Everyone, thanks for all your help. To get Example 6 from http://www.shorewall.net/traffic_shaping.htm
working on LEAF Bering-uClibc 2.4.1, make sure to load the appropriate modules, namely ipt_CONNMARK and ipt_connmark. The example as written will then work. My tcrules (in entirety): #MARK SOURCE DEST PROTO PORT(S) CLIENT USER TEST # PORT(S) 10 0.0.0.0/0 10.11.1.0/24 tcp http 20 0.0.0.0/0 10.11.1.0/24 tcp smtp 20 0.0.0.0/0 10.11.1.0/24 tcp domain 20 0.0.0.0/0 10.11.1.0/24 udp domain RESTORE 0.0.0.0/0 0.0.0.0/0 all - - - 0 CONTINUE 0.0.0.0/0 0.0.0.0/0 all - - - !0 50 0.0.0.0/0 0.0.0.0/0 ipp2p:all SAVE 0.0.0.0/0 0.0.0.0/0 all - - - !0 (When I ran into iptables errors with Example 6, I ended up fiddling around with an example on a different page http://www.shorewall.net/IPP2P.html which is more complicated, requires ipt_CLASSIFY which isn't available on the CD ISO, and doesn't play as nicely or as easily with my other tcrules. After going down this path, and resolving some of the iptables problems, I failed to go back and retry the easier example until this morning.) As an aside, I like to take advantage of the fact all the modules are on the CD, and load them from there rather than copying them around and saving the configuration to floppy. The end of my /etc/modules looks like this, and includes all the modules necessary for the tc package to work. Obviously my Ethernet cards are of no real interest, but I left that in as someone out there might find it helpful to lower the amount of cruft on their floppy... ### local customizations ### Ethernet drivers crc32 ! mount iso9660 /dev/cdrom ! dir /lib/modules/2.4.32/kernel/drivers/net sis900 3c59x tulip ### QoS ! dir /lib/modules/2.4.32/kernel/net/sched cls_fw cls_route cls_rsvp cls_rsvp6 cls_tcindex cls_u32 sch_cbq sch_csz sch_dsmark sch_gred sch_hfsc sch_htb sch_ingress sch_netem sch_prio sch_red sch_sfq sch_tbf sch_teql ### openvpn ! dir /lib/modules/2.4.32/kernel/drivers/net tun ### required for Shorewall ipp2p ! dir /lib/modules/2.4.32/kernel/net/ipv4/netfilter ipt_CONNMARK ipt_connmark ! umount It seems to me that the lack of documentation as to which modules are needed for which packages (or which package features) is a very significant problem. It should be documented somewhere that the default LEAF configuration does not support RESTORE or SAVE in Shorewall tcrules, and that to enable these those two ipt_ modules are required. I hope this helps someone out, and avoids the two days of grief that I went through LOL. In all seriousness, once I finish with a few other LEAF configuration details, I will write up my configuration and put it up somewhere in the hope that it helps someone else. -- Bob ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
