extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-22 06:10:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Documentation updates

Browse Source
This commit is contained in:
Tom Eastep 2011-04-11 09:37:50 -07:00
parent 0b17136780
commit 5734c84499
2 changed files with 37 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Shorewall/releasenotes.txt
View File

@ -129,7 +129,9 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
- Leave /etc/shorewall6/tcinterfaces empty. - Leave /etc/shorewall6/tcinterfaces empty.
- Configure /etc/shorewall/tcpri (if desired) - Configure /etc/shorewall/tcpri (if desired)
- Configure /etc/shorewall6/tcpri (if desired) - Configure /etc/shorewall6/tcpri (if desired)
It should be noted that when IPv6 packets are encapsulated for
transmission by 6to4/6in4, they retain their marks.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
I V. R E L E A S E 4 . 4 H I G H L I G H T S I V. R E L E A S E 4 . 4 H I G H L I G H T S
---------------------------------------------------------------------------- ----------------------------------------------------------------------------

43
docs/LennyToSqueeze.xml
View File

@ -182,15 +182,6 @@
<section id="Issues"> <section id="Issues">
<title>Issues Most Likely to Cause Problems or Concerns</title> <title>Issues Most Likely to Cause Problems or Concerns</title>
<section>
<title>Simple Traffic Shaping on AMD64</title>
<para>As of this date (Feb 12, 2011), output rate limiting with Simple
Traffic Shaping doesn't work on AMD64 systems. Outbound traffic drops to
a crawl and does not recover. This appears to be a kernel issue
introduced after kernel 2.6.26.</para>
</section>
<section id="conf"> <section id="conf">
<title>shorewall.conf</title> <title>shorewall.conf</title>
@ -962,6 +953,40 @@ insert_rule $filter_table-&gt;{OUTPUT}, 1, "-p udp --sport 1701 -j ACCEPT";
</listitem> </listitem>
</itemizedlist> </itemizedlist>
</section> </section>
<section id="SimpleTC">
<title>Simple Traffic Shaping</title>
<para>If you find that output bandwidth is extremely limited, it is
likely due to TCP Segmentation Offload (TSO) and/or Generic Segmentation
Offload (GSO) being enabled in the network adapter. To verify that,
install the <firstterm>ethtool</firstterm> package and use the -k
command:</para>
<programlisting>root@gateway:~# ethtool -k eth1
Offload parameters for eth1:
rx-checksumming: on
tx-checksumming: on
scatter-gather: on
tcp-segmentation-offload: <emphasis role="bold">on</emphasis>
udp-fragmentation-offload: off
generic-segmentation-offload: <emphasis role="bold">on</emphasis>
generic-receive-offload: off
large-receive-offload: off
ntuple-filters: off
receive-hashing: off
root@gateway:~#</programlisting>
<para>If that is the case, you can correct the problem by adjusting the
<replaceable>minburst</replaceable> setting in
/etc/shorewall/tcinterfaces. We suggest starting at 10-12kb and adjust
as necessary. Example:</para>
<programlisting>#INTERFACE TYPE IN-BANDWIDTH OUT-BANDWIDTH
eth0 External 50mbit:200kb 5.0mbit:100kb:200ms:100mbit:<emphasis
role="bold">10kb</emphasis>
</programlisting>
</section>
</section> </section>
<section id="Additional"> <section id="Additional">