Forums

Resolved
0 votes
Hi I have installed the qos app and it is crashing on start taking the internet access down.
It is on the default vanilla configuration with only the only upstream and downstream set.
The error message is at the bottom of the log from firewall-start -d:

firewall: Running external QoS bandwidth manager
firewall: Error: /usr/clearos/apps/qos/deploy/libqos.lua:493: bad argument #1 to 'pairs' (table expected, got nil)

How do I resolve it?
Thanks in advance

[root@Router01 ~]# firewall-start -d > out
firewall: Starting firewall...
firewall: Loading environment
firewall: FW_MODE=gateway
firewall: WANIF=eth1
firewall: LANIF=eth0
firewall: LANIF=eth2
firewall: LANIF=eth3
firewall: SYSWATCH_WANIF=eth1
firewall: WIFIF=
firewall: BANDWIDTH_QOS=off
firewall: QOS_ENGINE=/usr/clearos/apps/qos/deploy/libqos.lua
firewall: SQUID_USER_AUTHENTICATION=off
firewall: SQUID_TRANSPARENT=on
firewall: IPSEC_SERVER=off
firewall: PPTP_SERVER=off
firewall: ONE_TO_ONE_NAT_MODE=type2
firewall: RULES=||0x10000008|6|10.0.0.124|20|20
firewall: RULES=||0x10000008|6|10.0.0.124|21|21
firewall: RULES=||0x10000080|0|11.11.111.99||eth1_10.0.2.5
firewall: RULES=OpenVPN||0x10000001|17||1194|
firewall: RULES=||0x10000008|17|10.0.1.120||5060:5061
firewall: RULES=||0x10000008|6|10.0.0.124|22|22
firewall: RULES=||0x10000008|6|10.0.0.108|25|25
firewall: RULES=||0x10000008|6|10.0.0.125|3306|3306
firewall: RULES=||0x10000008|17|10.0.1.120||10000:20000
firewall: RULES=ssh_server||0x10000001|6||22|
firewall: RULES=webconfig||0x10000001|6||81|
firewall: RULES=||0x10000008|6|10.0.0.108|80|80
firewall: RULES=||0x10000008|6|10.0.0.108|443|443
firewall: FW_DROP=DROP
firewall: FW_ACCEPT=ACCEPT
firewall: IPBIN=/sbin/ip
firewall: TCBIN=/sbin/tc
firewall: MODPROBE=/sbin/modprobe
firewall: RMMOD=/sbin/rmmod
firewall: SYSCTL=/sbin/sysctl
firewall: IFCONFIG=/sbin/ifconfig
firewall: PPTP_PASSTHROUGH_FORCE=no
firewall: EGRESS_FILTERING=off
firewall: PROTOCOL_FILTERING=off
firewall: Detected WAN role for interface: eth1
firewall: Detected LAN role for interface: eth0
firewall: Detected LAN role for interface: eth2
firewall: Detected LAN role for interface: eth3
firewall: Setting kernel parameters
firewall: /sbin/sysctl -w net.ipv4.neigh.default.gc_thresh1=1024 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.neigh.default.gc_thresh2=4096 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.neigh.default.gc_thresh3=8192 >/dev/null = 0
firewall: /sbin/sysctl -w net.netfilter.nf_conntrack_max=524288 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.ip_forward=1 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.tcp_syncookies=1 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.conf.all.log_martians=0 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.conf.all.accept_redirects=0 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.conf.all.send_redirects=0 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.conf.default.accept_redirects=0 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.conf.default.send_redirects=0 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.conf.all.accept_source_route=0 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=1 >/dev/null = 0
firewall: Detected WAN info - eth1 11.11.111.98 on network 11.11.111.96/29
firewall: Detected LAN info - eth0 10.0.0.254 on network 10.0.0.0/24
firewall: Detected LAN info - eth2 10.0.1.1 on network 10.0.1.0/24
firewall: Detected LAN info - eth3 10.0.2.1 on network 10.0.2.0/24
firewall: Using gateway mode
firewall: Loading kernel modules
firewall: /sbin/modprobe ipt_LOG >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ipt_REJECT >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_conntrack_ftp >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_conntrack_irc >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ppp_generic >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ppp_mppe >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_conntrack_proto_gre >/dev/null 2>&1 = 256
firewall: /sbin/modprobe ip_conntrack_pptp >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ipt_IMQ >/dev/null 2>&1 = 0
firewall: Loading kernel modules for NAT
firewall: /sbin/modprobe ipt_MASQUERADE >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_nat_ftp >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_nat_irc >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_nat_proto_gre >/dev/null 2>&1 = 256
firewall: /sbin/modprobe ip_nat_pptp >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_nat_h323 >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_nat_tftp >/dev/null 2>&1 = 0
firewall: Setting default policy to DROP
firewall: Defining custom chains
firewall: iptables -t filter -A drop-lan -j DROP
firewall: Running blocked external rules
firewall: Running custom rules
firewall: Running common rules
firewall: iptables -t filter -A INPUT -m state --state INVALID -j DROP
firewall: iptables -t filter -A INPUT -p tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j REJECT --reject-with tcp-reset
firewall: iptables -t filter -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
firewall: iptables -t filter -A INPUT -i eth1 -s 127.0.0.0/8 -j DROP
firewall: iptables -t filter -A INPUT -i eth1 -s 169.254.0.0/16 -j DROP
firewall: iptables -t filter -A INPUT -i lo -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o lo -j ACCEPT
firewall: iptables -t filter -A INPUT -i pptp+ -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o pptp+ -j ACCEPT
firewall: iptables -t filter -A INPUT -i tun+ -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o tun+ -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth0 -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o eth0 -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth2 -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o eth2 -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth3 -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o eth3 -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth1 -p icmp --icmp-type 0 -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth1 -p icmp --icmp-type 3 -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth1 -p icmp --icmp-type 8 -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth1 -p icmp --icmp-type 11 -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o eth1 -p icmp -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth1 -p udp --dport bootpc --sport bootps -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth1 -p tcp --dport bootpc --sport bootps -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o eth1 -p udp --sport bootpc --dport bootps -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o eth1 -p tcp --sport bootpc --dport bootps -j ACCEPT
firewall: Running incoming denied rules
firewall: Running user-defined incoming rules
firewall: Allowing incoming udp port/range 1194
firewall: iptables -t filter -A INPUT -p 17 -d 11.11.111.98 --dport 1194 -j ACCEPT
firewall: iptables -t filter -A OUTPUT -p 17 -o eth1 -s 11.11.111.98 --sport 1194 -j ACCEPT
firewall: Allowing incoming tcp port/range 22
firewall: iptables -t filter -A INPUT -p 6 -d 11.11.111.98 --dport 22 -j ACCEPT
firewall: iptables -t filter -A OUTPUT -p 6 -o eth1 -s 11.11.111.98 --sport 22 -j ACCEPT
firewall: Allowing incoming tcp port/range 81
firewall: iptables -t filter -A INPUT -p 6 -d 11.11.111.98 --dport 81 -j ACCEPT
firewall: iptables -t filter -A OUTPUT -p 6 -o eth1 -s 11.11.111.98 --sport 81 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -o tun+ -j ACCEPT
firewall: Running default incoming allowed rules
firewall: iptables -t filter -A OUTPUT -o eth1 -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth1 -p udp --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth1 -p tcp --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
firewall: Running user-defined port forward rules
firewall: Port forwarding tcp 20 to 10.0.0.124 20
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 6 --dport 20 -j DNAT --to 10.0.0.124:20
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.124 -p 6 -s 10.0.0.0/255.255.255.0 --dport 20 -j SNAT --to 10.0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 6 -d 10.0.0.124 --dport 20 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.124 -p 6 -s 10.0.1.0/255.255.255.0 --dport 20 -j SNAT --to 10.0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.124 --dport 20 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.124 -p 6 -s 10.0.2.0/255.255.255.0 --dport 20 -j SNAT --to 10.0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.124 --dport 20 -j ACCEPT
firewall: Port forwarding tcp 21 to 10.0.0.124 21
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 6 --dport 21 -j DNAT --to 10.0.0.124:21
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.124 -p 6 -s 10.0.0.0/255.255.255.0 --dport 21 -j SNAT --to 10.0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 6 -d 10.0.0.124 --dport 21 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.124 -p 6 -s 10.0.1.0/255.255.255.0 --dport 21 -j SNAT --to 10.0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.124 --dport 21 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.124 -p 6 -s 10.0.2.0/255.255.255.0 --dport 21 -j SNAT --to 10.0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.124 --dport 21 -j ACCEPT
firewall: Port forwarding udp 5060:5061 to 10.0.1.120
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 17 --dport 5060:5061 -j DNAT --to 10.0.1.120
firewall: iptables -t nat -A POSTROUTING -d 10.0.1.120 -p 17 -s 10.0.0.0/255.255.255.0 --dport 5060:5061 -j SNAT --to 10.0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 17 -d 10.0.1.120 --dport 5060:5061 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.1.120 -p 17 -s 10.0.1.0/255.255.255.0 --dport 5060:5061 -j SNAT --to 10.0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 17 -d 10.0.1.120 --dport 5060:5061 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.1.120 -p 17 -s 10.0.2.0/255.255.255.0 --dport 5060:5061 -j SNAT --to 10.0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 17 -d 10.0.1.120 --dport 5060:5061 -j ACCEPT
firewall: Port forwarding tcp 22 to 10.0.0.124 22
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 6 --dport 22 -j DNAT --to 10.0.0.124:22
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.124 -p 6 -s 10.0.0.0/255.255.255.0 --dport 22 -j SNAT --to 10.0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 6 -d 10.0.0.124 --dport 22 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.124 -p 6 -s 10.0.1.0/255.255.255.0 --dport 22 -j SNAT --to 10.0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.124 --dport 22 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.124 -p 6 -s 10.0.2.0/255.255.255.0 --dport 22 -j SNAT --to 10.0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.124 --dport 22 -j ACCEPT
firewall: Port forwarding tcp 25 to 10.0.0.108 25
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 6 --dport 25 -j DNAT --to 10.0.0.108:25
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.0.0/255.255.255.0 --dport 25 -j SNAT --to 10.0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 6 -d 10.0.0.108 --dport 25 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.1.0/255.255.255.0 --dport 25 -j SNAT --to 10.0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.108 --dport 25 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.2.0/255.255.255.0 --dport 25 -j SNAT --to 10.0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.108 --dport 25 -j ACCEPT
firewall: Port forwarding tcp 3306 to 10.0.0.125 3306
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 6 --dport 3306 -j DNAT --to 10.0.0.125:3306
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.125 -p 6 -s 10.0.0.0/255.255.255.0 --dport 3306 -j SNAT --to 10.0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 6 -d 10.0.0.125 --dport 3306 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.125 -p 6 -s 10.0.1.0/255.255.255.0 --dport 3306 -j SNAT --to 10.0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.125 --dport 3306 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.125 -p 6 -s 10.0.2.0/255.255.255.0 --dport 3306 -j SNAT --to 10.0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.125 --dport 3306 -j ACCEPT
firewall: Port forwarding udp 10000:20000 to 10.0.1.120
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 17 --dport 10000:20000 -j DNAT --to 10.0.1.120
firewall: iptables -t nat -A POSTROUTING -d 10.0.1.120 -p 17 -s 10.0.0.0/255.255.255.0 --dport 10000:20000 -j SNAT --to 10.0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 17 -d 10.0.1.120 --dport 10000:20000 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.1.120 -p 17 -s 10.0.1.0/255.255.255.0 --dport 10000:20000 -j SNAT --to 10.0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 17 -d 10.0.1.120 --dport 10000:20000 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.1.120 -p 17 -s 10.0.2.0/255.255.255.0 --dport 10000:20000 -j SNAT --to 10.0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 17 -d 10.0.1.120 --dport 10000:20000 -j ACCEPT
firewall: Port forwarding tcp 80 to 10.0.0.108 80
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 6 --dport 80 -j DNAT --to 10.0.0.108:80
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.0.0/255.255.255.0 --dport 80 -j SNAT --to 10.0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 6 -d 10.0.0.108 --dport 80 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.1.0/255.255.255.0 --dport 80 -j SNAT --to 10.0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.108 --dport 80 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.2.0/255.255.255.0 --dport 80 -j SNAT --to 10.0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.108 --dport 80 -j ACCEPT
firewall: Port forwarding tcp 443 to 10.0.0.108 443
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 6 --dport 443 -j DNAT --to 10.0.0.108:443
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.0.0/255.255.255.0 --dport 443 -j SNAT --to 10.0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 6 -d 10.0.0.108 --dport 443 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.1.0/255.255.255.0 --dport 443 -j SNAT --to 10.0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.108 --dport 443 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.2.0/255.255.255.0 --dport 443 -j SNAT --to 10.0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.108 --dport 443 -j ACCEPT
firewall: /sbin/rmmod imq 2>/dev/null = 256
firewall: /sbin/tc qdisc del dev eth1 root >/dev/null 2>&1 = 512
firewall: Running external QoS bandwidth manager
firewall: Error: /usr/clearos/apps/qos/deploy/libqos.lua:493: bad argument #1 to 'pairs' (table expected, got nil)
[root@Router01 ~]# more out
Running firewall panic mode...
Tuesday, August 26 2014, 01:04 AM
Share this post:
Responses (8)
  • Accepted Answer

    Friday, September 12 2014, 12:20 AM - #Permalink
    Resolved
    0 votes
    Hi Tim,
    We have progress.
    the process finishes but I have no access to the internet after it runs.
    Any idea how to resolve it?
    this is the output of the running firewall-restart -d

    firewall: Starting firewall...
    firewall: Loading environment
    firewall: FW_MODE=gateway
    firewall: WANIF=eth1
    firewall: LANIF=eth0
    firewall: LANIF=eth2
    firewall: LANIF=eth3
    firewall: SYSWATCH_WANIF=eth1
    firewall: WIFIF=
    firewall: BANDWIDTH_QOS=off
    firewall: QOS_ENGINE=/usr/clearos/apps/qos/deploy/libqos.lua
    firewall: SQUID_USER_AUTHENTICATION=off
    firewall: SQUID_TRANSPARENT=on
    firewall: IPSEC_SERVER=off
    firewall: PPTP_SERVER=off
    firewall: ONE_TO_ONE_NAT_MODE=type2
    firewall: RULES=FTP||0x00000008|6|10.0.0.124|20|20
    firewall: RULES=FTP||0x00000008|6|10.0.0.124|21|21
    firewall: RULES=||0x10000008|6|10.0.0.108|143|143

    firewall: RULES=||0x10000080|0|11.11.111.99||eth1_10.0.2.5
    firewall: RULES=OpenVPN||0x10000001|17||1194|

    firewall: RULES=||0x10000008|17|10.0.1.120||5060:5061
    firewall: RULES=||0x10000008|6|10.0.0.124|22|22
    firewall: RULES=||0x10000008|6|10.0.0.108|25|25

    firewall: RULES=||0x10000008|6|10.0.0.125|3306|3306


    firewall: RULES=||0x10000008|17|10.0.1.120||10000:20000
    firewall: RULES=ssh_server||0x10000001|6||22|
    firewall: RULES=webconfig||0x10000001|6||81|
    firewall: RULES=||0x10000008|6|10.0.0.108|80|80
    firewall: RULES=||0x10000008|6|10.0.0.108|443|443
    firewall: FW_DROP=DROP
    firewall: FW_ACCEPT=ACCEPT
    firewall: IPBIN=/sbin/ip
    firewall: TCBIN=/sbin/tc
    firewall: MODPROBE=/sbin/modprobe
    firewall: RMMOD=/sbin/rmmod
    firewall: SYSCTL=/sbin/sysctl
    firewall: IFCONFIG=/sbin/ifconfig
    firewall: PPTP_PASSTHROUGH_FORCE=no
    firewall: EGRESS_FILTERING=off
    firewall: PROTOCOL_FILTERING=off
    firewall: Detected WAN role for interface: eth1
    firewall: Detected LAN role for interface: eth0
    firewall: Detected LAN role for interface: eth2
    firewall: Detected LAN role for interface: eth3
    firewall: Setting kernel parameters
    firewall: /sbin/sysctl -w net.ipv4.neigh.default.gc_thresh1=1024 >/dev/null = 0
    firewall: /sbin/sysctl -w net.ipv4.neigh.default.gc_thresh2=4096 >/dev/null = 0
    firewall: /sbin/sysctl -w net.ipv4.neigh.default.gc_thresh3=8192 >/dev/null = 0
    firewall: /sbin/sysctl -w net.netfilter.nf_conntrack_max=524288 >/dev/null = 0
    firewall: /sbin/sysctl -w net.ipv4.ip_forward=1 >/dev/null = 0
    firewall: /sbin/sysctl -w net.ipv4.tcp_syncookies=1 >/dev/null = 0
    firewall: /sbin/sysctl -w net.ipv4.conf.all.log_martians=0 >/dev/null = 0
    firewall: /sbin/sysctl -w net.ipv4.conf.all.accept_redirects=0 >/dev/null = 0
    firewall: /sbin/sysctl -w net.ipv4.conf.all.send_redirects=0 >/dev/null = 0
    firewall: /sbin/sysctl -w net.ipv4.conf.default.accept_redirects=0 >/dev/null = 0
    firewall: /sbin/sysctl -w net.ipv4.conf.default.send_redirects=0 >/dev/null = 0
    firewall: /sbin/sysctl -w net.ipv4.conf.all.accept_source_route=0 >/dev/null = 0
    firewall: /sbin/sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1 >/dev/null = 0
    firewall: /sbin/sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=1 >/dev/null = 0
    firewall: Detected WAN info - eth1 11.11.111.98 on network 11.11.111.96/29
    firewall: Detected LAN info - eth0 10.0.0.254 on network 10.0.0.0/24
    firewall: Detected LAN info - eth2 10.0.1.1 on network 10.0.1.0/24
    firewall: Detected LAN info - eth3 10.0.2.1 on network 10.0.2.0/24
    firewall: Using gateway mode
    firewall: Loading kernel modules
    firewall: /sbin/modprobe ipt_LOG >/dev/null 2>&1 = 0
    firewall: /sbin/modprobe ipt_REJECT >/dev/null 2>&1 = 0
    firewall: /sbin/modprobe ip_conntrack_ftp >/dev/null 2>&1 = 0
    firewall: /sbin/modprobe ip_conntrack_irc >/dev/null 2>&1 = 0
    firewall: /sbin/modprobe ppp_generic >/dev/null 2>&1 = 0
    firewall: /sbin/modprobe ppp_mppe >/dev/null 2>&1 = 0
    firewall: /sbin/modprobe ip_conntrack_proto_gre >/dev/null 2>&1 = 256
    firewall: /sbin/modprobe ip_conntrack_pptp >/dev/null 2>&1 = 0
    firewall: /sbin/modprobe ipt_IMQ >/dev/null 2>&1 = 0
    firewall: Loading kernel modules for NAT
    firewall: /sbin/modprobe ipt_MASQUERADE >/dev/null 2>&1 = 0
    firewall: /sbin/modprobe ip_nat_ftp >/dev/null 2>&1 = 0
    firewall: /sbin/modprobe ip_nat_irc >/dev/null 2>&1 = 0
    firewall: /sbin/modprobe ip_nat_proto_gre >/dev/null 2>&1 = 256
    firewall: /sbin/modprobe ip_nat_pptp >/dev/null 2>&1 = 0
    firewall: /sbin/modprobe ip_nat_h323 >/dev/null 2>&1 = 0
    firewall: /sbin/modprobe ip_nat_tftp >/dev/null 2>&1 = 0
    firewall: Setting default policy to DROP
    firewall: Defining custom chains
    firewall: iptables -t filter -A drop-lan -j DROP
    firewall: Running blocked external rules
    firewall: Running custom rules
    firewall: Running common rules
    firewall: iptables -t filter -A INPUT -m state --state INVALID -j DROP
    firewall: iptables -t filter -A INPUT -p tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j REJECT --reject- with tcp-reset
    firewall: iptables -t filter -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
    firewall: iptables -t filter -A INPUT -i eth1 -s 127.0.0.0/8 -j DROP
    firewall: iptables -t filter -A INPUT -i eth1 -s 169.254.0.0/16 -j DROP
    firewall: iptables -t filter -A INPUT -i lo -j ACCEPT
    firewall: iptables -t filter -A OUTPUT -o lo -j ACCEPT
    firewall: iptables -t filter -A INPUT -i pptp+ -j ACCEPT
    firewall: iptables -t filter -A OUTPUT -o pptp+ -j ACCEPT
    firewall: iptables -t filter -A INPUT -i tun+ -j ACCEPT
    firewall: iptables -t filter -A OUTPUT -o tun+ -j ACCEPT
    firewall: iptables -t filter -A INPUT -i eth0 -j ACCEPT

    firewall: iptables -t filter -A OUTPUT -o eth0 -j ACCEPT
    firewall: iptables -t filter -A INPUT -i eth2 -j ACCEPT
    firewall: iptables -t filter -A OUTPUT -o eth2 -j ACCEPT
    firewall: iptables -t filter -A INPUT -i eth3 -j ACCEPT
    firewall: iptables -t filter -A OUTPUT -o eth3 -j ACCEPT
    firewall: iptables -t filter -A INPUT -i eth1 -p icmp --icmp-type 0 -j ACCEPT
    firewall: iptables -t filter -A INPUT -i eth1 -p icmp --icmp-type 3 -j ACCEPT
    firewall: iptables -t filter -A INPUT -i eth1 -p icmp --icmp-type 8 -j ACCEPT
    firewall: iptables -t filter -A INPUT -i eth1 -p icmp --icmp-type 11 -j ACCEPT
    firewall: iptables -t filter -A OUTPUT -o eth1 -p icmp -j ACCEPT
    firewall: iptables -t filter -A INPUT -i eth1 -p udp --dport bootpc --sport bootps -j ACCEPT
    firewall: iptables -t filter -A INPUT -i eth1 -p tcp --dport bootpc --sport bootps -j ACCEPT
    firewall: iptables -t filter -A OUTPUT -o eth1 -p udp --sport bootpc --dport bootps -j ACCEPT
    firewall: iptables -t filter -A OUTPUT -o eth1 -p tcp --sport bootpc --dport bootps -j ACCEPT
    firewall: Running incoming denied rules
    firewall: Running user-defined incoming rules
    firewall: Allowing incoming udp port/range 1194
    firewall: iptables -t filter -A INPUT -p 17 -d 11.11.111.98 --dport 1194 -j ACCEPT
    firewall: iptables -t filter -A OUTPUT -p 17 -o eth1 -s 11.11.111.98 --sport 1194 -j ACCEPT
    firewall: Allowing incoming tcp port/range 22
    firewall: iptables -t filter -A INPUT -p 6 -d 11.11.111.98 --dport 22 -j ACCEPT
    firewall: iptables -t filter -A OUTPUT -p 6 -o eth1 -s 11.11.111.98 --sport 22 -j ACCEPT
    firewall: Allowing incoming tcp port/range 81
    firewall: iptables -t filter -A INPUT -p 6 -d 11.11.111.98 --dport 81 -j ACCEPT
    firewall: iptables -t filter -A OUTPUT -p 6 -o eth1 -s 11.11.111.98 --sport 81 -j ACCEPT



    firewall: iptables -t nat -A POSTROUTING -o tun+ -j ACCEPT
    firewall: Running default incoming allowed rules

    firewall: iptables -t filter -A OUTPUT -o eth1 -j ACCEPT
    firewall: iptables -t filter -A INPUT -i eth1 -p udp --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j A CCEPT
    firewall: iptables -t filter -A INPUT -i eth1 -p tcp --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j A CCEPT
    firewall: Running user-defined port forward rules
    firewall: Port forwarding tcp 143 to 10.0.0.108 143
    firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 6 --dport 143 -j DNAT --to 10.0.0.108:143
    firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.0.0/255.255.255.0 --dport 143 -j SNAT --to 10 .0.0.254
    firewall: iptables -t filter -A FORWARD -o eth0 -p 6 -d 10.0.0.108 --dport 143 -j ACCEPT
    firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.1.0/255.255.255.0 --dport 143 -j SNAT --to 10 .0.1.1
    firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.108 --dport 143 -j ACCEPT
    firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.2.0/255.255.255.0 --dport 143 -j SNAT --to 10 .0.2.1
    firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.108 --dport 143 -j ACCEPT
    firewall: Port forwarding udp 5060:5061 to 10.0.1.120
    firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 17 --dport 5060:5061 -j DNAT --to 10.0.1.120
    firewall: iptables -t nat -A POSTROUTING -d 10.0.1.120 -p 17 -s 10.0.0.0/255.255.255.0 --dport 5060:5061 -j SNAT --to 10.0.0.254
    firewall: iptables -t filter -A FORWARD -o eth0 -p 17 -d 10.0.1.120 --dport 5060:5061 -j ACCEPT
    firewall: iptables -t nat -A POSTROUTING -d 10.0.1.120 -p 17 -s 10.0.1.0/255.255.255.0 --dport 5060:5061 -j SNAT --to 10.0.1.1
    firewall: iptables -t filter -A FORWARD -o eth2 -p 17 -d 10.0.1.120 --dport 5060:5061 -j ACCEPT
    firewall: iptables -t nat -A POSTROUTING -d 10.0.1.120 -p 17 -s 10.0.2.0/255.255.255.0 --dport 5060:5061 -j SNAT --to 10.0.2.1
    firewall: iptables -t filter -A FORWARD -o eth3 -p 17 -d 10.0.1.120 --dport 5060:5061 -j ACCEPT
    firewall: Port forwarding tcp 22 to 10.0.0.124 22
    firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 6 --dport 22 -j DNAT --to 10.0.0.124:22
    firewall: iptables -t nat -A POSTROUTING -d 10.0.0.124 -p 6 -s 10.0.0.0/255.255.255.0 --dport 22 -j SNAT --to 10. 0.0.254
    firewall: iptables -t filter -A FORWARD -o eth0 -p 6 -d 10.0.0.124 --dport 22 -j ACCEPT
    firewall: iptables -t nat -A POSTROUTING -d 10.0.0.124 -p 6 -s 10.0.1.0/255.255.255.0 --dport 22 -j SNAT --to 10. 0.1.1
    firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.124 --dport 22 -j ACCEPT
    firewall: iptables -t nat -A POSTROUTING -d 10.0.0.124 -p 6 -s 10.0.2.0/255.255.255.0 --dport 22 -j SNAT --to 10. 0.2.1
    firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.124 --dport 22 -j ACCEPT
    firewall: Port forwarding tcp 25 to 10.0.0.108 25
    firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 6 --dport 25 -j DNAT --to 10.0.0.108:25
    firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.0.0/255.255.255.0 --dport 25 -j SNAT --to 10. 0.0.254
    firewall: iptables -t filter -A FORWARD -o eth0 -p 6 -d 10.0.0.108 --dport 25 -j ACCEPT
    firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.1.0/255.255.255.0 --dport 25 -j SNAT --to 10. 0.1.1
    firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.108 --dport 25 -j ACCEPT
    firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.2.0/255.255.255.0 --dport 25 -j SNAT --to 10. 0.2.1
    firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.108 --dport 25 -j ACCEPT
    firewall: Port forwarding tcp 3306 to 10.0.0.125 3306
    firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 6 --dport 3306 -j DNAT --to 10.0.0.125:3306
    firewall: iptables -t nat -A POSTROUTING -d 10.0.0.125 -p 6 -s 10.0.0.0/255.255.255.0 --dport 3306 -j SNAT --to 1 0.0.0.254
    firewall: iptables -t filter -A FORWARD -o eth0 -p 6 -d 10.0.0.125 --dport 3306 -j ACCEPT
    firewall: iptables -t nat -A POSTROUTING -d 10.0.0.125 -p 6 -s 10.0.1.0/255.255.255.0 --dport 3306 -j SNAT --to 1 0.0.1.1
    firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.125 --dport 3306 -j ACCEPT
    firewall: iptables -t nat -A POSTROUTING -d 10.0.0.125 -p 6 -s 10.0.2.0/255.255.255.0 --dport 3306 -j SNAT --to 1 0.0.2.1
    firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.125 --dport 3306 -j ACCEPT
    firewall: Port forwarding udp 10000:20000 to 10.0.1.120
    firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 17 --dport 10000:20000 -j DNAT --to 10.0.1.120
    firewall: iptables -t nat -A POSTROUTING -d 10.0.1.120 -p 17 -s 10.0.0.0/255.255.255.0 --dport 10000:20000 -j SNA T --to 10.0.0.254
    firewall: iptables -t filter -A FORWARD -o eth0 -p 17 -d 10.0.1.120 --dport 10000:20000 -j ACCEPT
    firewall: iptables -t nat -A POSTROUTING -d 10.0.1.120 -p 17 -s 10.0.1.0/255.255.255.0 --dport 10000:20000 -j SNA T --to 10.0.1.1
    firewall: iptables -t filter -A FORWARD -o eth2 -p 17 -d 10.0.1.120 --dport 10000:20000 -j ACCEPT
    firewall: iptables -t nat -A POSTROUTING -d 10.0.1.120 -p 17 -s 10.0.2.0/255.255.255.0 --dport 10000:20000 -j SNA T --to 10.0.2.1
    firewall: iptables -t filter -A FORWARD -o eth3 -p 17 -d 10.0.1.120 --dport 10000:20000 -j ACCEPT
    firewall: Port forwarding tcp 80 to 10.0.0.108 80
    firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 6 --dport 80 -j DNAT --to 10.0.0.108:80
    firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.0.0/255.255.255.0 --dport 80 -j SNAT --to 10. 0.0.254
    firewall: iptables -t filter -A FORWARD -o eth0 -p 6 -d 10.0.0.108 --dport 80 -j ACCEPT
    firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.1.0/255.255.255.0 --dport 80 -j SNAT --to 10. 0.1.1
    firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.108 --dport 80 -j ACCEPT

    firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.2.0/255.255.255.0 --dport 80 -j SNAT --to 10. 0.2.1
    firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.108 --dport 80 -j ACCEPT
    firewall: Port forwarding tcp 443 to 10.0.0.108 443
    firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 6 --dport 443 -j DNAT --to 10.0.0.108:443
    firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.0.0/255.255.255.0 --dport 443 -j SNAT --to 10 .0.0.254
    firewall: iptables -t filter -A FORWARD -o eth0 -p 6 -d 10.0.0.108 --dport 443 -j ACCEPT
    firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.1.0/255.255.255.0 --dport 443 -j SNAT --to 10 .0.1.1
    firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.108 --dport 443 -j ACCEPT
    firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.2.0/255.255.255.0 --dport 443 -j SNAT --to 10 .0.2.1
    firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.108 --dport 443 -j ACCEPT
    firewall: /sbin/rmmod imq 2>/dev/null = 256
    firewall: /sbin/tc qdisc del dev eth1 root >/dev/null 2>&1 = 512
    firewall: Running external QoS bandwidth manager
    firewall: Auto-r2q for minimum rate 2520: 209 (quantum: 1507.1770334928)
    firewall: Auto-r2q for minimum rate 2520: 209 (quantum: 1507.1770334928)
    firewall: /sbin/ip link set dev eth1 qlen 30 = 0
    firewall: /sbin/tc qdisc add dev eth1 root handle 1: htb default 16 r2q 209 = 0
    firewall: /sbin/tc class add dev eth1 parent 1: classid 1:1 htb rate 18000kbit = 0
    firewall: /sbin/tc class add dev eth1 parent 1:1 classid 1:10 htb rate 2700kbit ceil 18000kbit prio 0 = 0
    firewall: /sbin/tc qdisc add dev eth1 parent 1:10 handle 10: sfq perturb 10 = 0
    firewall: /sbin/tc filter add dev eth1 parent 1:0 prio 0 protocol ip handle 10 fw flowid 1:10 = 0
    firewall: /sbin/tc class add dev eth1 parent 1:1 classid 1:11 htb rate 2700kbit ceil 7200kbit prio 1 = 0
    firewall: /sbin/tc qdisc add dev eth1 parent 1:11 handle 11: sfq perturb 10 = 0
    firewall: /sbin/tc filter add dev eth1 parent 1:0 prio 0 protocol ip handle 11 fw flowid 1:11 = 0
    firewall: /sbin/tc class add dev eth1 parent 1:1 classid 1:12 htb rate 2520kbit ceil 15480kbit prio 2 = 0
    firewall: /sbin/tc qdisc add dev eth1 parent 1:12 handle 12: sfq perturb 10 = 0
    firewall: /sbin/tc filter add dev eth1 parent 1:0 prio 0 protocol ip handle 12 fw flowid 1:12 = 0
    firewall: /sbin/tc class add dev eth1 parent 1:1 classid 1:13 htb rate 2520kbit ceil 16740kbit prio 3 = 0
    firewall: /sbin/tc qdisc add dev eth1 parent 1:13 handle 13: sfq perturb 10 = 0
    firewall: /sbin/tc filter add dev eth1 parent 1:0 prio 0 protocol ip handle 13 fw flowid 1:13 = 0
    firewall: /sbin/tc class add dev eth1 parent 1:1 classid 1:14 htb rate 2520kbit ceil 15300kbit prio 4 = 0
    firewall: /sbin/tc qdisc add dev eth1 parent 1:14 handle 14: sfq perturb 10 = 0
    firewall: /sbin/tc filter add dev eth1 parent 1:0 prio 0 protocol ip handle 14 fw flowid 1:14 = 0
    firewall: /sbin/tc class add dev eth1 parent 1:1 classid 1:15 htb rate 2520kbit ceil 14400kbit prio 5 = 0
    firewall: /sbin/tc qdisc add dev eth1 parent 1:15 handle 15: sfq perturb 10 = 0
    firewall: /sbin/tc filter add dev eth1 parent 1:0 prio 0 protocol ip handle 15 fw flowid 1:15 = 0
    firewall: /sbin/tc class add dev eth1 parent 1:1 classid 1:16 htb rate 2520kbit ceil 11160kbit prio 6 = 0
    firewall: /sbin/tc qdisc add dev eth1 parent 1:16 handle 16: sfq perturb 10 = 0
    firewall: /sbin/tc filter add dev eth1 parent 1:0 prio 0 protocol ip handle 16 fw flowid 1:16 = 0
    firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 8008 -j MARK --set-mark 12
    firewall: iptables -t mangle -A BWQOS_UP_eth1 -p udp --dport 53 -j MARK --set-mark 10
    firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 2121 -j MARK --set-mark 13
    firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 21 -j MARK --set-mark 13
    firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --dport 443 -j MARK --set-mark 14
    firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 443 -j MARK --set-mark 14
    firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --dport 80 -j MARK --set-mark 14
    firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 80 -j MARK --set-mark 14
    firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 143 -j MARK --set-mark 12
    firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 995 -j MARK --set-mark 13
    firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 110 -j MARK --set-mark 12
    firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 993 -j MARK --set-mark 13
    firewall: iptables -t mangle -A BWQOS_UP_eth1 -s10.0.1.120 -j MARK --set-mark 11
    firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 1723 -j MARK --set-mark 12
    firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 3389 -j MARK --set-mark 12
    firewall: iptables -t mangle -A BWQOS_UP_eth1 -p udp --sport 554 -j MARK --set-mark 12
    firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 873 -j MARK --set-mark 14
    firewall: iptables -t mangle -A BWQOS_UP_eth1 -p udp --sport 5060 -j MARK --set-mark 11
    firewall: iptables -t mangle -A BWQOS_UP_eth1 -p udp --sport 5061 -j MARK --set-mark 11
    firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 25 -j MARK --set-mark 14
    firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 22 -j MARK --set-mark 12
    firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 8080 -j MARK --set-mark 12
    firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 23 -j MARK --set-mark 13
    firewall: iptables -t mangle -A BWQOS_UP_eth1 -p udp --sport 51413 -j MARK --set-mark 15
    firewall: iptables -t mangle -A BWQOS_UP_eth1 -p udp --sport 1755 -j MARK --set-mark 12
    firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 81 -j MARK --set-mark 12
    firewall: iptables -t mangle -A BWQOS_UP_eth1 -p icmp -j MARK --set-mark 10
    firewall: iptables -t mangle -A BWQOS_UP_eth1 -p udp -j MARK --set-mark 12
    firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp -m length --length :64 -j MARK --set-mark 11
    firewall: iptables -t mangle -I POSTROUTING -o eth1 -j BWQOS_UP_eth1
    firewall: /sbin/modprobe imq numdevs=1 = 0
    firewall: /sbin/ip link set imq0 up = 0
    firewall: /sbin/tc qdisc add dev imq0 root handle 1: htb default 16 r2q 209 = 0
    firewall: /sbin/tc class add dev imq0 parent 1: classid 1:1 htb rate 18000kbit = 0
    firewall: /sbin/tc class add dev imq0 parent 1:1 classid 1:10 htb rate 2700kbit ceil 18000kbit prio 0 = 0
    firewall: /sbin/tc qdisc add dev imq0 parent 1:10 handle 10: sfq perturb 10 = 0
    firewall: /sbin/tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 10 fw flowid 1:10 = 0
    firewall: /sbin/tc class add dev imq0 parent 1:1 classid 1:11 htb rate 2700kbit ceil 10080kbit prio 1 = 0
    firewall: /sbin/tc qdisc add dev imq0 parent 1:11 handle 11: sfq perturb 10 = 0
    firewall: /sbin/tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 11 fw flowid 1:11 = 0
    firewall: /sbin/tc class add dev imq0 parent 1:1 classid 1:12 htb rate 2520kbit ceil 18000kbit prio 2 = 0
    firewall: /sbin/tc qdisc add dev imq0 parent 1:12 handle 12: sfq perturb 10 = 0
    firewall: /sbin/tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 12 fw flowid 1:12 = 0
    firewall: /sbin/tc class add dev imq0 parent 1:1 classid 1:13 htb rate 2520kbit ceil 18000kbit prio 3 = 0
    firewall: /sbin/tc qdisc add dev imq0 parent 1:13 handle 13: sfq perturb 10 = 0
    firewall: /sbin/tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 13 fw flowid 1:13 = 0
    firewall: /sbin/tc class add dev imq0 parent 1:1 classid 1:14 htb rate 2520kbit ceil 18000kbit prio 4 = 0
    firewall: /sbin/tc qdisc add dev imq0 parent 1:14 handle 14: sfq perturb 10 = 0
    firewall: /sbin/tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 14 fw flowid 1:14 = 0
    firewall: /sbin/tc class add dev imq0 parent 1:1 classid 1:15 htb rate 2520kbit ceil 18000kbit prio 5 = 0
    firewall: /sbin/tc qdisc add dev imq0 parent 1:15 handle 15: sfq perturb 10 = 0
    firewall: /sbin/tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 15 fw flowid 1:15 = 0
    firewall: /sbin/tc class add dev imq0 parent 1:1 classid 1:16 htb rate 2520kbit ceil 9180kbit prio 6 = 0
    firewall: /sbin/tc qdisc add dev imq0 parent 1:16 handle 16: sfq perturb 10 = 0
    firewall: /sbin/tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 16 fw flowid 1:16 = 0
    firewall: iptables -t mangle -A BWQOS_DOWN_eth1 -p udp --sport 19305 -j MARK --set-mark 11
    firewall: iptables -t mangle -A BWQOS_DOWN_eth1 -p tcp --sport 80 -j MARK --set-mark 14
    firewall: iptables -t mangle -A BWQOS_DOWN_eth1 -p udp -d 192.168.199.190 -j MARK --set-mark 11
    firewall: iptables -t mangle -A BWQOS_DOWN_eth1 -p icmp -j MARK --set-mark 10
    firewall: iptables -t mangle -A BWQOS_DOWN_eth1 -p udp -j MARK --set-mark 12
    firewall: iptables -t mangle -A BWQOS_DOWN_eth1 -p tcp -m length --length :64 -j MARK --set-mark 11
    firewall: iptables -t mangle -A BWQOS_DOWN_eth1 -j IMQ --todev 0
    firewall: iptables -t mangle -I PREROUTING -i eth1 -j BWQOS_DOWN_eth1
    firewall: Running 1-to-1 NAT rules
    firewall: Resetting 1-to-1 NAT alias: eth1:200
    firewall: /sbin/ifconfig eth1:200 down 2>/dev/null = 0
    firewall: Creating alias IP address for 1-to-1 NAT: 11.11.111.99
    firewall: /sbin/ifconfig eth1:200 11.11.111.99 netmask 255.255.255.248 up = 0
    firewall: Enabling 1:1 NAT eth1 10.0.2.5 - 11.11.111.99
    firewall: iptables -t nat -A PREROUTING -d 11.11.111.99 -j DNAT --to 10.0.2.5
    firewall: iptables -t nat -A POSTROUTING -s 10.0.2.5 -j SNAT --to 11.11.111.99
    firewall: iptables -t nat -A POSTROUTING -s 10.0.0.0/255.255.255.0 -d 10.0.2.5 -j SNAT --to 10.0.0.254
    firewall: iptables -t nat -A POSTROUTING -s 10.0.1.0/255.255.255.0 -d 10.0.2.5 -j SNAT --to 10.0.1.1
    firewall: iptables -t nat -A POSTROUTING -s 10.0.2.0/255.255.255.0 -d 10.0.2.5 -j SNAT --to 10.0.2.1
    firewall: iptables -t filter -A FORWARD -i eth1 -d 10.0.2.5 -j ACCEPT
    firewall: Running user-defined proxy rules
    firewall: Content filter is offline
    firewall: Web proxy is offline
    firewall: Running multipath
    firewall: /sbin/ip rule | grep -Ev '(local|main|default)' | while read PRIO RULE; do /sbin/ip rule del prio ${PRIO%%:*} 2>/dev/null; done = 0
    firewall: /sbin/ip rule | grep -Ev '(local|main|default)' | while read PRIO RULE; do /sbin/ip rule del $RULE prio ${PRIO%%:*} 2>/dev/null; done = 0
    firewall: /sbin/ip route flush table 50 = 0
    firewall: /sbin/ip route flush cache = 0
    firewall: Enabling NAT on WAN interface eth1
    firewall: iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
    firewall: Running user-defined outgoing block rules
    firewall: Running default forwarding rules
    firewall: iptables -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
    firewall: iptables -t filter -A FORWARD -i eth0 -j ACCEPT
    firewall: iptables -t filter -A FORWARD -i eth2 -j ACCEPT
    firewall: iptables -t filter -A FORWARD -i eth3 -j ACCEPT
    firewall: iptables -t filter -A FORWARD -i pptp+ -j ACCEPT
    firewall: iptables -t filter -A FORWARD -i tun+ -j ACCEPT
    firewall: Execution time: 0.959s
    The reply is currently minimized Show
  • Accepted Answer

    Monday, September 08 2014, 09:51 PM - #Permalink
    Resolved
    0 votes
    Did you also set
    QOS_UPSTREAM_BWLIMIT="*:100:100:100:100:100:100:100"
    QOS_DOWNSTREAM_BWLIMIT="*:100:100:100:100:100:100:100"

    You might also try using wildcards for the interface name? I've been hacking around with this module so not sure what the default config is
    QOS_UPSTREAM_BWRES="*:15:15:14:14:14:14:14"
    QOS_DOWNSTREAM_BWRES="*:15:15:14:14:14:14:14"
    The reply is currently minimized Show
  • Accepted Answer

    Friday, September 05 2014, 03:04 PM - #Permalink
    Resolved
    0 votes
    It seems to be railing on:
    for i, rate in pairs(rate_up_res["*"]) do
    which I believe is created by:
    rate_up_res = InitializeBandwidthReserved(rate_up, rate_up_res)

    How can I add some type of debugging into it?
    The reply is currently minimized Show
  • Accepted Answer

    Friday, September 05 2014, 11:41 AM - #Permalink
    Resolved
    0 votes
    btw: the same conf file works ok on another server
    The reply is currently minimized Show
  • Accepted Answer

    Friday, September 05 2014, 11:29 AM - #Permalink
    Resolved
    0 votes
    Hi Tim,
    The system is remote and my access to it is restricted so could not test it again until this morning.
    Though I get the same error ....

    I set:
    QOS_UPSTREAM="eth1:18000:auto"
    QOS_DOWNSTREAM="eth1:18000:auto"

    QOS_UPSTREAM_BWRES="eth1:15:15:14:14:14:14:14"
    QOS_DOWNSTREAM_BWRES="eth1:15:15:14:14:14:14:14"

    Then run 'firewall-start -d' and got again:
    .........
    firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.108 --dport 443 -j ACCEPT
    firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.2.0/255.255.255.0 --dport 443 -j SNAT --to 10.0.2.1
    firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.108 --dport 443 -j ACCEPT
    firewall: /sbin/rmmod imq 2>/dev/null = 256
    firewall: /sbin/tc qdisc del dev eth1 root >/dev/null 2>&1 = 512
    firewall: Running external QoS bandwidth manager
    firewall: Error: /usr/clearos/apps/qos/deploy/libqos.lua:493: bad argument #1 to 'pairs' (table expected, got nil)
    Running firewall panic mode...
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, August 26 2014, 03:31 PM - #Permalink
    Resolved
    0 votes
    You need to fill in the values for (see examples above them)

    QOS_UPSTREAM_BWRES=""
    QOS_DOWNSTREAM_BWRES=""

    QOS_UPSTREAM_BWLIMIT=""
    QOS_DOWNSTREAM_BWLIMIT=""

    Or follow through the webconfig QOS UI which should set them for you
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, August 26 2014, 03:06 PM - #Permalink
    Resolved
    0 votes
    Hi Tim,
    Thank you for looking into it.

    this is the qos.conf:
    # Enable ClearOS Bandwidth QoS Engine
    QOS_ENABLE="on"

    # External interface speeds in kbit/s.
    #
    # Format:
    # <ifn>:<speed>:<r2q>[ <ifn>:<speed>:<r2q>] ...
    #
    # Where <ifn> is the name of the external interface.
    # Where <speed> is the external connection speed in kbit/s.
    # Where <r2q> is the used to calculate the queue quantum (see below).
    # You may set this to 'auto' (no quotes) to have an r2q value
    # calculated for you.
    #
    # NOTE:
    #
    # - Specify multiple external interfaces using a space delimiter.
    #
    # - The accuracy of the speed values is critital for correct operation
    # of the QoS rules. Too low and the connection(s) will be throttled.
    # Too high and the QoS engine will become unpredictable.
    #
    # - The 'r2q' parameter stands for 'rate to quantum' and is the
    # conversion factor used to calculate the quantum value for a queue.
    # The quantum is calculated using the formula:
    #
    # quantum = rate (in bytes) / r2q
    #
    # The resulting quantum should be greater than your interface MTU and
    # less than 60,000 (though it appears the value hard-coded in the
    # kernal is 200,000 for 3.7.x).
    #
    # If you see kernel messages such as:
    # "HTB: quantum of class 10002 is small/large. Consider r2q change."
    # You should calculate a better r2q value.
    #
    # Example:
    # QOS_UPSTREAM="ppp0:7168:auto"
    # QOS_DOWNSTREAM="ppp0:25600:10"

    QOS_UPSTREAM="eth1:18000:auto"
    QOS_DOWNSTREAM="eth1:18000:auto"


    # QoS priority class bandwidth reservation configuration
    #
    # Format:
    # <ifn>:<n>:<n>:<n>:<n>:<n>:<n>:<n>[ <ifn>:...]
    # 0 1 2 3 4 5 6
    # Highest --------------------------> Lowest priority
    #
    # Where <ifn> is the name of the external interface. Use * for all interfaces.
    # Where <n> is the percentage of bandwidth reserved per priority class.
    #
    # NOTE: The sum of all priorities must equal 100%.
    #
    # Example:
    # QOS_UPSTREAM_BWRES="ppp0:15:15:14:14:14:14:14"
    # QOS_DOWNSTREAM_BWRES="ppp0:15:15:14:14:14:14:14"

    QOS_UPSTREAM_BWRES=""
    QOS_DOWNSTREAM_BWRES=""

    # QoS priority class bandwidth limit configuration
    #
    # Format:
    # <ifn>:<n>:<n>:<n>:<n>:<n>:<n>:<n>[ <ifn>:...]
    # 0 1 2 3 4 5 6
    # Highest --------------------------> Lowest priority
    #
    # Where <ifn> is the name of the external interface. Use * for all interfaces.
    # Where <n> is the percentage of bandwidth to limit per priority class.
    #
    # NOTE: Each percentage must be greater than or equal to the
    # corresponding reservation value and not exceed 100%.
    #
    # Example:
    # QOS_UPSTREAM_BWLIMIT="ppp0:100:100:100:100:100:100:100:100"
    # QOS_DOWNSTREAM_BWLIMIT="ppp0:100:100:100:100:100:100:100:100"

    QOS_UPSTREAM_BWLIMIT=""
    QOS_DOWNSTREAM_BWLIMIT=""

    # QoS priority mark rules
    #
    # Format:
    # <n>|<ifn>|<enabled>|<d[0-1]>|<prio[0-6]>|<proto>|<saddr>|<sport>|<daddr>|<dport>
    #
    # Where <n> is the "nickname", a human-readable label (no spaces).
    # Where <ifn> is the name of the external interface. Use * for all interfaces.
    # Where <enabled> is set to 1 if enabled, 0 for disabled.
    # Where <d> is the direction, 0 for upstream and 1 for downstream.
    # Where <prio> is the priority, 0 being the highest and 6 being the lowest priority.
    # Where <proto> is the protocol (ex: tcp, udp, icmp, etc).
    # Where <saddr> is the source address. Use - for an empty field.
    # Where <sport> is the source port. Use - for an empty field.
    # Where <daddr> is the destination address. Use - for an empty field.
    # Where <dport> is the destination port. Use - for an empty field.
    #
    # NOTE: Escape carriage returns using '\' between rules.
    #
    # Example:
    # SSH|*|1|0|3|tcp|-|-|-|22 \

    # IPv4
    QOS_PRIOMARK4="\
    all_ICMP_Up|*|1|0|0|icmp|-|-|-|- \
    all_ICMP_Down|*|1|1|0|icmp|-|-|-|- \
    all_NonTCP_Up|*|1|0|1|!tcp|-|-|-|- \
    all_NonTCP_Down|*|1|1|1|!tcp|-|-|-|- \
    "

    # TODO: IPv6
    QOS_PRIOMARK6="\
    "

    # Custom/advanced rules
    #
    # Format:
    # <n>|<ifn>|<enabled>|<d[0-1]>|<prio[0-6]>|<param>
    #
    # Where <n> is the "nickname", a human-readable label (no spaces).
    # Where <ifn> is the name of the external interface. Use * for all interfaces.
    # Where <enabled> is set to 1 if enabled, 0 for disabled.
    # Where <d> is the direction, 0 for upstream and 1 for downstream.
    # Where <prio> is the priority, 0 being the highest and 6 being the lowest priority.
    # Where <param> is the iptables parameters to use.
    # Prohibited iptables parameters: -A, -I, -J
    #
    # NOTE: Do not escape carriage returns using '\' between rules.
    #
    # Example:
    # Example|*|1|0|3|-p tcp --dport 5555

    QOS_PRIOMARK4_CUSTOM="\
    TCP_ACK_Up|*|1|0|1|-p tcp -m length --length :64
    TCP_ACK_Down|*|1|1|1|-p tcp -m length --length :64
    "

    # TODO: IPv6
    QOS_PRIOMARK6_CUSTOM="\
    "

    # Override to load an alternate/experimental engine.
    QOS_ENGINE="/usr/clearos/apps/qos/deploy/libqos.lua"

    # vi: syntax=sh expandtab shiftwidth=4 softtabstop=4 tabstop=4
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, August 26 2014, 12:19 PM - #Permalink
    Resolved
    0 votes
    Can you post the contents of your /etc/clearos/qos.conf file? it doesn't like one of the configs, or it hasn't been provided
    The reply is currently minimized Show
Your Reply