SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0002740: QoS not working - MantisBT
MantisBT - Endian Firewall
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0002740Endian FirewallNetwork related (VPN, uplinks)public2010-03-02 11:562010-11-22 12:08
Reportermvrk 
Assigned Tora-endian 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version2.3 
Target VersionFixed in Version2.4.1 
Customer Importance
Customer Occurrences
Queue
Summary0002740: QoS not working
DescriptionI've configured QoS rules on my EFW 2.3, but is not working.

I've tried to restart the service manualy and i got this errors:

/usr/local/bin/restartqos.py
2010-02-09 17:19:53,808 - restartqos.py[10970] - ERROR - Migration has to be fixed!!!
2010-02-09 17:19:53,809 - restartqos.py[10970] - INFO - Loading configuration
2010-02-09 17:19:53,828 - restartqos.py[10970] - ERROR - RETURNCODE [iptables -t mangle -N QOS 2> /dev/null] 1
2010-02-09 17:19:53,871 - restartqos.py[10970] - INFO - Setting QOS of device: eth2 [UPLOAD=1024, DOWNLOAD=30720]
2010-02-09 17:19:53,899 - restartqos.py[10970] - ERROR - RETURNCODE [iptables -t mangle -N QOS_ETH2 2> /dev/null] 1
2010-02-09 17:19:53,926 - restartqos.py[10970] - ERROR - RETURNCODE [iptables -t mangle -D QOS -o eth2 -j QOS_ETH2 2> /dev/null] 1
Steps To Reproduce
Additional Information
TagsNo tags attached.
Relationships
Attached Fileszip shaping.zip (760) 2010-03-04 14:37
https://bugs.endian.com/file_download.php?file_id=359&type=bug
Issue History
Date ModifiedUsernameFieldChange
2010-03-02 11:56mvrkNew Issue
2010-03-03 12:05clstNote Added: 0003896
2010-03-04 12:07peter-endianNote Added: 0003910
2010-03-04 12:07peter-endianStatusnew => feedback
2010-03-04 14:05clstNote Added: 0003915
2010-03-04 14:34clstNote Edited: 0003915
2010-03-04 14:36clstNote Added: 0003917
2010-03-04 14:37clstFile Added: shaping.zip
2010-03-04 14:42clstNote Edited: 0003917
2010-03-15 14:57clstNote Added: 0004032
2010-03-18 10:47ra-endianStatusfeedback => resolved
2010-03-18 10:47ra-endianFixed in Version => 2.3.1
2010-03-18 10:47ra-endianResolutionopen => fixed
2010-03-18 10:47ra-endianAssigned To => ra-endian
2010-11-22 12:08peter-endianFixed in Version2.3.1 => 2.4.1
2010-11-22 12:08peter-endianStatusresolved => closed

Notes
(0003896)
clst   
2010-03-03 12:05   
Same problem: EFW 2.3 fully updated:

root@endian:/usr/local/bin # ./restartqos
2010-03-03 12:29:26,798 - restartqos.py[26248] - ERROR - Migration has to be fixed!!!
2010-03-03 12:29:26,814 - restartqos.py[26248] - INFO - Loading configuration
2010-03-03 12:29:26,918 - restartqos.py[26248] - ERROR - RETURNCODE [iptables -t mangle -N QOS 2> /dev/null] 1
2010-03-03 12:29:27,002 - restartqos.py[26248] - INFO - Setting QOS of device: eth5 [UPLOAD=2300, DOWNLOAD=2300]
2010-03-03 12:29:27,062 - restartqos.py[26248] - ERROR - RETURNCODE [iptables -t mangle -N QOS_ETH5 2> /dev/null] 1
2010-03-03 12:29:27,115 - restartqos.py[26248] - ERROR - RETURNCODE [iptables -t mangle -D QOS -o eth5 -j QOS_ETH5 2> /dev/null] 1
Skipping invalid rule: {'inputdev': '', 'protocol': '', 'src': '', 'tos': '', 'dst': '', 'dscp_class': '', 'dscp': '', 'classname': 'class0002', 'mac': '', 'dport': '', 'sport': ''}
Skipping invalid rule: {'inputdev': '', 'protocol': '', 'src': '', 'tos': '', 'dst': '', 'dscp_class': '', 'dscp': '', 'classname': 'class0002', 'mac': '', 'dport': '', 'sport': ''}
Skipping invalid rule: {'inputdev': '', 'protocol': '', 'src': '', 'tos': '', 'dst': '', 'dscp_class': '', 'dscp': '', 'classname': 'class0001', 'mac': '', 'dport': '80', 'sport': ''}
Skipping invalid rule: {'inputdev': '', 'protocol': '', 'src': '', 'tos': '', 'dst': '', 'dscp_class': '', 'dscp': '', 'classname': 'class0001', 'mac': '', 'dport': '443', 'sport': ''}
Skipping invalid rule: {'inputdev': '', 'protocol': '', 'src': '', 'tos': '', 'dst': '', 'dscp_class': '', 'dscp': '', 'classname': 'class0001', 'mac': '', 'dport': '2000', 'sport': ''}
(0003910)
peter-endian   
2010-03-04 12:07   
those error lines are because the command returns with exitcode != 0. since those commands should faild when the chain already exist, it's ok.
we will hide those messages in future.

as of the Skipping invalid rule:
Those rules do not have set any target device, therefore they will be skipped.
You can fix this by editing the rules and assigning a target device / class.

I am wondering how this happened. Did you restore from a backup or created those rules?
(0003915)
clst   
2010-03-04 14:05   
(edited on: 2010-03-04 14:34)
No, the only thing I did was change the Line Speeds for the Uplink.

I did not check the log before so I cannot say since when these errors show up.

Everything looks ok, in the web-interface... I will check all entries and report back.

EDIT: Apparently those are rules are OK in the web interface. I changed my rules and the same errors still come up.
(0003917)
clst   
2010-03-04 14:36   
(edited on: 2010-03-04 14:42)
As my rules are no big secret I have packed my /var/ef/shaping directory. I fail to see any errors...
The messages obviously come from the NetViewer line.

Here is the relevant Output of iptables -L -t mangle:

Chain QOS (1 references)
target prot opt source destination
QOS_ETH5 all -- anywhere anywhere

Chain QOS_ETH5 (1 references)
target prot opt source destination
CLASSIFY all -- 192.168.100.200 anywhere CLASSIFY set 2:3
CLASSIFY all -- 192.168.100.201 anywhere CLASSIFY set 2:3
CLASSIFY all -- 192.168.100.203 anywhere CLASSIFY set 2:3
CLASSIFY all -- 192.168.100.186 anywhere CLASSIFY set 2:3
           all -- anywhere anywhere
CLASSIFY all -- anywhere 192.168.100.200 CLASSIFY set 2:3
CLASSIFY all -- anywhere 192.168.100.201 CLASSIFY set 2:3
CLASSIFY all -- anywhere 192.168.100.203 CLASSIFY set 2:3
CLASSIFY all -- anywhere 192.168.100.186 CLASSIFY set 2:3
           all -- anywhere anywhere
CLASSIFY all -- anywhere 82.98.68.64/27 CLASSIFY set 2:2
CLASSIFY all -- anywhere 82.98.68.64/27 CLASSIFY set 2:2
CLASSIFY all -- anywhere 82.98.68.64/27 CLASSIFY set 2:2
CLASSIFY all -- anywhere 217.79.214.0/26 CLASSIFY set 2:2
CLASSIFY all -- anywhere 217.79.214.0/26 CLASSIFY set 2:2
CLASSIFY all -- anywhere 217.79.214.0/26 CLASSIFY set 2:2
           all -- anywhere anywhere
           all -- anywhere anywhere
           all -- anywhere anywhere
CLASSIFY tcp -- anywhere anywhere tcp dpt:openvpn CLASSIFY set 2:2
CLASSIFY udp -- anywhere anywhere udp dpt:openvpn CLASSIFY set 2:2
CLASSIFY tcp -- anywhere anywhere tcp dpt:liberty-lm CLASSIFY set 2:2
CLASSIFY udp -- anywhere anywhere udp dpt:liberty-lm CLASSIFY set 2:2
CLASSIFY tcp -- anywhere anywhere tcp dpt:http CLASSIFY set 2:5
(0004032)
clst   
2010-03-15 14:57   
Did anyone have the time to look at it yet?