Traffic Shaping takes down IPSEC Tunnels, and MAIL connections
-
Upgrade to latest snap.
-
I updated to latest snapshot yesterday morning, all traffic coming from outside remains blocked.
After that I removed the Traffic Shaping config, no changes, then try rebooting, no changes.Appears like the assistant do something that later, the remove shaping button does not solve.
Other Thing That I find curious is that the shaper uses for child Queues only 50% of total Interface bandwidth given at parent queue called Internet.
Anyone is experiencin problems like me with traffic shaping?
-
I do not think this is traffic shaping related.
Check your configuration for possible problems. -
I try it again and connections dont starts being denied until I make the traffic shaper assistant.
the only traffic that is allowed at WAN its outgoing HTTP.Using traffic assistant multi wan and multilan it keeps using 50% of bandwidth. for example:
WAN (2Mb)
–Internet Queue (2Mb)
|___ qAck (19%)
|___ qDefault (9,9%)
|___ qP2P (4,95%)
|___ qVoIP (512Kb)
|___ qOthersHigh(9,9%)
|___ qOtherLow(4,95%)
The percent values only reach 50% and bandwidth for VoIP is only 25% then I think 25% will be unused beacuse is not included at any Queue and should be at qdefault queue raising it to 34,9%Please correct me if im wrong, but All I do is run the assistant and raise qdefault queues to reach near 100%.
Many thanks
-
Now you are asking totally unrelated questions to the thread topic.
-
The main problem for me is the same, incoming connections as previouly said dont reach destination after I complete the traffic shaper assitant and this is the post subject "Traffic Shaping takes down IPSEC Tunnels, and MAIL ", later I realized that it cuts any incoming connection not using HTTP (web server at dmz works), all other incoming traffic dont do it (Mail, IPSEC, OpenVPN, ports redirected …
)I forget to tell thats this is happening on x86 version, with config imported from v1.2.3
-
I am sorry but I cannot belive that.
Can you post your /tmp/rules.debug here? -
Ok, today I will be out of the office, but thursday will try again with latest snapshot and will post last /tmp/rules.debug
THanks in advance :) -
Same result but This time I wait without doing traffic shaping and cut mail connections (at this moment only appears to be affected connections to IPPublica4, wich is nated to mail server at dmz).
IPPublica1=Mail server
IPPublica3=web server
IPPublica4=Wan Firewall
IPPublica5=Default WAN Routerhere is the rules.debug
[deleted by request]
–----------------------------------------------------------
If i do a tcpdump I dont see the public VIP (Proxy ARP Virtual IP), in the logs, anybody knows if there are any problem importing Virtual IPs, the only time that I updated firewall and mail server works until I do the traffic shaper assistant I saw the reinstalling modules web dialog and I change fast the window trying to interrupt it. Doing that it works until I tried to do the traffic shaping.
Im getting really crazy with this, any help would be nice.
-
You have problems in your nat.
-
But… That config works great on 1.2.3 I just backed up it and restore on 2.0.
What do you see strange on it?