Tom, Thank you for you reply. Please accept my apologies for the email format.
Here is my config now, i have MARK_IN_FORWARD_CHAIN=No LAN=eth0 WAN=eth2 so traffic now goes to the default class which is good however seems like my marking isn't working because as shown in tcrules, i've mark those packets but they dont end up in the respected class. Thanks in advance tcrules http://pastebin.com/12Y9s8sJ tcclasses http://pastebin.com/8wvQWAYF tcdevices http://pastebin.com/ysnsJsdj shorewall show tc http://pastebin.com/tG01D76D On Mon, Nov 11, 2013 at 6:11 PM, Tom Eastep <teas...@shorewall.net> wrote: > On 11/11/2013 4:57 AM, JC Putter wrote: >> Hi, >> >> anyone that can maybe assist? >> >> Thanks >> >> >> On Sun, Nov 10, 2013 at 9:39 AM, JC Putter <jcput...@gmail.com >> <mailto:jcput...@gmail.com>> wrote: >> >> Hi, >> >> i am using shorewall 4.5.21.3 on CentOS 6.4. i have a two interface >> firewall, one wan and the another lan. >> >> the firewall is doing masquerading for the lan, i am trying to setup >> some QoS policies however finding it difficult to work. >> >> Also i need some advise and better explanation, according to the >> LARTC docs qos policies used be applied to the interface connection >> to the network, (AKA LAN Interface?). i see that from the examples >> from shorewall man pages that you use the WAN interface. which is >> better and why? > > Neither is 'better'. One is for shaping outgoing traffic (WAN interface) > and one os for shaping incoming traffic (LAN interface). >> >> here is my current config, when specifying ports sport 80 or 443 >> traffic not going to the specified class however removing the ports >> and just specifying any traffic it works...i've also tried swaping >> about SPORT and DPORT.. >> >> > > I refuse to look at the iptables output. The miserable gmail interface > tries to make an embedded link out of everything that looks like an IP > address, rendering the resulting text unreadable. If you wish to post > such output, please do so as an attachment; thanks. > > But I do note a couple of things: > > a) You are marking TCP packets with destination port 21. Those are > control connection packets destined for an FTP server in your local > network (remember that you are marking on the FORWARD chain so only > forwarded packets will be marked). I seriously doubt that is what you > want. I think you rather want 'ftp' in the HELPER column. > > b) Similarly you are marking TCP packets with destination port 80 and > 443. Those would be directed at a web server in your local LEN, while I > suspect that you really want response packets destined for web clients > in the local LAN. So you want '-' in the DEST PORT(S) column and 80,443 > in the SOURCE PORT(S) column. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > ------------------------------------------------------------------------------ > November Webinars for C, C++, Fortran Developers > Accelerate application performance with scalable programming models. Explore > techniques for threading, error checking, porting, and tuning. Get the most > from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > ------------------------------------------------------------------------------ November Webinars for C, C++, Fortran Developers Accelerate application performance with scalable programming models. Explore techniques for threading, error checking, porting, and tuning. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
