Hi Almost worked, look at the messages after the patched and configured the
tcrules.
Thanks in advance
Dec 23 07:36:10 galvatronvt1 admin: Shorewall restarted
Dec 23 07:36:10 galvatronvt1 shorewall[19223]: done.
Dec 23 07:36:29 galvatronvt1 shorewall[19740]: Compiling...
Dec 23 07:36:29 galvatronvt1 shorewall[19740]: Processing
/etc/shorewall/params ...
Dec 23 07:36:29 galvatronvt1 shorewall[19740]: Processing
/etc/shorewall/shorewall.conf...
Dec 23 07:36:29 galvatronvt1 shorewall[19740]: Loading Modules...
Dec 23 07:36:30 galvatronvt1 shorewall[19740]: Running
/etc/shorewall/compile...
Dec 23 07:36:30 galvatronvt1 shorewall[19740]: Compiling
/etc/shorewall/zones...
Dec 23 07:36:30 galvatronvt1 shorewall[19740]: Compiling
/etc/shorewall/interfaces...
Dec 23 07:36:30 galvatronvt1 shorewall[19740]: Determining Hosts in Zones...
Dec 23 07:36:30 galvatronvt1 shorewall[19740]: Locating Action Files...
Dec 23 07:36:30 galvatronvt1 shorewall[19740]: Compiling
/usr/share/shorewall/action.Drop for chain Drop...
Dec 23 07:36:30 galvatronvt1 shorewall[19740]: Compiling
/usr/share/shorewall/action.Broadcast for chain Broadcast...
Dec 23 07:36:30 galvatronvt1 shorewall[19740]: Compiling
/usr/share/shorewall/action.Invalid for chain Invalid...
Dec 23 07:36:30 galvatronvt1 shorewall[19740]: Compiling
/usr/share/shorewall/action.NotSyn for chain NotSyn...
Dec 23 07:36:30 galvatronvt1 shorewall[19740]: Compiling
/usr/share/shorewall/action.Reject for chain Reject...
Dec 23 07:36:30 galvatronvt1 shorewall[19740]: Compiling
/etc/shorewall/policy...
Dec 23 07:36:30 galvatronvt1 shorewall[19740]: Running
/etc/shorewall/initdone...
Dec 23 07:36:30 galvatronvt1 shorewall[19740]: Adding Anti-smurf Rules
Dec 23 07:36:30 galvatronvt1 shorewall[19740]: Adding rules for DHCP
Dec 23 07:36:30 galvatronvt1 shorewall[19740]: Compiling TCP Flags
filtering...
Dec 23 07:36:30 galvatronvt1 shorewall[19740]: Compiling Kernel Route
Filtering...
Dec 23 07:36:30 galvatronvt1 shorewall[19740]: Compiling Martian Logging...
Dec 23 07:36:30 galvatronvt1 shorewall[19740]: Compiling
/etc/shorewall/tcdevices...
Dec 23 07:36:30 galvatronvt1 shorewall[19740]: Compiling
/etc/shorewall/tcclasses...
Dec 23 07:36:30 galvatronvt1 shorewall[19740]: Compiling
/etc/shorewall/providers...
Dec 23 07:36:30 galvatronvt1 shorewall[19740]: Compiling
/etc/shorewall/route_rules...
Dec 23 07:36:30 galvatronvt1 shorewall[19740]: Compiling
/etc/shorewall/tcrules...
Dec 23 07:36:30 galvatronvt1 shorewall[19740]: WARNING: Using an
interface as the SOURCE in a T: rule requires the interface to be up and
configured when Shorewall starts/restarts : /etc/shorewall/tcrules (line 35)
Dec 23 07:36:30 galvatronvt1 shorewall[19740]: ERROR: Unknown Class
(3:21:21)} : /etc/shorewall/tcrules (line 37)
Dec 23 07:36:30 galvatronvt1 admin: ERROR:Shorewall restart failed
2011/12/22 Tom Eastep <[email protected]>
> On 12/22/11 3:20 PM, Tom Eastep wrote:
> > On 12/22/11 1:04 PM, Tom Eastep wrote:
> >> On Thu, 2011-12-22 at 17:36 -0200, fabiano stocco2 wrote:
> >>
> >>>
> >>> I have two internet link. The first has 2Mbit the other has 4Mbit ,
> >>> so I'm riding with a download control which handles input to the
> >>> network based on the origin of the WAN links, this just right for min
> >>> control the amount of data traveling on each link. The problem that
> >>> shorewall can not make this rule below to min:
> >>>
> >>> # iptables-t mangle-A FORWARD-i eth1-o ETH3-p tcp - sport 80-j
> >>> Classify - set-class 3:21
> >>>
> >>> The Shorewall is trying to rule as tcpos and not tcfor as expected,
> >>> does not work with it.
> >>
> >> Shorewall currently doesn't allow CLASSIFY rules to be placed in the
> >> FORWARD chain.
> >>
> >
> > Here's a patch.
> >
> > patch /usr/share/shorewall/Shorewall/Tc.pm < CLASSIFY1.patch
> >
> > To specify the FORWARD chain (tcfor), follow the classification with
> > ':F'. Example: 3:21:F
> >
>
> With the patch this time.
>
> -Tom
> --
> Tom Eastep \ When I die, I want to go like my Grandfather who
> Shoreline, \ died peacefully in his sleep. Not screaming like
> Washington, USA \ all of the passengers in his car
> http://shorewall.net \________________________________________________
>
>
> ------------------------------------------------------------------------------
> Write once. Port to many.
> Get the SDK and tools to simplify cross-platform app development. Create
> new or port existing apps to sell to consumers worldwide. Explore the
> Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
> http://p.sf.net/sfu/intel-appdev
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
>
--
*Fabiano Stocco**
**Sysadmin*
Agro Industrial Parati Ltda - Averama
44-3672-8000
44-8444-6635**
------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create
new or port existing apps to sell to consumers worldwide. Explore the
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
