Shorewall version 5.0.14, Fedora 24 all recent patches, x86_64
Long time user of Shorewall, but recently have tried to incorporate some old TC scripts into Shorewall directly. I believe most of the classes and rules are being correctly created, at least
tc -g -s qdisc show dev ppp0shows the classes, and a reasonable distribution of packets, except for one... Read on...
I have a host that needs to send to SpiderOak cloud backup services, this service seems to post to https 443 protocol.
Another host in my house will occasionally connect to company VPN services and those use https 443 as well. One host I want as a high priority queue, one very low. And from what I can gleam from the packets numbers in the tc command, both types are flowing through the same rule.
In tcclasses I have: #INTERFACE MARK RATE CEIL PRIO OPTIONS 1:20 20 full/8 full 0 1:21 21 full/8 full 1 1:22 22 full/8 full 2 1:23 23 full/8 full 3 1:24 24 full/8 full 4 1:25 25 full/8 full 5 default 1:26 26 full/8 full 6 1:27 27 full/8 full 7 tcfilters contains: #######################################################################################CLASS SOURCE DEST PROTO DPORT SPORT TOS LENGTH PRIOR
IPV41:27 10.20.0.8/32 0.0.0.0/0 all - - - - #mammouth
where 10.20.0.8 is the IP address of the low priority host sending SpiderOak packets.
I've tried this rule at the top of tcfilters, and bottom, no apparent effect. Its not working.
TBH, I'm struggling with whether mangle needs to come into the picture, so I also tried adding this line to mangle:
#####################################################################################################################################################ACTION SOURCE DEST PROTO DPORT SPORT USER TEST LENGTH TOS CONNBYTES HELPER PROBABILITY DSCP MARK(27) 10.20.0.8/32 0.0.0.0/0 all - - - - - - - - -
but still no apparent effect.So specifically my question as described, and also still struggling a little with when mangle is required. I've read most of the docs on mangle, but still missing some of the concepts of when its needed and how to use it (I know the docs describe just this situation so I'm not alone).
The full shorewall dump is attached. Its a rather complex firewall with several interfaces, vpns, etc.
Any help greatly appreciated. Thanks, Brian
shorewall_dump.txt.bz2
Description: application/bzip
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
