Traffic Shaping takes down IPSEC Tunnels, and MAIL connections

kaneda

I updated to latest snapshot yesterday morning, all traffic coming from outside remains blocked.
After that I removed the Traffic Shaping config, no changes, then try rebooting, no changes.

Appears like the assistant do something that later, the remove shaping button does not solve.

Other Thing That I find curious is that the shaper uses for child Queues only 50% of total Interface bandwidth given at parent queue called Internet.

Anyone is experiencin problems like me with traffic shaping?

eri--

I do not think this is traffic shaping related.
Check your configuration for possible problems.

kaneda

I try it again and connections dont starts being denied until I make the traffic shaper assistant.
the only traffic that is allowed at WAN its outgoing HTTP.

Using traffic assistant multi wan and multilan it keeps using 50% of bandwidth. for example:

WAN (2Mb)
–Internet Queue (2Mb)
          |___ qAck (19%)
          |___ qDefault (9,9%)
          |___ qP2P (4,95%)
          |___ qVoIP (512Kb)
          |___ qOthersHigh(9,9%)
          |___ qOtherLow(4,95%)
The percent values only reach 50% and bandwidth for VoIP is only 25% then I think 25% will be unused beacuse is not included at any Queue and should be at qdefault queue raising it to 34,9%

Please correct me if im wrong, but All I do is run the assistant and raise qdefault queues to reach near 100%.

Many thanks

eri--

Now you are asking totally unrelated questions to the thread topic.

kaneda

The main problem for me is the same, incoming connections as previouly said dont reach destination after I complete the traffic shaper assitant and this is the post subject "Traffic Shaping takes down IPSEC Tunnels, and MAIL ", later I realized that it cuts any incoming connection not using HTTP (web server at dmz works), all other incoming traffic dont do it (Mail, IPSEC, OpenVPN, ports redirected …
)

I forget to tell thats this is happening on x86 version, with config imported from v1.2.3

eri--

I am sorry but I cannot belive that.
Can you post your /tmp/rules.debug here?

kaneda

Ok, today I will be out of the office, but thursday will try again with latest snapshot and will post last /tmp/rules.debug
THanks in advance  :)

kaneda

Same result but This time I wait without doing traffic shaping and cut mail connections (at this moment only appears to be affected connections to IPPublica4, wich is nated to mail server at dmz).
IPPublica1=Mail server
IPPublica3=web server
IPPublica4=Wan Firewall
IPPublica5=Default WAN Router

here is the rules.debug

[deleted by request]

–----------------------------------------------------------

If i do a tcpdump I dont see the public VIP (Proxy ARP Virtual IP), in the logs, anybody knows if there are any problem importing Virtual IPs, the only time that I updated firewall and mail server works until I do the traffic shaper assistant I saw the reinstalling modules web dialog and I change  fast the window trying to interrupt it. Doing that it works until I tried to do the traffic shaping.

Im getting really crazy with this, any help would be nice.

eri--

You have problems in your nat.

kaneda

But… That config works great on 1.2.3 I just backed up it and restore on 2.0.

What do you see strange on it?