Greetings, fellow Shorewall users ! After years of scripting ipfwadm, ipchains and iptables, I stumbled upon Shorewall and finally found a higher level tool to my liking... I now manage configurations more complicated than anything I could hope to keep control of with my own scripts - and I haven't looked back since then... So, for my first message here I'll start with a big thank you to the developers !
Now, I wish to take advantage of Shorewall's Traffic Control abilities to achieve something approaching what my old modified Wondershaper used to do... But meanwhile, IPv6 has become a large part of my traffic - so I have read the documentation and I think I mostly understand the simple configuration variant of shorewall & shorewall6 tc, except for one important detail: how these two interact... Hence my question: The upstream interface for IPv4 is Ethernet, but the IPv6 one is a 6in4 tunnel built over the IPv4 interface. How is Shorewall aware that the in-bandwidth of the IPv6 tunnel can't be defined because it is actually nested in the total in-bandwidth of the IPv4 interface ? The 'Combined IPv4/IPv6 Simple TC Configuration' seems to suppose that both IPv4 and IPv6 share a single physical interface. Is the definition of a 6in4 tunnel in /etc/shorewall/tunnels with an IPv4 gateway what tells Shorewall that IPv4 bears IPv6 ? So is one supposed to eschew declaring the IPv6 interface in /etc/shorewall/tcdevices ? But then how is one supposed to express /etc/shorewall/tcclasses ? Only for the physical interface ? If this scenario is not covered by Shorewall's current functionality, I have thought about a workaround: inserting a two-interface router between my main (eight-interface) router and the outside. That way, the 6in4 tunnel would terminate on the two-interface router so that on the main router I would be able to configure the same outside Ethernet port for both IPv4 and Ipv6 - and therefore fall back into Shorewall's well documented IPv4/IPv6 tc use-case. What do you people think ? ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
