My brand new Manjaro KDE (Which is giving me a hard time to configure) and my Nexus 6P are currently connected to this Gateway (My entire network is using DHCP). I just restore my Gateway and the problem persist. I haven’t configured proxy setting on my PC and there is also other terminals browsing the Internet which souldn’t be allowed to (I’m using NTOPNG on the Gateway to see this)
# systemctl status shorewall.service -l
● shorewall.service - Shorewall IPv4 firewall
Loaded: loaded (/usr/lib/systemd/system/shorewall.service; enabled; vendor preset: disabled)
Drop-In: /usr/lib/systemd/system/shorewall.service.d
└─nethserver-firewall-base.conf
Active: active (exited) since Wed 2018-08-01 22:59:22 CDT; 3h 54min left
Process: 1136 ExecStart=/usr/sbin/shorewall $OPTIONS start $STARTOPTIONS (code=exited, status=0/SUCCESS)
Main PID: 1136 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/shorewall.service
Aug 01 22:59:21 heimdall.dcserver.local shorewall[1136]: 25 TC commands executed
Aug 01 22:59:21 heimdall.dcserver.local shorewall[1136]: All Done! Enjoy...
Aug 01 22:59:21 heimdall.dcserver.local shorewall[1136]: bye...
Aug 01 22:59:22 heimdall.dcserver.local shorewall[1136]: Preparing iptables-restore input...
Aug 01 22:59:22 heimdall.dcserver.local shorewall[1136]: Running /sbin/iptables-restore --wait 60...
Aug 01 22:59:22 heimdall.dcserver.local shorewall[1136]: IPv4 Forwarding Enabled
Aug 01 22:59:22 heimdall.dcserver.local shorewall[1136]: Processing /etc/shorewall/start ...
Aug 01 22:59:22 heimdall.dcserver.local shorewall[1136]: Processing /etc/shorewall/started ...
Aug 01 22:59:22 heimdall.dcserver.local shorewall[1136]: done.
Aug 01 22:59:22 heimdall.dcserver.local systemd[1]: Started Shorewall IPv4 firewall.
I removed all custom rules from the [Firewall Rules]
Uninstalled [Web Proxy] [Web Content] and [Basic Firewall]
Did a yum autoremove to remove dependencies packages
Installed again [Web Proxy] [Web Content] and [Basic Firewall]
I’m sure that doing just removing the custom rules would solved the problem but it was late and at that moment I thought it could be a package conflict. Anyway thanks for the help @mrmarkuz, should you ever come to Cuba I promise to buy you a big beer.
One more thing, sometimes we need to upload big files to the cloud, due to only having an upload bandwidth of 512kbps, to speed up the upload I have to ensure that only 1 PC has access to the gateway, how can I archive this? I know that I have to create some custom rules but it seems that the ones I created did the trick. Could you aid me with this? I already created a [Host Group] which will have the PC for this situation.
[Traffic to Internet (red interface)] on [Firewall Rules] as Blocked
Be on top of those custom rules we define on [Firewall Rules]?
I still have my custom rules (I disabled) , maybe I should put them here and explain what I was trying to accomplish, that what I can get some feedback, what do you guys think?
As you can see right now I don’t have any custom rules and only 3 rules for [Traffic shaping]
What I want to do is to make a set of rules to disallow access to the Internet except for a group of PC (A [Host Group] on [Firewall Objects] named “it-pc”), this rules would be disabled so when we need to use our full bandwidth for a quick download/upload we will just activate this rule set, do the operation and then go back again to normal configuration.
I couldn’t find a way to get a high download rate for the IT-PCs except of blocking the squid port for the other clients to just allow the IT-PC group.
Ok so I would also add that, by the way in case I might create a set of rules that block me from accessing the web UI, how can a disable all custom rules?
I think only proxy requests are prioritized, it does not affect download rates.
Just an idea, I didn’t test:
What about using gateway instead of proxy for the IT PCs and use traffic shaping firewall rules and map “green to squid” (proxy users) to low priority and “IT PCs to red” to high priority?
That will not work, I’m obliged to control and report all traffic on Internet, AFAIK that’s achieved by passing traffic through a proxy and then using Lightsquid to generate reports