Tom I upgraded 3 of our routers. Nice upgrade. Shorewall check showed a couple issues that I fixed but the problem still remains :-(
Attached is a dump with heavy trafic and some opennms graphs of the same site. eth0 is local net. eth1 is internet. This is a different site than the last one it's simpler and has more traffic. The internet is a t1 that is cut back a bit to allow for some phone trafic that come off before I get it. Most of the traffic is remote backups of main office to this site via rsync in ssh in openvpn. As you can see it's kept rather busy I did an iperf durring the dump just to make sure it was busy. The opennms is also from the main site. The main site has 2 bonded t1s so its able to keep the link saturated at the tested site. Thos is a nasty case as it needs to throtle incoming traffic. It does seem to control the traffic well but ping times are getting bad at times. Ususally the pings via the internet hold up better but they are stll better than via openvpn As I recall was getting better ping times then I used ipsec. I recall while minimum ping times were less the average ping times were less via ipsec. I switch from ipsec because the packets were getting counted twice in the traffic shapping. On Monday 05 July 2010 06:20:23 pm Tom Eastep wrote: > On 7/5/10 2:11 PM, John McMonagle wrote: > > Or are your referring to the bad netmasks that are being created by my > > version of shorewall? > > It appears that your old version of Shorewall is treating 0.0.0.0/0 like > 0.0.0.0. > > > Should I send a dump with traffic or should I concentrate on upgrading > > shorewall? > > > > It will probably take a week or so to upgrade both ends. > > I suggest concentrating on upgrading. > > -Tom
neeroutedump.gz
Description: GNU Zip compressed data
neeroute.htm.gz
Description: GNU Zip compressed data
------------------------------------------------------------------------------ This SF.net email is sponsored by Sprint What will you do first with EVO, the first 4G phone? Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
