---------- Forwarded message ----------
From: fabiano stocco2 <[email protected]>
Date: 2011/12/22
Subject: Re: confirm 899689e155664d652518be9e5cdcd2f3caad64d9
To: [email protected]
good afternoon
Guys to have a problem here that is as follows.
I have two internet link. The first has 2Mbit the other has 4Mbit , so I'm
riding with a download control which handles input to the network based on
the origin of the WAN links, this just right for min control the amount of
data traveling on each link. The problem that shorewall can not make this
rule below to min:
# iptables-t mangle-A FORWARD-i eth1-o ETH3-p tcp - sport 80-j Classify -
set-class 3:21
The Shorewall is trying to rule as tcpos and not tcfor as expected, does
not work with it.
Shorewall-4.4.23 Version
The following data
#tcdevices
#NUMBER: IN-BANDWITH OUT-BANDWIDTH OPTIONS
eth1 2mbit 2mbit
eth2 4mbit 4mbit
eth3 100mbit 100mbit classify
#tcclass
eth1 11 10*full/100 50*full/100 1
tos=0x68/0xfc,tos=0xb8/0xfc
#Voip
eth1 12 15*full/100 50*full/100 2
tcp-ack,tos-minimize-delay #Conexao
eth1 13 45*full/100 full 3
#Dados
eth1 14 30*full/100 50*full/100 4
default #Default
eth2 11 5*full/100 50*full/100 1
tos=0x68/0xfc,tos=0xb8/0xfc #Voip
eth2 12 15*full/100 50*full/100 2
tcp-ack,tos-minimize-delay #Conexao
eth2 13 50*full/100 full 3
#Dados
eth2 14 30*full/100 50*full/100 4
default #Default
eth3:2 - 2mbit 2mbit 1
eth3:2:20 - 200kbit 400kbit 1
tos=0x68/0xfc,tos=0xb8/0xfc #Voip
eth3:2:21 - 200kbit 400kbit 2
tcp-ack,tos-minimize-delay #Conexao
eth3:2:22 - 1200kbit full
3 #Dados
eth3:2:23 - 400kbit 400kbit
4 #Default
eth3:3 - 4mbit 4mbit 1
eth3:3:30 - 200kbit 400kbit 1
tos=0x68/0xfc,tos=0xb8/0xfc #Voip
eth3:3:31 - 500kbit 1mbit 2
tcp-ack,tos-minimize-delay #Conexao
eth3:3:32 - 2mbit full
3 #Dados
eth3:3:33 - 400kbit full 4
default #Default
eth3:4 - 400kbit 400kbit 1
#Sem QOS
#Tcrules
######################################################################################################################
#MARK SOURCE DEST PROTO DEST SOURCE USER
TEST LENGTH TOS CONNBYTES HELPER
# PORT(S) PORT(S)
#############################UPLOAD
WAN##########################################
#Conexao
12 172.16.0.0/16 0.0.0.0/0 icmp echo-request,echo-reply
12 172.16.0.0/16 0.0.0.0/0 udp 53
12 172.16.0.0/16 0.0.0.0/0 tcp 53
#VOIP
11 $VOIP 0.0.0.0/0 tcp 4569,5060
11 $VOIP 0.0.0.0/0 udp 4569,5060
#Dados
13 172.16.0.0/16 0.0.0.0/0 tcp
1194,22017,60179,22,3389,631,5900:5904
13 172.16.0.0/16 0.0.0.0/0 udp 1194
##############################DOWNLOAD
LInk1##########################################
##Conexao
3:21 eth1 172.16.0.0/16 icmp echo-request,echo-reply
3:21 eth1 172.16.0.0/16 udp 53
3:21 eth1 eth3 tcp - 53,80
3:21 eth1 eth3 tcp 53,80
#VOIP
3:20 eth1 $VOIP tcp 4569,5060
3:20 eth1 $VOIP udp 4569,5060
#Dados
3:22 eth1 172.16.0.0/16 tcp
1194,22017,389,60179,22,3389,631,5900:5904,9102,9103
3:22 eth1 172.16.0.0/16 udp 1194,389,161
##############################DOWNLOAD
Link1###########################################################
##Conexao
3:31 eth2 172.16.0.0/16 icmp echo-request,echo-reply
3:31 eth2 172.16.0.0/16 udp 53
3:31 eth2 172.16.0.0/16 tcp 53
#VOIP
3:30 eth2 $VOIP tcp 4569,5060
3:30 eth2 $VOIP udp 4569,5060
##Dados
3:32 eth2 172.16.0.0/16 tcp
1194,22017,389,60179,22,3389,631,5900:5904,9102,9103
3:32 eth2 172.16.0.0/16 udp 1194,389,161
##Sem QoS
3:4 $FW 172.16.0.0/16 tcp
22,9102,9103,3128,60179,389
Fabiano Stocco
--
*Fabiano Stocco**
**Sysadmin*
Agro Industrial Parati Ltda - Averama
44-3672-8000
44-8444-6635**
------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create
new or port existing apps to sell to consumers worldwide. Explore the
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
