630117 bytes 30960 pkt (dropped 0, overlimits 8063 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
qdisc ingress ffff: ----------------
Sent 2285098 bytes 28602 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 11: parent 1:11 limit 128p quantum 1514b flows 128/1024 perturb 10sec
Sent 518184 bytes 9596 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 12: parent 1:12 limit 128p quantum 1514b flows 128/1024 perturb 10sec
Sent 25111933 bytes 21364 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 13: parent 1:13 limit 128p quantum 1514b flows 128/1024 perturb 10sec
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
class htb 1:11 parent 1:1 leaf 11: prio 1 quantum 3000 rate 250000bit ceil
250000bit burst 1624b/8 mpu 0b overhead 0b cburst 1624b/8 mpu 0b overhead 0b
level 0
Sent 518184 bytes 9596 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 9596 borrowed: 0 giants: 0
tokens: 51676 ctokens: 51676
class htb 1:1 root rate 250000bit ceil 250000bit burst 1624b/8 mpu 0b overhead
0b cburst 1624b/8 mpu 0b overhead 0b level 7
Sent 25630117 bytes 30960 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 4135 borrowed: 0 giants: 0
tokens: 51151 ctokens: 51151
class htb 1:13 parent 1:1 leaf 13: prio 3 quantum 1500 rate 6000bit ceil
12000bit burst 1502b/8 mpu 0b overhead 0b cburst 1505b/8 mpu 0b overhead 0b
level 0
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 0 borrowed: 0 giants: 0
tokens: 2052096 ctokens: 1028096
class htb 1:12 parent 1:1 leaf 12: prio 2 quantum 1500 rate 25000bit ceil
250000bit burst 1511b/8 mpu 0b overhead 0b cburst 1624b/8 mpu 0b overhead 0b
level 0
Sent 25111933 bytes 21364 pkt (dropped 0, overlimits 0 requeues 0)
rate 672bit 0pps backlog 0b 0p requeues 0
lended: 17229 borrowed: 4135 giants: 0
tokens: 474481 ctokens: 51151
TC Filters
Device eth0:
filter parent 1: protocol ip pref 10 u32
filter parent 1: protocol ip pref 10 u32 fh 800: ht divisor 1
filter parent 1: protocol ip pref 10 u32 fh 800::800 order 2048 key ht 800 bkt
0 flowid 1:11 (rule hit 30376 success 9596)
match 00060000/00ff0000 at 8 (success 30328 )
match 05000000/0f00ffc0 at 0 (success 12311 )
match 00100000/00ff0000 at 32 (success 9596 )
filter parent 1: protocol ip pref 10 u32 fh 800::801 order 2049 key ht 800 bkt
0 flowid 1:11 (rule hit 20780 success 0)
match 00100000/00100000 at 0 (success 0 )
filter parent 1: protocol ip pref 10 u32 fh 800::802 order 2050 key ht 800 bkt
0 flowid 1:11 (rule hit 20780 success 0)
match 00080000/00080000 at 0 (success 0 )
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
