Hi I have installed the qos app and it is crashing on start taking the internet access down.
It is on the default vanilla configuration with only the only upstream and downstream set.
The error message is at the bottom of the log from firewall-start -d:
firewall: Running external QoS bandwidth manager
firewall: Error: /usr/clearos/apps/qos/deploy/libqos.lua:493: bad argument #1 to 'pairs' (table expected, got nil)
How do I resolve it?
Thanks in advance
[root@Router01 ~]# firewall-start -d > out
firewall: Starting firewall...
firewall: Loading environment
firewall: FW_MODE=gateway
firewall: WANIF=eth1
firewall: LANIF=eth0
firewall: LANIF=eth2
firewall: LANIF=eth3
firewall: SYSWATCH_WANIF=eth1
firewall: WIFIF=
firewall: BANDWIDTH_QOS=off
firewall: QOS_ENGINE=/usr/clearos/apps/qos/deploy/libqos.lua
firewall: SQUID_USER_AUTHENTICATION=off
firewall: SQUID_TRANSPARENT=on
firewall: IPSEC_SERVER=off
firewall: PPTP_SERVER=off
firewall: ONE_TO_ONE_NAT_MODE=type2
firewall: RULES=||0x10000008|6|10.0.0.124|20|20
firewall: RULES=||0x10000008|6|10.0.0.124|21|21
firewall: RULES=||0x10000080|0|11.11.111.99||eth1_10.0.2.5
firewall: RULES=OpenVPN||0x10000001|17||1194|
firewall: RULES=||0x10000008|17|10.0.1.120||5060:5061
firewall: RULES=||0x10000008|6|10.0.0.124|22|22
firewall: RULES=||0x10000008|6|10.0.0.108|25|25
firewall: RULES=||0x10000008|6|10.0.0.125|3306|3306
firewall: RULES=||0x10000008|17|10.0.1.120||10000:20000
firewall: RULES=ssh_server||0x10000001|6||22|
firewall: RULES=webconfig||0x10000001|6||81|
firewall: RULES=||0x10000008|6|10.0.0.108|80|80
firewall: RULES=||0x10000008|6|10.0.0.108|443|443
firewall: FW_DROP=DROP
firewall: FW_ACCEPT=ACCEPT
firewall: IPBIN=/sbin/ip
firewall: TCBIN=/sbin/tc
firewall: MODPROBE=/sbin/modprobe
firewall: RMMOD=/sbin/rmmod
firewall: SYSCTL=/sbin/sysctl
firewall: IFCONFIG=/sbin/ifconfig
firewall: PPTP_PASSTHROUGH_FORCE=no
firewall: EGRESS_FILTERING=off
firewall: PROTOCOL_FILTERING=off
firewall: Detected WAN role for interface: eth1
firewall: Detected LAN role for interface: eth0
firewall: Detected LAN role for interface: eth2
firewall: Detected LAN role for interface: eth3
firewall: Setting kernel parameters
firewall: /sbin/sysctl -w net.ipv4.neigh.default.gc_thresh1=1024 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.neigh.default.gc_thresh2=4096 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.neigh.default.gc_thresh3=8192 >/dev/null = 0
firewall: /sbin/sysctl -w net.netfilter.nf_conntrack_max=524288 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.ip_forward=1 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.tcp_syncookies=1 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.conf.all.log_martians=0 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.conf.all.accept_redirects=0 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.conf.all.send_redirects=0 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.conf.default.accept_redirects=0 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.conf.default.send_redirects=0 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.conf.all.accept_source_route=0 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=1 >/dev/null = 0
firewall: Detected WAN info - eth1 11.11.111.98 on network 11.11.111.96/29
firewall: Detected LAN info - eth0 10.0.0.254 on network 10.0.0.0/24
firewall: Detected LAN info - eth2 10.0.1.1 on network 10.0.1.0/24
firewall: Detected LAN info - eth3 10.0.2.1 on network 10.0.2.0/24
firewall: Using gateway mode
firewall: Loading kernel modules
firewall: /sbin/modprobe ipt_LOG >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ipt_REJECT >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_conntrack_ftp >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_conntrack_irc >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ppp_generic >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ppp_mppe >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_conntrack_proto_gre >/dev/null 2>&1 = 256
firewall: /sbin/modprobe ip_conntrack_pptp >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ipt_IMQ >/dev/null 2>&1 = 0
firewall: Loading kernel modules for NAT
firewall: /sbin/modprobe ipt_MASQUERADE >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_nat_ftp >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_nat_irc >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_nat_proto_gre >/dev/null 2>&1 = 256
firewall: /sbin/modprobe ip_nat_pptp >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_nat_h323 >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_nat_tftp >/dev/null 2>&1 = 0
firewall: Setting default policy to DROP
firewall: Defining custom chains
firewall: iptables -t filter -A drop-lan -j DROP
firewall: Running blocked external rules
firewall: Running custom rules
firewall: Running common rules
firewall: iptables -t filter -A INPUT -m state --state INVALID -j DROP
firewall: iptables -t filter -A INPUT -p tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j REJECT --reject-with tcp-reset
firewall: iptables -t filter -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
firewall: iptables -t filter -A INPUT -i eth1 -s 127.0.0.0/8 -j DROP
firewall: iptables -t filter -A INPUT -i eth1 -s 169.254.0.0/16 -j DROP
firewall: iptables -t filter -A INPUT -i lo -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o lo -j ACCEPT
firewall: iptables -t filter -A INPUT -i pptp+ -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o pptp+ -j ACCEPT
firewall: iptables -t filter -A INPUT -i tun+ -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o tun+ -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth0 -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o eth0 -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth2 -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o eth2 -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth3 -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o eth3 -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth1 -p icmp --icmp-type 0 -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth1 -p icmp --icmp-type 3 -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth1 -p icmp --icmp-type 8 -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth1 -p icmp --icmp-type 11 -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o eth1 -p icmp -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth1 -p udp --dport bootpc --sport bootps -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth1 -p tcp --dport bootpc --sport bootps -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o eth1 -p udp --sport bootpc --dport bootps -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o eth1 -p tcp --sport bootpc --dport bootps -j ACCEPT
firewall: Running incoming denied rules
firewall: Running user-defined incoming rules
firewall: Allowing incoming udp port/range 1194
firewall: iptables -t filter -A INPUT -p 17 -d 11.11.111.98 --dport 1194 -j ACCEPT
firewall: iptables -t filter -A OUTPUT -p 17 -o eth1 -s 11.11.111.98 --sport 1194 -j ACCEPT
firewall: Allowing incoming tcp port/range 22
firewall: iptables -t filter -A INPUT -p 6 -d 11.11.111.98 --dport 22 -j ACCEPT
firewall: iptables -t filter -A OUTPUT -p 6 -o eth1 -s 11.11.111.98 --sport 22 -j ACCEPT
firewall: Allowing incoming tcp port/range 81
firewall: iptables -t filter -A INPUT -p 6 -d 11.11.111.98 --dport 81 -j ACCEPT
firewall: iptables -t filter -A OUTPUT -p 6 -o eth1 -s 11.11.111.98 --sport 81 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -o tun+ -j ACCEPT
firewall: Running default incoming allowed rules
firewall: iptables -t filter -A OUTPUT -o eth1 -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth1 -p udp --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth1 -p tcp --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
firewall: Running user-defined port forward rules
firewall: Port forwarding tcp 20 to 10.0.0.124 20
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 6 --dport 20 -j DNAT --to 10.0.0.124:20
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.124 -p 6 -s 10.0.0.0/255.255.255.0 --dport 20 -j SNAT --to 10.0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 6 -d 10.0.0.124 --dport 20 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.124 -p 6 -s 10.0.1.0/255.255.255.0 --dport 20 -j SNAT --to 10.0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.124 --dport 20 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.124 -p 6 -s 10.0.2.0/255.255.255.0 --dport 20 -j SNAT --to 10.0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.124 --dport 20 -j ACCEPT
firewall: Port forwarding tcp 21 to 10.0.0.124 21
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 6 --dport 21 -j DNAT --to 10.0.0.124:21
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.124 -p 6 -s 10.0.0.0/255.255.255.0 --dport 21 -j SNAT --to 10.0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 6 -d 10.0.0.124 --dport 21 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.124 -p 6 -s 10.0.1.0/255.255.255.0 --dport 21 -j SNAT --to 10.0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.124 --dport 21 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.124 -p 6 -s 10.0.2.0/255.255.255.0 --dport 21 -j SNAT --to 10.0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.124 --dport 21 -j ACCEPT
firewall: Port forwarding udp 5060:5061 to 10.0.1.120
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 17 --dport 5060:5061 -j DNAT --to 10.0.1.120
firewall: iptables -t nat -A POSTROUTING -d 10.0.1.120 -p 17 -s 10.0.0.0/255.255.255.0 --dport 5060:5061 -j SNAT --to 10.0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 17 -d 10.0.1.120 --dport 5060:5061 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.1.120 -p 17 -s 10.0.1.0/255.255.255.0 --dport 5060:5061 -j SNAT --to 10.0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 17 -d 10.0.1.120 --dport 5060:5061 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.1.120 -p 17 -s 10.0.2.0/255.255.255.0 --dport 5060:5061 -j SNAT --to 10.0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 17 -d 10.0.1.120 --dport 5060:5061 -j ACCEPT
firewall: Port forwarding tcp 22 to 10.0.0.124 22
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 6 --dport 22 -j DNAT --to 10.0.0.124:22
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.124 -p 6 -s 10.0.0.0/255.255.255.0 --dport 22 -j SNAT --to 10.0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 6 -d 10.0.0.124 --dport 22 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.124 -p 6 -s 10.0.1.0/255.255.255.0 --dport 22 -j SNAT --to 10.0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.124 --dport 22 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.124 -p 6 -s 10.0.2.0/255.255.255.0 --dport 22 -j SNAT --to 10.0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.124 --dport 22 -j ACCEPT
firewall: Port forwarding tcp 25 to 10.0.0.108 25
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 6 --dport 25 -j DNAT --to 10.0.0.108:25
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.0.0/255.255.255.0 --dport 25 -j SNAT --to 10.0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 6 -d 10.0.0.108 --dport 25 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.1.0/255.255.255.0 --dport 25 -j SNAT --to 10.0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.108 --dport 25 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.2.0/255.255.255.0 --dport 25 -j SNAT --to 10.0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.108 --dport 25 -j ACCEPT
firewall: Port forwarding tcp 3306 to 10.0.0.125 3306
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 6 --dport 3306 -j DNAT --to 10.0.0.125:3306
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.125 -p 6 -s 10.0.0.0/255.255.255.0 --dport 3306 -j SNAT --to 10.0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 6 -d 10.0.0.125 --dport 3306 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.125 -p 6 -s 10.0.1.0/255.255.255.0 --dport 3306 -j SNAT --to 10.0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.125 --dport 3306 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.125 -p 6 -s 10.0.2.0/255.255.255.0 --dport 3306 -j SNAT --to 10.0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.125 --dport 3306 -j ACCEPT
firewall: Port forwarding udp 10000:20000 to 10.0.1.120
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 17 --dport 10000:20000 -j DNAT --to 10.0.1.120
firewall: iptables -t nat -A POSTROUTING -d 10.0.1.120 -p 17 -s 10.0.0.0/255.255.255.0 --dport 10000:20000 -j SNAT --to 10.0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 17 -d 10.0.1.120 --dport 10000:20000 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.1.120 -p 17 -s 10.0.1.0/255.255.255.0 --dport 10000:20000 -j SNAT --to 10.0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 17 -d 10.0.1.120 --dport 10000:20000 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.1.120 -p 17 -s 10.0.2.0/255.255.255.0 --dport 10000:20000 -j SNAT --to 10.0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 17 -d 10.0.1.120 --dport 10000:20000 -j ACCEPT
firewall: Port forwarding tcp 80 to 10.0.0.108 80
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 6 --dport 80 -j DNAT --to 10.0.0.108:80
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.0.0/255.255.255.0 --dport 80 -j SNAT --to 10.0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 6 -d 10.0.0.108 --dport 80 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.1.0/255.255.255.0 --dport 80 -j SNAT --to 10.0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.108 --dport 80 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.2.0/255.255.255.0 --dport 80 -j SNAT --to 10.0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.108 --dport 80 -j ACCEPT
firewall: Port forwarding tcp 443 to 10.0.0.108 443
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 6 --dport 443 -j DNAT --to 10.0.0.108:443
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.0.0/255.255.255.0 --dport 443 -j SNAT --to 10.0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 6 -d 10.0.0.108 --dport 443 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.1.0/255.255.255.0 --dport 443 -j SNAT --to 10.0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.108 --dport 443 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.2.0/255.255.255.0 --dport 443 -j SNAT --to 10.0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.108 --dport 443 -j ACCEPT
firewall: /sbin/rmmod imq 2>/dev/null = 256
firewall: /sbin/tc qdisc del dev eth1 root >/dev/null 2>&1 = 512
firewall: Running external QoS bandwidth manager
firewall: Error: /usr/clearos/apps/qos/deploy/libqos.lua:493: bad argument #1 to 'pairs' (table expected, got nil)
[root@Router01 ~]# more out
Running firewall panic mode...
It is on the default vanilla configuration with only the only upstream and downstream set.
The error message is at the bottom of the log from firewall-start -d:
firewall: Running external QoS bandwidth manager
firewall: Error: /usr/clearos/apps/qos/deploy/libqos.lua:493: bad argument #1 to 'pairs' (table expected, got nil)
How do I resolve it?
Thanks in advance
[root@Router01 ~]# firewall-start -d > out
firewall: Starting firewall...
firewall: Loading environment
firewall: FW_MODE=gateway
firewall: WANIF=eth1
firewall: LANIF=eth0
firewall: LANIF=eth2
firewall: LANIF=eth3
firewall: SYSWATCH_WANIF=eth1
firewall: WIFIF=
firewall: BANDWIDTH_QOS=off
firewall: QOS_ENGINE=/usr/clearos/apps/qos/deploy/libqos.lua
firewall: SQUID_USER_AUTHENTICATION=off
firewall: SQUID_TRANSPARENT=on
firewall: IPSEC_SERVER=off
firewall: PPTP_SERVER=off
firewall: ONE_TO_ONE_NAT_MODE=type2
firewall: RULES=||0x10000008|6|10.0.0.124|20|20
firewall: RULES=||0x10000008|6|10.0.0.124|21|21
firewall: RULES=||0x10000080|0|11.11.111.99||eth1_10.0.2.5
firewall: RULES=OpenVPN||0x10000001|17||1194|
firewall: RULES=||0x10000008|17|10.0.1.120||5060:5061
firewall: RULES=||0x10000008|6|10.0.0.124|22|22
firewall: RULES=||0x10000008|6|10.0.0.108|25|25
firewall: RULES=||0x10000008|6|10.0.0.125|3306|3306
firewall: RULES=||0x10000008|17|10.0.1.120||10000:20000
firewall: RULES=ssh_server||0x10000001|6||22|
firewall: RULES=webconfig||0x10000001|6||81|
firewall: RULES=||0x10000008|6|10.0.0.108|80|80
firewall: RULES=||0x10000008|6|10.0.0.108|443|443
firewall: FW_DROP=DROP
firewall: FW_ACCEPT=ACCEPT
firewall: IPBIN=/sbin/ip
firewall: TCBIN=/sbin/tc
firewall: MODPROBE=/sbin/modprobe
firewall: RMMOD=/sbin/rmmod
firewall: SYSCTL=/sbin/sysctl
firewall: IFCONFIG=/sbin/ifconfig
firewall: PPTP_PASSTHROUGH_FORCE=no
firewall: EGRESS_FILTERING=off
firewall: PROTOCOL_FILTERING=off
firewall: Detected WAN role for interface: eth1
firewall: Detected LAN role for interface: eth0
firewall: Detected LAN role for interface: eth2
firewall: Detected LAN role for interface: eth3
firewall: Setting kernel parameters
firewall: /sbin/sysctl -w net.ipv4.neigh.default.gc_thresh1=1024 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.neigh.default.gc_thresh2=4096 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.neigh.default.gc_thresh3=8192 >/dev/null = 0
firewall: /sbin/sysctl -w net.netfilter.nf_conntrack_max=524288 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.ip_forward=1 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.tcp_syncookies=1 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.conf.all.log_martians=0 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.conf.all.accept_redirects=0 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.conf.all.send_redirects=0 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.conf.default.accept_redirects=0 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.conf.default.send_redirects=0 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.conf.all.accept_source_route=0 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=1 >/dev/null = 0
firewall: Detected WAN info - eth1 11.11.111.98 on network 11.11.111.96/29
firewall: Detected LAN info - eth0 10.0.0.254 on network 10.0.0.0/24
firewall: Detected LAN info - eth2 10.0.1.1 on network 10.0.1.0/24
firewall: Detected LAN info - eth3 10.0.2.1 on network 10.0.2.0/24
firewall: Using gateway mode
firewall: Loading kernel modules
firewall: /sbin/modprobe ipt_LOG >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ipt_REJECT >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_conntrack_ftp >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_conntrack_irc >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ppp_generic >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ppp_mppe >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_conntrack_proto_gre >/dev/null 2>&1 = 256
firewall: /sbin/modprobe ip_conntrack_pptp >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ipt_IMQ >/dev/null 2>&1 = 0
firewall: Loading kernel modules for NAT
firewall: /sbin/modprobe ipt_MASQUERADE >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_nat_ftp >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_nat_irc >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_nat_proto_gre >/dev/null 2>&1 = 256
firewall: /sbin/modprobe ip_nat_pptp >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_nat_h323 >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_nat_tftp >/dev/null 2>&1 = 0
firewall: Setting default policy to DROP
firewall: Defining custom chains
firewall: iptables -t filter -A drop-lan -j DROP
firewall: Running blocked external rules
firewall: Running custom rules
firewall: Running common rules
firewall: iptables -t filter -A INPUT -m state --state INVALID -j DROP
firewall: iptables -t filter -A INPUT -p tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j REJECT --reject-with tcp-reset
firewall: iptables -t filter -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
firewall: iptables -t filter -A INPUT -i eth1 -s 127.0.0.0/8 -j DROP
firewall: iptables -t filter -A INPUT -i eth1 -s 169.254.0.0/16 -j DROP
firewall: iptables -t filter -A INPUT -i lo -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o lo -j ACCEPT
firewall: iptables -t filter -A INPUT -i pptp+ -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o pptp+ -j ACCEPT
firewall: iptables -t filter -A INPUT -i tun+ -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o tun+ -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth0 -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o eth0 -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth2 -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o eth2 -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth3 -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o eth3 -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth1 -p icmp --icmp-type 0 -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth1 -p icmp --icmp-type 3 -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth1 -p icmp --icmp-type 8 -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth1 -p icmp --icmp-type 11 -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o eth1 -p icmp -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth1 -p udp --dport bootpc --sport bootps -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth1 -p tcp --dport bootpc --sport bootps -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o eth1 -p udp --sport bootpc --dport bootps -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o eth1 -p tcp --sport bootpc --dport bootps -j ACCEPT
firewall: Running incoming denied rules
firewall: Running user-defined incoming rules
firewall: Allowing incoming udp port/range 1194
firewall: iptables -t filter -A INPUT -p 17 -d 11.11.111.98 --dport 1194 -j ACCEPT
firewall: iptables -t filter -A OUTPUT -p 17 -o eth1 -s 11.11.111.98 --sport 1194 -j ACCEPT
firewall: Allowing incoming tcp port/range 22
firewall: iptables -t filter -A INPUT -p 6 -d 11.11.111.98 --dport 22 -j ACCEPT
firewall: iptables -t filter -A OUTPUT -p 6 -o eth1 -s 11.11.111.98 --sport 22 -j ACCEPT
firewall: Allowing incoming tcp port/range 81
firewall: iptables -t filter -A INPUT -p 6 -d 11.11.111.98 --dport 81 -j ACCEPT
firewall: iptables -t filter -A OUTPUT -p 6 -o eth1 -s 11.11.111.98 --sport 81 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -o tun+ -j ACCEPT
firewall: Running default incoming allowed rules
firewall: iptables -t filter -A OUTPUT -o eth1 -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth1 -p udp --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth1 -p tcp --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT
firewall: Running user-defined port forward rules
firewall: Port forwarding tcp 20 to 10.0.0.124 20
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 6 --dport 20 -j DNAT --to 10.0.0.124:20
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.124 -p 6 -s 10.0.0.0/255.255.255.0 --dport 20 -j SNAT --to 10.0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 6 -d 10.0.0.124 --dport 20 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.124 -p 6 -s 10.0.1.0/255.255.255.0 --dport 20 -j SNAT --to 10.0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.124 --dport 20 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.124 -p 6 -s 10.0.2.0/255.255.255.0 --dport 20 -j SNAT --to 10.0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.124 --dport 20 -j ACCEPT
firewall: Port forwarding tcp 21 to 10.0.0.124 21
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 6 --dport 21 -j DNAT --to 10.0.0.124:21
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.124 -p 6 -s 10.0.0.0/255.255.255.0 --dport 21 -j SNAT --to 10.0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 6 -d 10.0.0.124 --dport 21 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.124 -p 6 -s 10.0.1.0/255.255.255.0 --dport 21 -j SNAT --to 10.0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.124 --dport 21 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.124 -p 6 -s 10.0.2.0/255.255.255.0 --dport 21 -j SNAT --to 10.0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.124 --dport 21 -j ACCEPT
firewall: Port forwarding udp 5060:5061 to 10.0.1.120
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 17 --dport 5060:5061 -j DNAT --to 10.0.1.120
firewall: iptables -t nat -A POSTROUTING -d 10.0.1.120 -p 17 -s 10.0.0.0/255.255.255.0 --dport 5060:5061 -j SNAT --to 10.0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 17 -d 10.0.1.120 --dport 5060:5061 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.1.120 -p 17 -s 10.0.1.0/255.255.255.0 --dport 5060:5061 -j SNAT --to 10.0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 17 -d 10.0.1.120 --dport 5060:5061 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.1.120 -p 17 -s 10.0.2.0/255.255.255.0 --dport 5060:5061 -j SNAT --to 10.0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 17 -d 10.0.1.120 --dport 5060:5061 -j ACCEPT
firewall: Port forwarding tcp 22 to 10.0.0.124 22
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 6 --dport 22 -j DNAT --to 10.0.0.124:22
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.124 -p 6 -s 10.0.0.0/255.255.255.0 --dport 22 -j SNAT --to 10.0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 6 -d 10.0.0.124 --dport 22 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.124 -p 6 -s 10.0.1.0/255.255.255.0 --dport 22 -j SNAT --to 10.0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.124 --dport 22 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.124 -p 6 -s 10.0.2.0/255.255.255.0 --dport 22 -j SNAT --to 10.0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.124 --dport 22 -j ACCEPT
firewall: Port forwarding tcp 25 to 10.0.0.108 25
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 6 --dport 25 -j DNAT --to 10.0.0.108:25
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.0.0/255.255.255.0 --dport 25 -j SNAT --to 10.0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 6 -d 10.0.0.108 --dport 25 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.1.0/255.255.255.0 --dport 25 -j SNAT --to 10.0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.108 --dport 25 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.2.0/255.255.255.0 --dport 25 -j SNAT --to 10.0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.108 --dport 25 -j ACCEPT
firewall: Port forwarding tcp 3306 to 10.0.0.125 3306
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 6 --dport 3306 -j DNAT --to 10.0.0.125:3306
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.125 -p 6 -s 10.0.0.0/255.255.255.0 --dport 3306 -j SNAT --to 10.0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 6 -d 10.0.0.125 --dport 3306 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.125 -p 6 -s 10.0.1.0/255.255.255.0 --dport 3306 -j SNAT --to 10.0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.125 --dport 3306 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.125 -p 6 -s 10.0.2.0/255.255.255.0 --dport 3306 -j SNAT --to 10.0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.125 --dport 3306 -j ACCEPT
firewall: Port forwarding udp 10000:20000 to 10.0.1.120
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 17 --dport 10000:20000 -j DNAT --to 10.0.1.120
firewall: iptables -t nat -A POSTROUTING -d 10.0.1.120 -p 17 -s 10.0.0.0/255.255.255.0 --dport 10000:20000 -j SNAT --to 10.0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 17 -d 10.0.1.120 --dport 10000:20000 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.1.120 -p 17 -s 10.0.1.0/255.255.255.0 --dport 10000:20000 -j SNAT --to 10.0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 17 -d 10.0.1.120 --dport 10000:20000 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.1.120 -p 17 -s 10.0.2.0/255.255.255.0 --dport 10000:20000 -j SNAT --to 10.0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 17 -d 10.0.1.120 --dport 10000:20000 -j ACCEPT
firewall: Port forwarding tcp 80 to 10.0.0.108 80
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 6 --dport 80 -j DNAT --to 10.0.0.108:80
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.0.0/255.255.255.0 --dport 80 -j SNAT --to 10.0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 6 -d 10.0.0.108 --dport 80 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.1.0/255.255.255.0 --dport 80 -j SNAT --to 10.0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.108 --dport 80 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.2.0/255.255.255.0 --dport 80 -j SNAT --to 10.0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.108 --dport 80 -j ACCEPT
firewall: Port forwarding tcp 443 to 10.0.0.108 443
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 6 --dport 443 -j DNAT --to 10.0.0.108:443
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.0.0/255.255.255.0 --dport 443 -j SNAT --to 10.0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 6 -d 10.0.0.108 --dport 443 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.1.0/255.255.255.0 --dport 443 -j SNAT --to 10.0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.108 --dport 443 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.2.0/255.255.255.0 --dport 443 -j SNAT --to 10.0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.108 --dport 443 -j ACCEPT
firewall: /sbin/rmmod imq 2>/dev/null = 256
firewall: /sbin/tc qdisc del dev eth1 root >/dev/null 2>&1 = 512
firewall: Running external QoS bandwidth manager
firewall: Error: /usr/clearos/apps/qos/deploy/libqos.lua:493: bad argument #1 to 'pairs' (table expected, got nil)
[root@Router01 ~]# more out
Running firewall panic mode...
Share this post:
Responses (8)
-
Accepted Answer
Hi Tim,
We have progress.
the process finishes but I have no access to the internet after it runs.
Any idea how to resolve it?
this is the output of the running firewall-restart -d
firewall: Starting firewall...
firewall: Loading environment
firewall: FW_MODE=gateway
firewall: WANIF=eth1
firewall: LANIF=eth0
firewall: LANIF=eth2
firewall: LANIF=eth3
firewall: SYSWATCH_WANIF=eth1
firewall: WIFIF=
firewall: BANDWIDTH_QOS=off
firewall: QOS_ENGINE=/usr/clearos/apps/qos/deploy/libqos.lua
firewall: SQUID_USER_AUTHENTICATION=off
firewall: SQUID_TRANSPARENT=on
firewall: IPSEC_SERVER=off
firewall: PPTP_SERVER=off
firewall: ONE_TO_ONE_NAT_MODE=type2
firewall: RULES=FTP||0x00000008|6|10.0.0.124|20|20
firewall: RULES=FTP||0x00000008|6|10.0.0.124|21|21
firewall: RULES=||0x10000008|6|10.0.0.108|143|143
firewall: RULES=||0x10000080|0|11.11.111.99||eth1_10.0.2.5
firewall: RULES=OpenVPN||0x10000001|17||1194|
firewall: RULES=||0x10000008|17|10.0.1.120||5060:5061
firewall: RULES=||0x10000008|6|10.0.0.124|22|22
firewall: RULES=||0x10000008|6|10.0.0.108|25|25
firewall: RULES=||0x10000008|6|10.0.0.125|3306|3306
firewall: RULES=||0x10000008|17|10.0.1.120||10000:20000
firewall: RULES=ssh_server||0x10000001|6||22|
firewall: RULES=webconfig||0x10000001|6||81|
firewall: RULES=||0x10000008|6|10.0.0.108|80|80
firewall: RULES=||0x10000008|6|10.0.0.108|443|443
firewall: FW_DROP=DROP
firewall: FW_ACCEPT=ACCEPT
firewall: IPBIN=/sbin/ip
firewall: TCBIN=/sbin/tc
firewall: MODPROBE=/sbin/modprobe
firewall: RMMOD=/sbin/rmmod
firewall: SYSCTL=/sbin/sysctl
firewall: IFCONFIG=/sbin/ifconfig
firewall: PPTP_PASSTHROUGH_FORCE=no
firewall: EGRESS_FILTERING=off
firewall: PROTOCOL_FILTERING=off
firewall: Detected WAN role for interface: eth1
firewall: Detected LAN role for interface: eth0
firewall: Detected LAN role for interface: eth2
firewall: Detected LAN role for interface: eth3
firewall: Setting kernel parameters
firewall: /sbin/sysctl -w net.ipv4.neigh.default.gc_thresh1=1024 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.neigh.default.gc_thresh2=4096 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.neigh.default.gc_thresh3=8192 >/dev/null = 0
firewall: /sbin/sysctl -w net.netfilter.nf_conntrack_max=524288 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.ip_forward=1 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.tcp_syncookies=1 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.conf.all.log_martians=0 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.conf.all.accept_redirects=0 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.conf.all.send_redirects=0 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.conf.default.accept_redirects=0 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.conf.default.send_redirects=0 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.conf.all.accept_source_route=0 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1 >/dev/null = 0
firewall: /sbin/sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=1 >/dev/null = 0
firewall: Detected WAN info - eth1 11.11.111.98 on network 11.11.111.96/29
firewall: Detected LAN info - eth0 10.0.0.254 on network 10.0.0.0/24
firewall: Detected LAN info - eth2 10.0.1.1 on network 10.0.1.0/24
firewall: Detected LAN info - eth3 10.0.2.1 on network 10.0.2.0/24
firewall: Using gateway mode
firewall: Loading kernel modules
firewall: /sbin/modprobe ipt_LOG >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ipt_REJECT >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_conntrack_ftp >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_conntrack_irc >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ppp_generic >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ppp_mppe >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_conntrack_proto_gre >/dev/null 2>&1 = 256
firewall: /sbin/modprobe ip_conntrack_pptp >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ipt_IMQ >/dev/null 2>&1 = 0
firewall: Loading kernel modules for NAT
firewall: /sbin/modprobe ipt_MASQUERADE >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_nat_ftp >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_nat_irc >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_nat_proto_gre >/dev/null 2>&1 = 256
firewall: /sbin/modprobe ip_nat_pptp >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_nat_h323 >/dev/null 2>&1 = 0
firewall: /sbin/modprobe ip_nat_tftp >/dev/null 2>&1 = 0
firewall: Setting default policy to DROP
firewall: Defining custom chains
firewall: iptables -t filter -A drop-lan -j DROP
firewall: Running blocked external rules
firewall: Running custom rules
firewall: Running common rules
firewall: iptables -t filter -A INPUT -m state --state INVALID -j DROP
firewall: iptables -t filter -A INPUT -p tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j REJECT --reject- with tcp-reset
firewall: iptables -t filter -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
firewall: iptables -t filter -A INPUT -i eth1 -s 127.0.0.0/8 -j DROP
firewall: iptables -t filter -A INPUT -i eth1 -s 169.254.0.0/16 -j DROP
firewall: iptables -t filter -A INPUT -i lo -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o lo -j ACCEPT
firewall: iptables -t filter -A INPUT -i pptp+ -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o pptp+ -j ACCEPT
firewall: iptables -t filter -A INPUT -i tun+ -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o tun+ -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth0 -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o eth0 -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth2 -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o eth2 -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth3 -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o eth3 -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth1 -p icmp --icmp-type 0 -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth1 -p icmp --icmp-type 3 -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth1 -p icmp --icmp-type 8 -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth1 -p icmp --icmp-type 11 -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o eth1 -p icmp -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth1 -p udp --dport bootpc --sport bootps -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth1 -p tcp --dport bootpc --sport bootps -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o eth1 -p udp --sport bootpc --dport bootps -j ACCEPT
firewall: iptables -t filter -A OUTPUT -o eth1 -p tcp --sport bootpc --dport bootps -j ACCEPT
firewall: Running incoming denied rules
firewall: Running user-defined incoming rules
firewall: Allowing incoming udp port/range 1194
firewall: iptables -t filter -A INPUT -p 17 -d 11.11.111.98 --dport 1194 -j ACCEPT
firewall: iptables -t filter -A OUTPUT -p 17 -o eth1 -s 11.11.111.98 --sport 1194 -j ACCEPT
firewall: Allowing incoming tcp port/range 22
firewall: iptables -t filter -A INPUT -p 6 -d 11.11.111.98 --dport 22 -j ACCEPT
firewall: iptables -t filter -A OUTPUT -p 6 -o eth1 -s 11.11.111.98 --sport 22 -j ACCEPT
firewall: Allowing incoming tcp port/range 81
firewall: iptables -t filter -A INPUT -p 6 -d 11.11.111.98 --dport 81 -j ACCEPT
firewall: iptables -t filter -A OUTPUT -p 6 -o eth1 -s 11.11.111.98 --sport 81 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -o tun+ -j ACCEPT
firewall: Running default incoming allowed rules
firewall: iptables -t filter -A OUTPUT -o eth1 -j ACCEPT
firewall: iptables -t filter -A INPUT -i eth1 -p udp --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j A CCEPT
firewall: iptables -t filter -A INPUT -i eth1 -p tcp --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j A CCEPT
firewall: Running user-defined port forward rules
firewall: Port forwarding tcp 143 to 10.0.0.108 143
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 6 --dport 143 -j DNAT --to 10.0.0.108:143
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.0.0/255.255.255.0 --dport 143 -j SNAT --to 10 .0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 6 -d 10.0.0.108 --dport 143 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.1.0/255.255.255.0 --dport 143 -j SNAT --to 10 .0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.108 --dport 143 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.2.0/255.255.255.0 --dport 143 -j SNAT --to 10 .0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.108 --dport 143 -j ACCEPT
firewall: Port forwarding udp 5060:5061 to 10.0.1.120
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 17 --dport 5060:5061 -j DNAT --to 10.0.1.120
firewall: iptables -t nat -A POSTROUTING -d 10.0.1.120 -p 17 -s 10.0.0.0/255.255.255.0 --dport 5060:5061 -j SNAT --to 10.0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 17 -d 10.0.1.120 --dport 5060:5061 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.1.120 -p 17 -s 10.0.1.0/255.255.255.0 --dport 5060:5061 -j SNAT --to 10.0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 17 -d 10.0.1.120 --dport 5060:5061 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.1.120 -p 17 -s 10.0.2.0/255.255.255.0 --dport 5060:5061 -j SNAT --to 10.0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 17 -d 10.0.1.120 --dport 5060:5061 -j ACCEPT
firewall: Port forwarding tcp 22 to 10.0.0.124 22
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 6 --dport 22 -j DNAT --to 10.0.0.124:22
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.124 -p 6 -s 10.0.0.0/255.255.255.0 --dport 22 -j SNAT --to 10. 0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 6 -d 10.0.0.124 --dport 22 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.124 -p 6 -s 10.0.1.0/255.255.255.0 --dport 22 -j SNAT --to 10. 0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.124 --dport 22 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.124 -p 6 -s 10.0.2.0/255.255.255.0 --dport 22 -j SNAT --to 10. 0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.124 --dport 22 -j ACCEPT
firewall: Port forwarding tcp 25 to 10.0.0.108 25
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 6 --dport 25 -j DNAT --to 10.0.0.108:25
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.0.0/255.255.255.0 --dport 25 -j SNAT --to 10. 0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 6 -d 10.0.0.108 --dport 25 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.1.0/255.255.255.0 --dport 25 -j SNAT --to 10. 0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.108 --dport 25 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.2.0/255.255.255.0 --dport 25 -j SNAT --to 10. 0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.108 --dport 25 -j ACCEPT
firewall: Port forwarding tcp 3306 to 10.0.0.125 3306
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 6 --dport 3306 -j DNAT --to 10.0.0.125:3306
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.125 -p 6 -s 10.0.0.0/255.255.255.0 --dport 3306 -j SNAT --to 1 0.0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 6 -d 10.0.0.125 --dport 3306 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.125 -p 6 -s 10.0.1.0/255.255.255.0 --dport 3306 -j SNAT --to 1 0.0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.125 --dport 3306 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.125 -p 6 -s 10.0.2.0/255.255.255.0 --dport 3306 -j SNAT --to 1 0.0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.125 --dport 3306 -j ACCEPT
firewall: Port forwarding udp 10000:20000 to 10.0.1.120
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 17 --dport 10000:20000 -j DNAT --to 10.0.1.120
firewall: iptables -t nat -A POSTROUTING -d 10.0.1.120 -p 17 -s 10.0.0.0/255.255.255.0 --dport 10000:20000 -j SNA T --to 10.0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 17 -d 10.0.1.120 --dport 10000:20000 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.1.120 -p 17 -s 10.0.1.0/255.255.255.0 --dport 10000:20000 -j SNA T --to 10.0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 17 -d 10.0.1.120 --dport 10000:20000 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.1.120 -p 17 -s 10.0.2.0/255.255.255.0 --dport 10000:20000 -j SNA T --to 10.0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 17 -d 10.0.1.120 --dport 10000:20000 -j ACCEPT
firewall: Port forwarding tcp 80 to 10.0.0.108 80
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 6 --dport 80 -j DNAT --to 10.0.0.108:80
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.0.0/255.255.255.0 --dport 80 -j SNAT --to 10. 0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 6 -d 10.0.0.108 --dport 80 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.1.0/255.255.255.0 --dport 80 -j SNAT --to 10. 0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.108 --dport 80 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.2.0/255.255.255.0 --dport 80 -j SNAT --to 10. 0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.108 --dport 80 -j ACCEPT
firewall: Port forwarding tcp 443 to 10.0.0.108 443
firewall: iptables -t nat -A PREROUTING -d 11.11.111.98 -p 6 --dport 443 -j DNAT --to 10.0.0.108:443
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.0.0/255.255.255.0 --dport 443 -j SNAT --to 10 .0.0.254
firewall: iptables -t filter -A FORWARD -o eth0 -p 6 -d 10.0.0.108 --dport 443 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.1.0/255.255.255.0 --dport 443 -j SNAT --to 10 .0.1.1
firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.108 --dport 443 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.2.0/255.255.255.0 --dport 443 -j SNAT --to 10 .0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.108 --dport 443 -j ACCEPT
firewall: /sbin/rmmod imq 2>/dev/null = 256
firewall: /sbin/tc qdisc del dev eth1 root >/dev/null 2>&1 = 512
firewall: Running external QoS bandwidth manager
firewall: Auto-r2q for minimum rate 2520: 209 (quantum: 1507.1770334928)
firewall: Auto-r2q for minimum rate 2520: 209 (quantum: 1507.1770334928)
firewall: /sbin/ip link set dev eth1 qlen 30 = 0
firewall: /sbin/tc qdisc add dev eth1 root handle 1: htb default 16 r2q 209 = 0
firewall: /sbin/tc class add dev eth1 parent 1: classid 1:1 htb rate 18000kbit = 0
firewall: /sbin/tc class add dev eth1 parent 1:1 classid 1:10 htb rate 2700kbit ceil 18000kbit prio 0 = 0
firewall: /sbin/tc qdisc add dev eth1 parent 1:10 handle 10: sfq perturb 10 = 0
firewall: /sbin/tc filter add dev eth1 parent 1:0 prio 0 protocol ip handle 10 fw flowid 1:10 = 0
firewall: /sbin/tc class add dev eth1 parent 1:1 classid 1:11 htb rate 2700kbit ceil 7200kbit prio 1 = 0
firewall: /sbin/tc qdisc add dev eth1 parent 1:11 handle 11: sfq perturb 10 = 0
firewall: /sbin/tc filter add dev eth1 parent 1:0 prio 0 protocol ip handle 11 fw flowid 1:11 = 0
firewall: /sbin/tc class add dev eth1 parent 1:1 classid 1:12 htb rate 2520kbit ceil 15480kbit prio 2 = 0
firewall: /sbin/tc qdisc add dev eth1 parent 1:12 handle 12: sfq perturb 10 = 0
firewall: /sbin/tc filter add dev eth1 parent 1:0 prio 0 protocol ip handle 12 fw flowid 1:12 = 0
firewall: /sbin/tc class add dev eth1 parent 1:1 classid 1:13 htb rate 2520kbit ceil 16740kbit prio 3 = 0
firewall: /sbin/tc qdisc add dev eth1 parent 1:13 handle 13: sfq perturb 10 = 0
firewall: /sbin/tc filter add dev eth1 parent 1:0 prio 0 protocol ip handle 13 fw flowid 1:13 = 0
firewall: /sbin/tc class add dev eth1 parent 1:1 classid 1:14 htb rate 2520kbit ceil 15300kbit prio 4 = 0
firewall: /sbin/tc qdisc add dev eth1 parent 1:14 handle 14: sfq perturb 10 = 0
firewall: /sbin/tc filter add dev eth1 parent 1:0 prio 0 protocol ip handle 14 fw flowid 1:14 = 0
firewall: /sbin/tc class add dev eth1 parent 1:1 classid 1:15 htb rate 2520kbit ceil 14400kbit prio 5 = 0
firewall: /sbin/tc qdisc add dev eth1 parent 1:15 handle 15: sfq perturb 10 = 0
firewall: /sbin/tc filter add dev eth1 parent 1:0 prio 0 protocol ip handle 15 fw flowid 1:15 = 0
firewall: /sbin/tc class add dev eth1 parent 1:1 classid 1:16 htb rate 2520kbit ceil 11160kbit prio 6 = 0
firewall: /sbin/tc qdisc add dev eth1 parent 1:16 handle 16: sfq perturb 10 = 0
firewall: /sbin/tc filter add dev eth1 parent 1:0 prio 0 protocol ip handle 16 fw flowid 1:16 = 0
firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 8008 -j MARK --set-mark 12
firewall: iptables -t mangle -A BWQOS_UP_eth1 -p udp --dport 53 -j MARK --set-mark 10
firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 2121 -j MARK --set-mark 13
firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 21 -j MARK --set-mark 13
firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --dport 443 -j MARK --set-mark 14
firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 443 -j MARK --set-mark 14
firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --dport 80 -j MARK --set-mark 14
firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 80 -j MARK --set-mark 14
firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 143 -j MARK --set-mark 12
firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 995 -j MARK --set-mark 13
firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 110 -j MARK --set-mark 12
firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 993 -j MARK --set-mark 13
firewall: iptables -t mangle -A BWQOS_UP_eth1 -s10.0.1.120 -j MARK --set-mark 11
firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 1723 -j MARK --set-mark 12
firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 3389 -j MARK --set-mark 12
firewall: iptables -t mangle -A BWQOS_UP_eth1 -p udp --sport 554 -j MARK --set-mark 12
firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 873 -j MARK --set-mark 14
firewall: iptables -t mangle -A BWQOS_UP_eth1 -p udp --sport 5060 -j MARK --set-mark 11
firewall: iptables -t mangle -A BWQOS_UP_eth1 -p udp --sport 5061 -j MARK --set-mark 11
firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 25 -j MARK --set-mark 14
firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 22 -j MARK --set-mark 12
firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 8080 -j MARK --set-mark 12
firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 23 -j MARK --set-mark 13
firewall: iptables -t mangle -A BWQOS_UP_eth1 -p udp --sport 51413 -j MARK --set-mark 15
firewall: iptables -t mangle -A BWQOS_UP_eth1 -p udp --sport 1755 -j MARK --set-mark 12
firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp --sport 81 -j MARK --set-mark 12
firewall: iptables -t mangle -A BWQOS_UP_eth1 -p icmp -j MARK --set-mark 10
firewall: iptables -t mangle -A BWQOS_UP_eth1 -p udp -j MARK --set-mark 12
firewall: iptables -t mangle -A BWQOS_UP_eth1 -p tcp -m length --length :64 -j MARK --set-mark 11
firewall: iptables -t mangle -I POSTROUTING -o eth1 -j BWQOS_UP_eth1
firewall: /sbin/modprobe imq numdevs=1 = 0
firewall: /sbin/ip link set imq0 up = 0
firewall: /sbin/tc qdisc add dev imq0 root handle 1: htb default 16 r2q 209 = 0
firewall: /sbin/tc class add dev imq0 parent 1: classid 1:1 htb rate 18000kbit = 0
firewall: /sbin/tc class add dev imq0 parent 1:1 classid 1:10 htb rate 2700kbit ceil 18000kbit prio 0 = 0
firewall: /sbin/tc qdisc add dev imq0 parent 1:10 handle 10: sfq perturb 10 = 0
firewall: /sbin/tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 10 fw flowid 1:10 = 0
firewall: /sbin/tc class add dev imq0 parent 1:1 classid 1:11 htb rate 2700kbit ceil 10080kbit prio 1 = 0
firewall: /sbin/tc qdisc add dev imq0 parent 1:11 handle 11: sfq perturb 10 = 0
firewall: /sbin/tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 11 fw flowid 1:11 = 0
firewall: /sbin/tc class add dev imq0 parent 1:1 classid 1:12 htb rate 2520kbit ceil 18000kbit prio 2 = 0
firewall: /sbin/tc qdisc add dev imq0 parent 1:12 handle 12: sfq perturb 10 = 0
firewall: /sbin/tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 12 fw flowid 1:12 = 0
firewall: /sbin/tc class add dev imq0 parent 1:1 classid 1:13 htb rate 2520kbit ceil 18000kbit prio 3 = 0
firewall: /sbin/tc qdisc add dev imq0 parent 1:13 handle 13: sfq perturb 10 = 0
firewall: /sbin/tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 13 fw flowid 1:13 = 0
firewall: /sbin/tc class add dev imq0 parent 1:1 classid 1:14 htb rate 2520kbit ceil 18000kbit prio 4 = 0
firewall: /sbin/tc qdisc add dev imq0 parent 1:14 handle 14: sfq perturb 10 = 0
firewall: /sbin/tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 14 fw flowid 1:14 = 0
firewall: /sbin/tc class add dev imq0 parent 1:1 classid 1:15 htb rate 2520kbit ceil 18000kbit prio 5 = 0
firewall: /sbin/tc qdisc add dev imq0 parent 1:15 handle 15: sfq perturb 10 = 0
firewall: /sbin/tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 15 fw flowid 1:15 = 0
firewall: /sbin/tc class add dev imq0 parent 1:1 classid 1:16 htb rate 2520kbit ceil 9180kbit prio 6 = 0
firewall: /sbin/tc qdisc add dev imq0 parent 1:16 handle 16: sfq perturb 10 = 0
firewall: /sbin/tc filter add dev imq0 parent 1:0 prio 0 protocol ip handle 16 fw flowid 1:16 = 0
firewall: iptables -t mangle -A BWQOS_DOWN_eth1 -p udp --sport 19305 -j MARK --set-mark 11
firewall: iptables -t mangle -A BWQOS_DOWN_eth1 -p tcp --sport 80 -j MARK --set-mark 14
firewall: iptables -t mangle -A BWQOS_DOWN_eth1 -p udp -d 192.168.199.190 -j MARK --set-mark 11
firewall: iptables -t mangle -A BWQOS_DOWN_eth1 -p icmp -j MARK --set-mark 10
firewall: iptables -t mangle -A BWQOS_DOWN_eth1 -p udp -j MARK --set-mark 12
firewall: iptables -t mangle -A BWQOS_DOWN_eth1 -p tcp -m length --length :64 -j MARK --set-mark 11
firewall: iptables -t mangle -A BWQOS_DOWN_eth1 -j IMQ --todev 0
firewall: iptables -t mangle -I PREROUTING -i eth1 -j BWQOS_DOWN_eth1
firewall: Running 1-to-1 NAT rules
firewall: Resetting 1-to-1 NAT alias: eth1:200
firewall: /sbin/ifconfig eth1:200 down 2>/dev/null = 0
firewall: Creating alias IP address for 1-to-1 NAT: 11.11.111.99
firewall: /sbin/ifconfig eth1:200 11.11.111.99 netmask 255.255.255.248 up = 0
firewall: Enabling 1:1 NAT eth1 10.0.2.5 - 11.11.111.99
firewall: iptables -t nat -A PREROUTING -d 11.11.111.99 -j DNAT --to 10.0.2.5
firewall: iptables -t nat -A POSTROUTING -s 10.0.2.5 -j SNAT --to 11.11.111.99
firewall: iptables -t nat -A POSTROUTING -s 10.0.0.0/255.255.255.0 -d 10.0.2.5 -j SNAT --to 10.0.0.254
firewall: iptables -t nat -A POSTROUTING -s 10.0.1.0/255.255.255.0 -d 10.0.2.5 -j SNAT --to 10.0.1.1
firewall: iptables -t nat -A POSTROUTING -s 10.0.2.0/255.255.255.0 -d 10.0.2.5 -j SNAT --to 10.0.2.1
firewall: iptables -t filter -A FORWARD -i eth1 -d 10.0.2.5 -j ACCEPT
firewall: Running user-defined proxy rules
firewall: Content filter is offline
firewall: Web proxy is offline
firewall: Running multipath
firewall: /sbin/ip rule | grep -Ev '(local|main|default)' | while read PRIO RULE; do /sbin/ip rule del prio ${PRIO%%:*} 2>/dev/null; done = 0
firewall: /sbin/ip rule | grep -Ev '(local|main|default)' | while read PRIO RULE; do /sbin/ip rule del $RULE prio ${PRIO%%:*} 2>/dev/null; done = 0
firewall: /sbin/ip route flush table 50 = 0
firewall: /sbin/ip route flush cache = 0
firewall: Enabling NAT on WAN interface eth1
firewall: iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
firewall: Running user-defined outgoing block rules
firewall: Running default forwarding rules
firewall: iptables -t filter -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
firewall: iptables -t filter -A FORWARD -i eth0 -j ACCEPT
firewall: iptables -t filter -A FORWARD -i eth2 -j ACCEPT
firewall: iptables -t filter -A FORWARD -i eth3 -j ACCEPT
firewall: iptables -t filter -A FORWARD -i pptp+ -j ACCEPT
firewall: iptables -t filter -A FORWARD -i tun+ -j ACCEPT
firewall: Execution time: 0.959s -
Accepted Answer
Did you also set
QOS_UPSTREAM_BWLIMIT="*:100:100:100:100:100:100:100"
QOS_DOWNSTREAM_BWLIMIT="*:100:100:100:100:100:100:100"
You might also try using wildcards for the interface name? I've been hacking around with this module so not sure what the default config is
QOS_UPSTREAM_BWRES="*:15:15:14:14:14:14:14"
QOS_DOWNSTREAM_BWRES="*:15:15:14:14:14:14:14" -
Accepted Answer
-
Accepted Answer
Hi Tim,
The system is remote and my access to it is restricted so could not test it again until this morning.
Though I get the same error ....
I set:
QOS_UPSTREAM="eth1:18000:auto"
QOS_DOWNSTREAM="eth1:18000:auto"
QOS_UPSTREAM_BWRES="eth1:15:15:14:14:14:14:14"
QOS_DOWNSTREAM_BWRES="eth1:15:15:14:14:14:14:14"
Then run 'firewall-start -d' and got again:
.........
firewall: iptables -t filter -A FORWARD -o eth2 -p 6 -d 10.0.0.108 --dport 443 -j ACCEPT
firewall: iptables -t nat -A POSTROUTING -d 10.0.0.108 -p 6 -s 10.0.2.0/255.255.255.0 --dport 443 -j SNAT --to 10.0.2.1
firewall: iptables -t filter -A FORWARD -o eth3 -p 6 -d 10.0.0.108 --dport 443 -j ACCEPT
firewall: /sbin/rmmod imq 2>/dev/null = 256
firewall: /sbin/tc qdisc del dev eth1 root >/dev/null 2>&1 = 512
firewall: Running external QoS bandwidth manager
firewall: Error: /usr/clearos/apps/qos/deploy/libqos.lua:493: bad argument #1 to 'pairs' (table expected, got nil)
Running firewall panic mode... -
Accepted Answer
-
Accepted Answer
Hi Tim,
Thank you for looking into it.
this is the qos.conf:
# Enable ClearOS Bandwidth QoS Engine
QOS_ENABLE="on"
# External interface speeds in kbit/s.
#
# Format:
# <ifn>:<speed>:<r2q>[ <ifn>:<speed>:<r2q>] ...
#
# Where <ifn> is the name of the external interface.
# Where <speed> is the external connection speed in kbit/s.
# Where <r2q> is the used to calculate the queue quantum (see below).
# You may set this to 'auto' (no quotes) to have an r2q value
# calculated for you.
#
# NOTE:
#
# - Specify multiple external interfaces using a space delimiter.
#
# - The accuracy of the speed values is critital for correct operation
# of the QoS rules. Too low and the connection(s) will be throttled.
# Too high and the QoS engine will become unpredictable.
#
# - The 'r2q' parameter stands for 'rate to quantum' and is the
# conversion factor used to calculate the quantum value for a queue.
# The quantum is calculated using the formula:
#
# quantum = rate (in bytes) / r2q
#
# The resulting quantum should be greater than your interface MTU and
# less than 60,000 (though it appears the value hard-coded in the
# kernal is 200,000 for 3.7.x).
#
# If you see kernel messages such as:
# "HTB: quantum of class 10002 is small/large. Consider r2q change."
# You should calculate a better r2q value.
#
# Example:
# QOS_UPSTREAM="ppp0:7168:auto"
# QOS_DOWNSTREAM="ppp0:25600:10"
QOS_UPSTREAM="eth1:18000:auto"
QOS_DOWNSTREAM="eth1:18000:auto"
# QoS priority class bandwidth reservation configuration
#
# Format:
# <ifn>:<n>:<n>:<n>:<n>:<n>:<n>:<n>[ <ifn>:...]
# 0 1 2 3 4 5 6
# Highest --------------------------> Lowest priority
#
# Where <ifn> is the name of the external interface. Use * for all interfaces.
# Where <n> is the percentage of bandwidth reserved per priority class.
#
# NOTE: The sum of all priorities must equal 100%.
#
# Example:
# QOS_UPSTREAM_BWRES="ppp0:15:15:14:14:14:14:14"
# QOS_DOWNSTREAM_BWRES="ppp0:15:15:14:14:14:14:14"
QOS_UPSTREAM_BWRES=""
QOS_DOWNSTREAM_BWRES=""
# QoS priority class bandwidth limit configuration
#
# Format:
# <ifn>:<n>:<n>:<n>:<n>:<n>:<n>:<n>[ <ifn>:...]
# 0 1 2 3 4 5 6
# Highest --------------------------> Lowest priority
#
# Where <ifn> is the name of the external interface. Use * for all interfaces.
# Where <n> is the percentage of bandwidth to limit per priority class.
#
# NOTE: Each percentage must be greater than or equal to the
# corresponding reservation value and not exceed 100%.
#
# Example:
# QOS_UPSTREAM_BWLIMIT="ppp0:100:100:100:100:100:100:100:100"
# QOS_DOWNSTREAM_BWLIMIT="ppp0:100:100:100:100:100:100:100:100"
QOS_UPSTREAM_BWLIMIT=""
QOS_DOWNSTREAM_BWLIMIT=""
# QoS priority mark rules
#
# Format:
# <n>|<ifn>|<enabled>|<d[0-1]>|<prio[0-6]>|<proto>|<saddr>|<sport>|<daddr>|<dport>
#
# Where <n> is the "nickname", a human-readable label (no spaces).
# Where <ifn> is the name of the external interface. Use * for all interfaces.
# Where <enabled> is set to 1 if enabled, 0 for disabled.
# Where <d> is the direction, 0 for upstream and 1 for downstream.
# Where <prio> is the priority, 0 being the highest and 6 being the lowest priority.
# Where <proto> is the protocol (ex: tcp, udp, icmp, etc).
# Where <saddr> is the source address. Use - for an empty field.
# Where <sport> is the source port. Use - for an empty field.
# Where <daddr> is the destination address. Use - for an empty field.
# Where <dport> is the destination port. Use - for an empty field.
#
# NOTE: Escape carriage returns using '\' between rules.
#
# Example:
# SSH|*|1|0|3|tcp|-|-|-|22 \
# IPv4
QOS_PRIOMARK4="\
all_ICMP_Up|*|1|0|0|icmp|-|-|-|- \
all_ICMP_Down|*|1|1|0|icmp|-|-|-|- \
all_NonTCP_Up|*|1|0|1|!tcp|-|-|-|- \
all_NonTCP_Down|*|1|1|1|!tcp|-|-|-|- \
"
# TODO: IPv6
QOS_PRIOMARK6="\
"
# Custom/advanced rules
#
# Format:
# <n>|<ifn>|<enabled>|<d[0-1]>|<prio[0-6]>|<param>
#
# Where <n> is the "nickname", a human-readable label (no spaces).
# Where <ifn> is the name of the external interface. Use * for all interfaces.
# Where <enabled> is set to 1 if enabled, 0 for disabled.
# Where <d> is the direction, 0 for upstream and 1 for downstream.
# Where <prio> is the priority, 0 being the highest and 6 being the lowest priority.
# Where <param> is the iptables parameters to use.
# Prohibited iptables parameters: -A, -I, -J
#
# NOTE: Do not escape carriage returns using '\' between rules.
#
# Example:
# Example|*|1|0|3|-p tcp --dport 5555
QOS_PRIOMARK4_CUSTOM="\
TCP_ACK_Up|*|1|0|1|-p tcp -m length --length :64
TCP_ACK_Down|*|1|1|1|-p tcp -m length --length :64
"
# TODO: IPv6
QOS_PRIOMARK6_CUSTOM="\
"
# Override to load an alternate/experimental engine.
QOS_ENGINE="/usr/clearos/apps/qos/deploy/libqos.lua"
# vi: syntax=sh expandtab shiftwidth=4 softtabstop=4 tabstop=4 -
Accepted Answer
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »