Re: [Shorewall-users] Problem with trafic shapping and openvpn

Mon, 05 Jul 2010 15:31:48 -0700 


On Monday 05 July 2010 09:44:19 am Tom Eastep wrote:
> On 7/5/10 7:28 AM, Tom Eastep wrote:
> >> Any Ideas?
> >
> > A shorewall dump taken when there is little or no traffic flowing is not
> > particularly useful for analyzing TC problems but it looks to me as if
> > you have entries in /etc/shorewall/tcfilters with 0.0.0.0 in the SOURCE
> > and DEST columns where you really want 0.0.0.0/0.
>
> I notice that you are running a particularly ancient version of
> Shorewall (4.2.1 -- Released in October of 2008). I found the following
> under 'Problems Corrected' in the release notes for 4.2.8:
>
> 5) When a network address was specified in the SOURCE or DEST column of
>    /etc/shorewall/tcfilters, Shorewall-perl was generating an incorrect
>    netmask.
>
> -Tom

Tom

My tcfilters file does have 0.0.0.0/0 entries ??
part of it:
#                                       OUTGOING
# 3389 is rdesktop
1:110       0.0.0.0/0       0.0.0.0/0       udp     iax
1:110       0.0.0.0/0       0.0.0.0/0       udp     -     iax
1:110       0.0.0.0/0       0.0.0.0/0       ospf
1:120       0.0.0.0/0       0.0.0.0/0       tcp     ssh
1:120      0.0.0.0/0       0.0.0.0/0       tcp     -       ssh
1:120       0.0.0.0/0       0.0.0.0/0       tcp     https
1:120      0.0.0.0/0       0.0.0.0/0       tcp     -       https
1:120       0.0.0.0/0       0.0.0.0/0       tcp     3389
1:120      0.0.0.0/0       0.0.0.0/0       tcp     -       3389
1:130    0.0.0.0/0       0.0.0.0/0       tcp     smtp
1:130     0.0.0.0/0       0.0.0.0/0       tcp     -      smtp

#
#                                   INCOMING TRAFFIC
#
#
2:110       0.0.0.0/0       0.0.0.0/0       udp     iax
2:110       0.0.0.0/0       0.0.0.0/0       udp     -     iax
2:110       0.0.0.0/0       0.0.0.0/0       ospf
2:120       0.0.0.0/0       0.0.0.0/0       tcp     ssh
2:120      0.0.0.0/0       0.0.0.0/0       tcp     -       ssh
2:120       0.0.0.0/0       0.0.0.0/0       tcp     https
2:120      0.0.0.0/0       0.0.0.0/0       tcp     -       https
2:120       0.0.0.0/0       0.0.0.0/0       tcp     3389
2:120      0.0.0.0/0       0.0.0.0/0       tcp     -       3389
2:130    0.0.0.0/0       0.0.0.0/0       tcp     smtp
2:130     0.0.0.0/0       0.0.0.0/0       tcp     -      smtp

Or are your referring to the bad netmasks that are being created by my version 
of shorewall?

Should I send a dump with traffic or should I concentrate on upgrading 
shorewall?

It will probably take a week or so to upgrade both ends.

John




------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to