Tom Eastep wrote:
Oscar Mas wrote:
Hi to all:
I've configured shorewall in a test environmet to work with traffic
shapping. I've read those two articles:
http://www.shorewall.net/traffic_shaping.htm
http://www.shorewall.net/kernel.htm#Kernel-2.6.16
and configured my shorewall to limit the bandwitch.
My firewall configuration is the following:
Internet -- (external ip 192.168.0.200) FW (lan ip 192.168.10.129)
--- (192.168.10.129) Client
Nowhere in this report do you tell us which interface eth1 is
(external or internel). You didn't think that was important?
Similarly, there is no output from 'shorewall show tc'.
The Support Guidelines
(http://www.shorewall.net/support.htm#Guidelines) clearly indicate
that Traffic Shaping problem reports should be accompanied by the
output of "shorewall dump". That output will give us a complete
picture of your setup and will allow us to answer your questions.
Excuse me, my eth0 is 192.168.0.200 (WAN), and eth1 is 192.168.10.129 (LAN).
This is my shorewall show tc:
Shorewall-3.2.6 Traffic Control at QoS - Mon Apr 21 18:44:40 CEST 2008
Device eth0:
qdisc pfifo_fast 0: root bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 593215 bytes 5694 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
Device eth1:
qdisc htb 1: root r2q 10 default 11 direct_packets_stat 0 ver 3.17
Sent 424564 bytes 771 pkt (dropped 0, overlimits 506 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
qdisc ingress ffff: parent ffff:fff1 ----------------
Sent 1357902 bytes 11720 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 11: parent 1:11 limit 127p quantum 1514b flows 127/1024
perturb 10sec
Sent 424564 bytes 771 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 12: parent 1:12 limit 127p quantum 1514b flows 127/1024
perturb 10sec
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
class htb 1:11 parent 1:1 leaf 11: prio 1 quantum 1500 rate 80000bit
ceil 240000bit burst 1499b/8 mpu 0b overhead 0b cburst 1499b/8 mpu 0b
overhead 0b level 0
Sent 424564 bytes 771 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 557 borrowed: 214 giants: 0
tokens: 142579 ctokens: 47527
class htb 1:1 root rate 640000bit ceil 640000bit burst 1499b/8 mpu 0b
overhead 0b cburst 1499b/8 mpu 0b overhead 0b level 7
Sent 424564 bytes 771 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 214 borrowed: 0 giants: 0
tokens: 17823 ctokens: 17823
class htb 1:12 parent 1:1 leaf 12: prio 2 quantum 4800 rate 400000bit
ceil 640000bit burst 1499b/8 mpu 0b overhead 0b cburst 1499b/8 mpu 0b
overhead 0b level 0
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 0 borrowed: 0 giants: 0
tokens: 29296 ctokens: 18310
I attached my shorewall dump
Thanks for the reply
--
ilimit...
*Oscar Mas*
[EMAIL PROTECTED]
ÀREA SISTEMES
0034 937 333 375
VOLTA 1, PIS 5
08224 TERRASSA.BCN
Aquest enviament és confidencial i està destinat únicament a la persona a qui
s'ha enviat.
Pot contenir informació privada sotmesa al secret professional, la distribució
de la qual està prohibida per la legislació vigent.
QoS:~# shorewall dump
Shorewall-3.2.6 Dump at QoS - Mon Apr 21 18:46:51 CEST 2008
Counters reset Mon Apr 21 00:55:00 CEST 2008
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- lo * 0.0.0.0/0 0.0.0.0/0
12256 1302K eth0_in 0 -- eth0 * 0.0.0.0/0 0.0.0.0/0
161 37301 eth1_in 0 -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:INPUT:ACCEPT:'
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
560 408K eth0_fwd 0 -- eth0 * 0.0.0.0/0 0.0.0.0/0
454 31378 eth1_fwd 0 -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:FORWARD:ACCEPT:'
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 -- * lo 0.0.0.0/0 0.0.0.0/0
1094 154K all2all 0 -- * eth0 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
0 0 all2all 0 -- * eth1 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:OUTPUT:ACCEPT:'
0 0 ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain Drop (0 references)
pkts bytes target prot opt in out source destination
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113
0 0 dropBcast 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11
0 0 dropInvalid 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900
0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53
Chain Reject (0 references)
pkts bytes target prot opt in out source destination
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113
0 0 dropBcast 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11
0 0 dropInvalid 0 -- * * 0.0.0.0/0 0.0.0.0/0
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,445
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:137 dpts:1024:65535
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
multiport dports 135,139,445
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900
0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53
Chain all2all (6 references)
pkts bytes target prot opt in out source destination
3486 693K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
11039 1239K LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:all2all:ACCEPT:'
11039 1239K ACCEPT 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain dropBcast (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = broadcast
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = multicast
Chain dropInvalid (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID
Chain dropNotSyn (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:!0x17/0x02
Chain dynamic (4 references)
pkts bytes target prot opt in out source destination
Chain eth0_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
551 407K tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol none
560 408K all2all 0 -- * eth1 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
Chain eth0_in (1 references)
pkts bytes target prot opt in out source destination
10828 1199K dynamic 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
1390 98269 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol none
12256 1302K all2all 0 -- * * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol none
Chain eth1_fwd (1 references)
pkts bytes target prot opt in out source destination
9 534 dynamic 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
445 30622 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol none
454 31378 all2all 0 -- * eth0 0.0.0.0/0 0.0.0.0/0
policy match dir out pol none
Chain eth1_in (1 references)
pkts bytes target prot opt in out source destination
161 37301 dynamic 0 -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID,NEW
0 0 tcpflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol none
161 37301 all2all 0 -- * * 0.0.0.0/0 0.0.0.0/0
policy match dir in pol none
Chain logdrop (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:logdrop:DROP:'
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logflags (5 references)
pkts bytes target prot opt in out source destination
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:logflags:DROP:'
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain logreject (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG 0 -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:logreject:REJECT:'
0 0 reject 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain reject (7 references)
pkts bytes target prot opt in out source destination
0 0 DROP 0 -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP 0 -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = broadcast
0 0 DROP 0 -- * * 0.0.0.0/0 0.0.0.0/0
PKTTYPE = multicast
0 0 DROP 0 -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP 0 -- * * 224.0.0.0/4 0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-unreachable
0 0 REJECT 0 -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-host-prohibited
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
Chain smurfs (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG 0 -- * * 192.168.0.255 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP 0 -- * * 192.168.0.255 0.0.0.0/0
0 0 LOG 0 -- * * 192.168.10.255 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP 0 -- * * 192.168.10.255 0.0.0.0/0
0 0 LOG 0 -- * * 255.255.255.255 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP 0 -- * * 255.255.255.255 0.0.0.0/0
0 0 LOG 0 -- * * 224.0.0.0/4 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:'
0 0 DROP 0 -- * * 224.0.0.0/4 0.0.0.0/0
Chain tcpflags (4 references)
pkts bytes target prot opt in out source destination
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x3F/0x29
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x3F/0x00
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x06/0x06
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x03/0x03
0 0 logflags tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:0 flags:0x17/0x02
Log (/var/log/messages)
Apr 21 18:44:56 all2all:ACCEPT:IN=eth0 OUT= SRC=192.168.0.69 DST=192.168.0.255
LEN=166 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=631 DPT=631 LEN=146
Apr 21 18:44:57 all2all:ACCEPT:IN=eth0 OUT= SRC=192.168.0.1 DST=192.168.0.255
LEN=92 TOS=0x00 PREC=0x00 TTL=1 ID=48772 PROTO=UDP SPT=520 DPT=520 LEN=72
Apr 21 18:45:01 all2all:ACCEPT:IN=eth0 OUT= SRC=192.168.0.1 DST=224.0.0.1
LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=48773 PROTO=2
Apr 21 18:45:11 all2all:ACCEPT:IN=eth1 OUT= SRC=192.168.10.111
DST=192.168.10.255 LEN=235 TOS=0x00 PREC=0x00 TTL=128 ID=19371 PROTO=UDP
SPT=138 DPT=138 LEN=215
Apr 21 18:45:16 all2all:ACCEPT:IN=eth0 OUT= SRC=192.168.0.1 DST=224.0.0.1
LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=48774 PROTO=2
Apr 21 18:45:26 all2all:ACCEPT:IN=eth0 OUT= SRC=192.168.0.69 DST=192.168.0.255
LEN=233 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=631 DPT=631 LEN=213
Apr 21 18:45:27 all2all:ACCEPT:IN=eth0 OUT= SRC=192.168.0.1 DST=192.168.0.255
LEN=92 TOS=0x00 PREC=0x00 TTL=1 ID=48775 PROTO=UDP SPT=520 DPT=520 LEN=72
Apr 21 18:45:27 all2all:ACCEPT:IN=eth0 OUT= SRC=192.168.0.69 DST=192.168.0.255
LEN=166 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=631 DPT=631 LEN=146
Apr 21 18:45:31 all2all:ACCEPT:IN=eth0 OUT= SRC=192.168.0.1 DST=224.0.0.1
LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=48776 PROTO=2
Apr 21 18:45:46 all2all:ACCEPT:IN=eth0 OUT= SRC=192.168.0.1 DST=224.0.0.1
LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=48777 PROTO=2
Apr 21 18:45:57 all2all:ACCEPT:IN=eth0 OUT= SRC=192.168.0.1 DST=192.168.0.255
LEN=92 TOS=0x00 PREC=0x00 TTL=1 ID=48778 PROTO=UDP SPT=520 DPT=520 LEN=72
Apr 21 18:45:57 all2all:ACCEPT:IN=eth0 OUT= SRC=192.168.0.69 DST=192.168.0.255
LEN=233 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=631 DPT=631 LEN=213
Apr 21 18:45:58 all2all:ACCEPT:IN=eth0 OUT= SRC=192.168.0.69 DST=192.168.0.255
LEN=166 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=631 DPT=631 LEN=146
Apr 21 18:46:01 all2all:ACCEPT:IN=eth0 OUT= SRC=192.168.0.1 DST=224.0.0.1
LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=48779 PROTO=2
Apr 21 18:46:16 all2all:ACCEPT:IN=eth0 OUT= SRC=192.168.0.1 DST=224.0.0.1
LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=48780 PROTO=2
Apr 21 18:46:27 all2all:ACCEPT:IN=eth0 OUT= SRC=192.168.0.1 DST=192.168.0.255
LEN=92 TOS=0x00 PREC=0x00 TTL=1 ID=48781 PROTO=UDP SPT=520 DPT=520 LEN=72
Apr 21 18:46:28 all2all:ACCEPT:IN=eth0 OUT= SRC=192.168.0.69 DST=192.168.0.255
LEN=233 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=631 DPT=631 LEN=213
Apr 21 18:46:29 all2all:ACCEPT:IN=eth0 OUT= SRC=192.168.0.69 DST=192.168.0.255
LEN=166 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=631 DPT=631 LEN=146
Apr 21 18:46:31 all2all:ACCEPT:IN=eth0 OUT= SRC=192.168.0.1 DST=224.0.0.1
LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=48783 PROTO=2
Apr 21 18:46:46 all2all:ACCEPT:IN=eth0 OUT= SRC=192.168.0.1 DST=224.0.0.1
LEN=28 TOS=0x00 PREC=0x00 TTL=1 ID=48793 PROTO=2
NAT Table
Chain PREROUTING (policy ACCEPT 6833 packets, 987K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 40 packets, 2359 bytes)
pkts bytes target prot opt in out source destination
49 2893 eth0_masq 0 -- * eth0 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 40 packets, 2359 bytes)
pkts bytes target prot opt in out source destination
Chain eth0_masq (1 references)
pkts bytes target prot opt in out source destination
9 534 SNAT 0 -- * * 192.168.10.0/24 0.0.0.0/0
policy match dir out pol none to:192.168.0.200
Mangle Table
Chain PREROUTING (policy ACCEPT 24531 packets, 3021K bytes)
pkts bytes target prot opt in out source destination
24531 3021K tcpre 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 12531 packets, 1345K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 1014 packets, 439K bytes)
pkts bytes target prot opt in out source destination
1014 439K tcfor 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 2114 packets, 388K bytes)
pkts bytes target prot opt in out source destination
1261 185K tcout 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 2275 packets, 624K bytes)
pkts bytes target prot opt in out source destination
2275 624K tcpost 0 -- * * 0.0.0.0/0 0.0.0.0/0
Chain tcfor (1 references)
pkts bytes target prot opt in out source destination
Chain tcout (1 references)
pkts bytes target prot opt in out source destination
Chain tcpost (1 references)
pkts bytes target prot opt in out source destination
0 0 CLASSIFY 0 -- * eth1 0.0.0.0/0 0.0.0.0/0
MARK match 0x1/0xff CLASSIFY set 1:11
0 0 CLASSIFY 0 -- * eth1 0.0.0.0/0 0.0.0.0/0
MARK match 0x2/0xff CLASSIFY set 1:12
Chain tcpre (1 references)
pkts bytes target prot opt in out source destination
161 7656 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:80 MARK set 0x2
0 0 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:20 MARK set 0x2
0 0 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 MARK set 0x2
Conntrack Table
tcp 6 431994 ESTABLISHED src=192.168.10.111 dst=192.168.0.69 sport=1064
dport=139 packets=203 bytes=9828 src=192.168.0.69 dst=192.168.0.200 sport=139
dport=1064 packets=203 bytes=9660 [ASSURED] mark=0 secmark=0 use=1
udp 17 4 src=192.168.0.1 dst=192.168.0.255 sport=520 dport=520 packets=1
bytes=92 [UNREPLIED] src=192.168.0.255 dst=192.168.0.1 sport=520 dport=520
packets=0 bytes=0 mark=0 secmark=0 use=1
tcp 6 429748 ESTABLISHED src=192.168.0.69 dst=192.168.0.200 sport=58848
dport=22 packets=569 bytes=40251 src=192.168.0.200 dst=192.168.0.69 sport=22
dport=58848 packets=423 bytes=59339 [ASSURED] mark=0 secmark=0 use=1
tcp 6 431999 ESTABLISHED src=192.168.0.69 dst=192.168.0.200 sport=40557
dport=22 packets=305 bytes=19147 src=192.168.0.200 dst=192.168.0.69 sport=22
dport=40557 packets=340 bytes=55119 [ASSURED] mark=0 secmark=0 use=1
udp 17 6 src=192.168.0.69 dst=192.168.0.255 sport=631 dport=631 packets=3
bytes=565 [UNREPLIED] src=192.168.0.255 dst=192.168.0.69 sport=631 dport=631
packets=0 bytes=0 mark=0 secmark=0 use=1
unknown 2 593 src=192.168.0.1 dst=224.0.0.1 packets=8751 bytes=245028
[UNREPLIED] src=224.0.0.1 dst=192.168.0.1 packets=0 bytes=0 mark=0 secmark=0
use=1
IP Configuration
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:29:7c:74:e0 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.200/24 brd 192.168.0.255 scope global eth0
inet6 fe80::20c:29ff:fe7c:74e0/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc htb qlen 1000
link/ether 00:0c:29:7c:74:ea brd ff:ff:ff:ff:ff:ff
inet 192.168.10.129/24 brd 192.168.10.255 scope global eth1
inet6 fe80::20c:29ff:fe7c:74ea/64 scope link
valid_lft forever preferred_lft forever
IP Stats
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
RX: bytes packets errors dropped overrun mcast
560 8 0 0 0 0
TX: bytes packets errors dropped carrier collsns
560 8 0 0 0 0
2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0c:29:7c:74:e0 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
9221218 19898 0 0 0 0
TX: bytes packets errors dropped carrier collsns
650845 6011 0 0 0 0
3: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc htb qlen 1000
link/ether 00:0c:29:7c:74:ea brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped overrun mcast
1748771 15115 0 0 0 0
TX: bytes packets errors dropped carrier collsns
7445292 5469 0 0 0 0
/proc
/proc/version = Linux version 2.6.23-1-686 (Debian 2.6.23-1~mtu1) ([EMAIL
PROTECTED]) (gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)) #1 SMP
Fri Oct 12 14:30:49 UTC 2007
/proc/sys/net/ipv4/ip_forward = 1
/proc/sys/net/ipv4/icmp_echo_ignore_all = 0
/proc/sys/net/ipv4/conf/all/proxy_arp = 0
/proc/sys/net/ipv4/conf/all/arp_filter = 0
/proc/sys/net/ipv4/conf/all/arp_ignore = 0
/proc/sys/net/ipv4/conf/all/rp_filter = 1
/proc/sys/net/ipv4/conf/all/log_martians = 0
/proc/sys/net/ipv4/conf/default/proxy_arp = 0
/proc/sys/net/ipv4/conf/default/arp_filter = 0
/proc/sys/net/ipv4/conf/default/arp_ignore = 0
/proc/sys/net/ipv4/conf/default/rp_filter = 1
/proc/sys/net/ipv4/conf/default/log_martians = 0
/proc/sys/net/ipv4/conf/eth0/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth0/arp_filter = 0
/proc/sys/net/ipv4/conf/eth0/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth0/rp_filter = 1
/proc/sys/net/ipv4/conf/eth0/log_martians = 0
/proc/sys/net/ipv4/conf/eth1/proxy_arp = 0
/proc/sys/net/ipv4/conf/eth1/arp_filter = 0
/proc/sys/net/ipv4/conf/eth1/arp_ignore = 0
/proc/sys/net/ipv4/conf/eth1/rp_filter = 1
/proc/sys/net/ipv4/conf/eth1/log_martians = 0
/proc/sys/net/ipv4/conf/lo/proxy_arp = 0
/proc/sys/net/ipv4/conf/lo/arp_filter = 0
/proc/sys/net/ipv4/conf/lo/arp_ignore = 0
/proc/sys/net/ipv4/conf/lo/rp_filter = 0
/proc/sys/net/ipv4/conf/lo/log_martians = 0
Routing Rules
0: from all lookup 255
32766: from all lookup main
32767: from all lookup default
Table 255:
broadcast 192.168.0.255 dev eth0 proto kernel scope link src 192.168.0.200
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 192.168.10.255 dev eth1 proto kernel scope link src 192.168.10.129
local 192.168.0.200 dev eth0 proto kernel scope host src 192.168.0.200
broadcast 192.168.0.0 dev eth0 proto kernel scope link src 192.168.0.200
broadcast 192.168.10.0 dev eth1 proto kernel scope link src 192.168.10.129
local 192.168.10.129 dev eth1 proto kernel scope host src 192.168.10.129
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
Table default:
Table main:
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.200
192.168.10.0/24 dev eth1 proto kernel scope link src 192.168.10.129
default via 192.168.0.1 dev eth0
ARP
? (192.168.0.69) at 00:18:FE:7D:FB:3D [ether] on eth0
? (192.168.10.111) at 00:0C:29:92:F8:B8 [ether] on eth1
? (192.168.0.1) at 00:13:49:63:0C:93 [ether] on eth0
Modules
iptable_raw 2496 0
ipt_ULOG 8868 0
ipt_TTL 2432 0
ipt_ttl 2016 0
ipt_TOS 2368 0
ipt_tos 1760 0
ipt_SAME 2496 0
ipt_REJECT 4672 4
ipt_REDIRECT 2208 0
ipt_recent 9240 0
ipt_owner 2112 0
ipt_NETMAP 2176 0
ipt_MASQUERADE 3776 0
ipt_LOG 6208 11
ipt_iprange 1920 0
ipt_ECN 3040 0
ipt_ecn 2336 0
ipt_CLUSTERIP 8324 0
ipt_ah 2016 0
ipt_addrtype 1984 0
iptable_nat 7108 1
iptable_mangle 2912 1
iptable_filter 3104 1
ip_tables 13380 4
iptable_raw,iptable_nat,iptable_mangle,iptable_filter
Shorewall has detected the following iptables/netfilter capabilities:
NAT: Available
Packet Mangling: Available
Multi-port Match: Available
Extended Multi-port Match: Available
Connection Tracking Match: Available
Packet Type Match: Available
Policy Match: Available
Physdev Match: Available
Packet length Match: Available
IP range Match: Available
Recent Match: Available
Owner Match: Available
Ipset Match: Not available
CONNMARK Target: Available
Extended CONNMARK Target: Available
Connmark Match: Available
Extended Connmark Match: Available
Raw Table: Available
IPP2P Match: Not available
CLASSIFY Target: Available
Extended REJECT: Available
Repeat match: Available
MARK Target: Available
Extended MARK Target: Available
Mangle FORWARD Chain: Available
Traffic Control
Device eth0:
qdisc pfifo_fast 0: root bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1
Sent 663079 bytes 6072 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
Device eth1:
qdisc htb 1: root r2q 10 default 11 direct_packets_stat 0 ver 3.17
Sent 424664 bytes 773 pkt (dropped 0, overlimits 506 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
qdisc ingress ffff: parent ffff:fff1 ----------------
Sent 1360653 bytes 11745 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 11: parent 1:11 limit 127p quantum 1514b flows 127/1024 perturb 10sec
Sent 424664 bytes 773 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
qdisc sfq 12: parent 1:12 limit 127p quantum 1514b flows 127/1024 perturb 10sec
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
class htb 1:11 parent 1:1 leaf 11: prio 1 quantum 1500 rate 80000bit ceil
240000bit burst 1499b/8 mpu 0b overhead 0b cburst 1499b/8 mpu 0b overhead 0b
level 0
Sent 424664 bytes 773 pkt (dropped 0, overlimits 0 requeues 0)
rate 48bit 0pps backlog 0b 0p requeues 0
lended: 559 borrowed: 214 giants: 0
tokens: 137357 ctokens: 45951
class htb 1:1 root rate 640000bit ceil 640000bit burst 1499b/8 mpu 0b overhead
0b cburst 1499b/8 mpu 0b overhead 0b level 7
Sent 424664 bytes 773 pkt (dropped 0, overlimits 0 requeues 0)
rate 48bit 0pps backlog 0b 0p requeues 0
lended: 214 borrowed: 0 giants: 0
tokens: 17386 ctokens: 17386
class htb 1:12 parent 1:1 leaf 12: prio 2 quantum 4800 rate 400000bit ceil
640000bit burst 1499b/8 mpu 0b overhead 0b cburst 1499b/8 mpu 0b overhead 0b
level 0
Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
rate 0bit 0pps backlog 0b 0p requeues 0
lended: 0 borrowed: 0 giants: 0
tokens: 29296 ctokens: 18310
TC Filters
Device eth0:
Device eth1:
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users
