Hi Nigel,
The issue you are seeing:
RTNETLINK answers: File exists
ERROR: Command "tc qdisc add dev eth1 parent 2:2 handle 2: sfq quantum
1500 limit 127 perturb 10" Failed Processing /etc/shorewall/stop
Can be resolved by running
tc qdisc del dev eth1 root
before adding the new settings "tc qdisc add dev eth1 ..."
This is a sysadmin work around which I am sure can be adapted into
/etc/shorewall/stop or start
Kind regards,
Trent O'Callaghan
-----Original Message-----
From: Nigel Aves [mailto:[email protected]]
Sent: Tuesday, 16 February 2010 12:01 PM
To: [email protected]
Subject: [Shorewall-users] Adding download control for internal interface -
qdisk errors out
Shorewall version 4.4.7
I have managed to configure Shorewall successfully for traffic shaping on
the upload and that all seems to be working ok.
Today I'm trying to control downloading as well, rather than using Squids
delay pools. I followed the on-line documentation but when I try to start
Shorewall the following message pops up.
Setting up Traffic Control...
RTNETLINK answers: File exists
ERROR: Command "tc qdisc add dev eth1 parent 2:2 handle 2: sfq quantum
1500 limit 127 perturb 10" Failed
Processing /etc/shorewall/stop ...
I have had a hunt around and can not find out what I have done wrong. (No
surprises there, I'm no sysadm type person).
Any help as to what I have done wrong will be gratefully received.
Nigel.
Here are the files (when just using the ppp0 everything works perfectly,
commented out the eth1 lines to get the firewall working)
tcdevices
ppp0 6200kbit 4400kbit
eth1 - 100mbits
tcclasses
ppp0 1 5*full/100 full 1
tcp-ack,tos-minimize-delay
ppp0 2 47*full/100 full 2
ppp0 3 10*full/100 full 3
ppp0 4 5*full/100 full 4
ppp0 5 29*full/100 full 5
ppp0 6 4*full/100 full 6 default
#eth1 1 5*full/100 full 1 tcp-ack
#eth1 3 10*full/100 full 2
#eth1 4 5*full/100 full 3
#eth1 5 70*full/100 full 4
#eth1 6 10*full/100 full 5 default
I think it's the tcclasses it does not like because if I keep the tcrules
for just the ppp0 interface I still get the error message when I un-comment
"eth1"
tcrules
1:F 0.0.0.0/0 0.0.0.0/0 icmp echo-request
1:F 0.0.0.0/0 0.0.0.0/0 icmp echo-reply
2:T 207.224.48.222 0.0.0.0/0 tcp -
80,443
3:T 0.0.0.0/0 0.0.0.0/0 tcp 53
3:T 0.0.0.0/0 0.0.0.0/0 udp 53
# 3:F ppp0 eth1 tcp - 53
# 3:F ppp0 eth1 udp - 53
4:T 0.0.0.0/0 0.0.0.0/0 tcp 25
4:T 0.0.0.0/0 0.0.0.0/0 udp 25
# 4:F ppp0 eth1 tcp - 25
# 4:F ppp0 eth1 udp - 25
5:T 0.0.0.0/0 0.0.0.0/0 tcp 80,443
# 5:F ppp0 eth1 tcp -
80,443
I've also tried not using eth1 but 192.168.1.0/24
----------------------------------------------------------------------------
--
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
SOLARIS 10 is the OS for Data Centers - provides features such as DTrace,
Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW
http://p.sf.net/sfu/solaris-dev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
