Routing non-TCP/UDP traffic while using FWLB on CSS 11503s

Similar Messages

• Can you use GPS and get Live Traffic while using Turn By Turn?

  I can see the traffic if I am not using the turn by turn but as soon as I get directions Somewhere the traffic does not display. I have to cancel the navigation so it appears. Is this normal? It does this on both apple maps and google maps.

  Can someone please help me?
  thanks

• Select TCP UDP route to multiple NIC

  I have two NIC cards (Broadcom & Realtek) installed in my system (Windows XP x64) running LV 8.6 Dev Suite.  Whenever I send/receive TCP or UDP traffic, labview always uses the broadcom card.  Is there a way to work around this issue so I specify which NIC to use?  This is a big deal for me because I'm required to utilize multiple NIC cards for my works.  Thanks

  Since at least LaVIEW 8.5 there is an extra input "net address" on the TCP Create Listener and UDP Open that allows you to define the network address to bind the underlaying socket to. You shouldn't need that for TCP Open Connection since at connection establishment the according interface is selected automatically based on the routing requirements for the specified remote address.
  Rolf Kalbermatter
  CIT Engineering Netherlands
  a division of Test & Measurement Solutions

• I want a new and more powerful (non-Apple) wireless router but I still want to use my existing Time Capsule to continue with my Time Machine backups and I still need the Time Capsule's Network Attached Storage (NAS) features and capabilities

  THE SHORTER STORY
  My goal is to successfully use my existing Time Capsule (TC) with a new and more powerful wireless router. I need a new and more powerful wireless router in order to reach a distant Denon a/v receiver that is physically located in a master bedroom some 50 feet away from my modem. I need to provide this Denon a/v receiver with an Internet connection so that it can obtain its firmware updates and I need to connect this Denon a/v receiver to my network in order to use its AirPlay feature. I believe l still need the TC's Network Attached Storage (NAS) features because I am not sure if the new wireless router will provide me with the NAS like features / capabilities I need to share files between my two Apple laptops with OS X 10.8.2. And I know that I absolutely need my TC's seamless integration with Apple's Time Machine (TM) application in order to continue to make effortless backups of my two Apple laptops. To my knowledge nothing works with TM like Apple's TC. I also need the hard disk storage space built into the TC.
  I cannot use a long wired Ethernet cable connection in this apartment and I cannot use power-line adapters. I have read that wireless range extenders and repeaters are difficult to successfully set-up and that they will reduce data speeds, especially so when incorrectly set-up. I cannot relocate my modem and/or primary base station wireless router.
  In short, I want to use my TC with my new and more powerful wireless router. I need to stop using the TC to connect to the modem. However, I still need the TC for seamless TM backups. I also need to use the TC's built in hard drive for storage. And I may still need the TC's NAS capabilities to share files wirelessly between laptops because I am assuming the new wireless router will not provide NAS capabilities for OS X 10.8.2 (products like this/non-Apple products rarely seem to work with OS X 10.8.2/Macs to provide NAS features and capabilities). Finally, I want to continue to use my Apple laptop and AirPlay to wirelessly access and play my iTunes music collection stored on the TC's hard drive. I also want to continue to use my Apple laptop, AirPlay and Apple TV to wirelessly watch movies and TV shows stored on the additional external hard drive connected to the TC via USB. Can someone please advise on how to set-up my new Asus wireless router with my existing TC in such a way to accomplish all of this?
  What is the best configuration or set-up to accomplish my above goals?
  Thank you in advance for your assistance!!!
  THE FULL STORY
  I live in an apartment building where my existing Time Capsule (TC) is located in my living room and serves many purposes. Specially, my TC is at least all of the following:
  (1) Wi-Fi router connected to Comcast Internet service via Motorola SB6121 cable modem - currently the TC is the Wi-Fi base station that connects to the modem and has the gateway address to the Internet. The TC now provides the DHCP service for the Wi-Fi network.
  (2) Wireless router providing Internet and Wi-Fi network access to several Wi-Fi clients - two Apple laptop computers, an iPod touch, an iPad and an iPhone all connect wirelessly to the Internet via the TC.
  (3) Wired Ethernet router providing Internet and Wi-Fi network access to three different devices - a Panasonic TV, LG Blu-Ray player and an Apple TV each use one of the three LAN ports on the back of the TC to gain access to the Internet.
  (4) Primary base station in my attempt to extend my wireless network to a distant (located far away) Denon a/v receiver requiring a wired Ethernet connection - In addition to the TC, which is my primary base station, I am also using a second extended Wi-Fi base station (a Netgear branded product) to wirelessly extend my WiFi network to a Denon receiver located in the master bedroom and requiring a wired Ethernet connection. I cannot use a wired Ethernet connection to continuously travel from the living room to the master bedroom. The distance is too great as I cannot effectively hide the Ethernet cable in this apartment.
  (5) Time Machine (TM) backup facilitator - I use my TC to wirelessly back-up two Apple laptops using Apple's Time Machine (TM) application. However, I ran out of storage space on my TC and therefore added external storage to it. Specifically, I added an external hard drive to my TC via the USB port on the back of the TC. I now use this added external hard drive connected to the TC via USB as the destination storage drive for my TM back-ups. I have partitioned the added external hard drive, and each of the several partitions all have enough storage space (e.g., each of the two partitions used by TM are sized at three times the hard drive space of each laptop, etc.). Everything works flawlessly.
  (6) Network Attached Storage (NAS) - In addition to using the TC's Network Attached Storage (NAS) capabilities to wirelessly back-up two Apple laptops via TM, I also store other additional files on both (A) the hard drive built into the TC and (B) the additional external hard drive connected to the TC via USB (there are additional separate partitions on this drive for these other additional and non-TM backup files).
  I use the TC's NAS feature with my Apple laptop and AirPlay to wirelessly access and play my iTunes music collection stored on the TC's hard drive. I also use my Apple laptop, AirPlay and Apple TV to wirelessly watch movies and TV shows stored on the additional external hard drive connected to the TC via USB. Again, everything works wirelessly and flawlessly. (Note: the Apple TV is connected to the network via Ethernet and a LAN port on the back of the TC).
  The issue I am having is when I try to listen to music via Apple's AirPlay in the master bedroom. This master bedroom is located at a distance of two rooms away from the TC's current location in the living room, which is a distance of about 50 feet. This apartment has a long rectangular floor plan where each room is connected to the next in a straight line. In order to use AirPlay in the master bedroom I am using a second extended Wi-Fi base station (a Netgear branded product) to wirelessly extend my WiFi network to a Denon receiver located in the master bedroom and requiring a wired Ethernet connection. This additional base station connects wirelessly to the WiFi network provided by my TC and then gives my Denon receiver the wired Ethernet connection it needs to use AirPlay. I have tried moving my iTunes music directly onto my laptop's hard drive, and then I used AirPlay on this same laptop to connect to the Denon receiver. I always get a successful connection and the song plays, but the problem is that the connection inevitably drops.
  I live in an apartment building and all of the many wireless routers in this building create a great deal of WiFi interference on both the 2.4 GHz and 5GHz bands. I have tried connecting the Netgear product to each the 2.4 and 5 GHz bands, but neither band can successfully maintain a wireless connection between the TC and the Netgear product. I also attempted to maintain a wireless connection to an iPod touch using the 2.4 GHz band and AirPlay on this iPod touch to play music on the Denon receiver. Again, I was able to establish a connection and successfully play music, but after a few minutes the connection dropped and the music stopped playing. I therefore have concluded that I have a poor wireless connection in the master bedroom. I can establish a connection, but it is intermittent with frequent drops. I have verified this with both laptops by working in the master bedroom for an entire day on both laptops. The Internet connection in this master bedroom proved to drop out frequently - about once an hour with the laptops. The wireless connection and the frequency of its dropout are far worse with the iPod touch and an iPhone.
  I cannot relocate the TC. Also, this is an apartment and I therefore cannot extend the range of my network with Ethernet cable (I cannot drill through walls/ceilings, etc.). It is an old building with antiquated wiring and power-line adapters are not likely to function properly, nor can I spare the direct power outlet required with a power-line adapter. I simply need every outlet I can get and cannot afford to block any direct outlet.
  My solution is to use a more powerful wireless router. I found the ASUS RT-AC66U Dual-Band Wireless-AC1750 Gigabit Router which will likely provide a better connection to my wireless Internet in the master bedroom than the TC. The 802.11ac band of this Asus wireless router is totally useless to me, but based on what I have read I believe this router will provide a stronger connection at greater distances then my TC. And I will be ready for 802.11ac when it becomes more widely available.
  However, I still need to maintain the TC's ability to work seamlessly with TM to backup my two laptops. Also, I doubt the new Asus router will provide OS X 10.8.2 with NAS like features and capabilities. Therefore, I still would like to use the TC's NAS capabilities to share files on my network wirelessly assuming the Asus wireless router fails to provide this feature. I need a new and more powerful wireless router, but I need to maintain the TC's NAS features and seamless integration with TM. Finally, I want to continue to use my Apple laptop and AirPlay to wirelessly access and play my iTunes music collection stored on the TC's hard drive. I also want to continue to use my Apple laptop, AirPlay and Apple TV to wirelessly watch movies and TV shows stored on the additional external hard drive connected to the TC via USB. Can someone advise on how to set-up my existing TC with this new Asus wireless router in such a way to accomplish all of this?
  Modem
  Motorola SB6121 SURFboard DOCSIS 3.0 Cable Modem
  Existing Wireless Router and Primary Wi-Fi Base Station - Apple Time Capsule
  Apple Time Capsule MC343LL/A 1TB Sim DualBand (purchased June 2010, likely the Winter 2009 Model)
  Desired New Wireless Router and Primary Wi-Fi Base Station - Non-Apple Asus
  ASUS RT-AC66U Dual-Band Wireless-AC1750 Gigabit Router
  Extended Wi-Fi Base Station - Provides an Ethernet Connection to a Denon A/V Receiver Two Rooms Away from the Modem
  Netgear Universal Dual Band Wireless Internet Adapter for TV & Blu-Ray (WNCE3001)
  Addition External Hard Drive Attached to the Existing Apple Time Capsule via USB
  WD My Book Studio 4TB Mac External Hard Drive Storage USB 3.0
  Existing Laptops on the Wireless Network Requiring Time Machine Backups
  MacBook Air (11-inch, Mid 2012) OS X 10.8.2
  MacBook Pro (13-inch Mid 2010) OS X 10.8.2
  Other Existing Apple Products (Clients) on the Wireless Network
  iPod Touch (second generation) is model A1288.
  iPad (1st generation)
  Apple TV (3rd generation) - Quantity two (2)

  Thanks Bob Timmons.
  In regards to a Plan B, I hear ya brother. I am already on what feels like Plan Z. Getting WiFi to a far off room in an apartment building crowded with WiFi routers is a major pain.
  I am basing my thoughts on the potential of a new and more powerful router reaching the far off master bedroom based on positive reviews on cnet.com, pcmag.com and pcworld.com. All 3 of these web sites have reviewed the Asus RT-AC66U 802.11AC wireless router as well as its virtual twin cousin 802.11n router. What impressed me is that all 3 sites rated this router #1 overall in terms of both range and speed (in both the 802.11n and 802.11AC flavors). They tested the router in real world scenarios where the router needed to compete with a lot of other wireless routers. One of the sites even buried this Asus router in a media room with thick walls and inside a media cabinet. This Asus router should be able to serve my 2.4 GHz band wireless clients (iPod Touch and iPhone 4) with a 2.4GHz Wireless-N band offering some 50 feet of dependable range and a 60 Mbps throughput at that range. I am hoping that works, but it's borderline for my master bedroom. My 5 GHz wireless clients (laptops) will enjoy a 5GHz Wireless-N band offering 150 feet of range and a 200 Mbps throughput at that range. I have no idea what most of that stuff means, but I did also read that Asus could reach 300 feet and I got really excited. My mileage may vary of course and I'm sure I'm making some mistakes in my interpretation of their data. However, my Winter 2009 Time Capsule was rated by cnet.com to deliver real world performance of less than that, and 802.11AC may or may not be useful to me someday. But when this Asus arrives and provides anything other than an excellent and consistent wireless signal without drops in the master bedroom it's going right back!
  Your solution sounds great, but I have some questions. I'm using OS X 10.8.2 and Airport Utility (version 6.1 610.31) and on its third tab labeled "Wireless" the top option enables you to set "Network Mode" to either:
  Create a wireless network
  Extend a wireless network
  Off
  Given your advice to "Turn off the wireless on the TC," should I set Network Mode to Off? Sorry, I'm clueless in regards to how to turn off the wireless on the TC any other way. Can you provide specific steps on how to turn off the wireless on the TC? If what I wrote is correct then what should the rest of this Wireless tab look like, or perhaps it is irrelevant when wireless is off?
  Next, what do you mean by "Configure the TC in Bridge Mode?" Under Airports Utility's fourth tab labeled "Network" the top option "Router Mode" allows for either:
  DHCP and Nat
  DHCP Only
  Off (Bridge Mode)
  Is your advice to Configure the TC in Bridge Mode as simple as setting Router Mode to Off (Bridge Mode)? If yes, then what should the rest of this "Network" tab look like? Anything else involved in configuring the TC in Bridge Mode or is it really as simple as setting the Router Mode to "Off (Bridge Mode)"?
  How about the other tabs in Airport Utility, can they all stay as is assuming I use the same network name and password for the new Asus wireless router? Or do I need to make any other changes to the TC via Airport Utility?
  Finally, in regards to your Plan B suggestion. I agree. But do you have a Plan B for me? I would greatly appreciate any alternative you could provide. Specifically, if you needed a TC's Internet connection to reach a far off corner of your home how would you do it? In the master bedroom I need both a wired Ethernet connection for the Denon a/v receiver and wireless Internet connection for the iPhone and iPod Touch.
  Power-Line Adapters - High Cost, Blocks at Least One Wall Outlet and Does Not Solve the Wireless Need
  I actually like exactly one power-line adapter, which is the D-Link DHP-540 PowerLine AV 500 4-Port Gigabit Switch. This D-Link power-line adapter plugs into your wall outlet with a normal sized plug (regular standard power cord much like any other electronic device) instead of all of the other recommended power-line adapters that not only use at least one wall outlet but also often block the second outlet. You cannot use a power strip with a power-line adapter which is very impractical for me. And everything about my home is strange and upside down. The wiring here is a disaster and I don't have faith in its ability to carry Internet access from the living room to the master bedroom. And this D-Link power-line adapter costs $90 each and I need at least two to make the connection to the Denon A/V receiver. So, $180 on this solution and I still don't have a dependable drop free wireless connection in the master bedroom. The Denon might get its Ethernet Internet connection from the power-line adapter, but if I want to use an iPhone 4 or iPod Touch to stream AirPlay music to the Denon wirelessly (Pandora/iTunes, etc.) from the master bedroom the wireless connection will not be stable in there and I've already spent $190 on just the two power-line adapters needed.
  Extenders / Repeaters / Wirelessly Extending the Wireless Network
  I have also read great things about the Amped Wireless High Power Wireless-N 600mW Gigabit Dual Band Range Extender (Repeater) SR20000G and the My Net Wi-Fi Range Extender. The former is very powerful and the latter is easier to install. Both cost about $150 ish so similar to a new Asus router. However, everything I read about Range Extenders points to them not being very effective for a far off corner of your house wherein it's apparently hard to place the range extender in the sweet spot where it both gets a strong enough signal to actually effectively extend the wireless signal and otherwise does not reduce network throughput speeds to unacceptable speeds.
  Creating a Roaming Network By Hard Wiring with Ethernet Cable - Wife Would Say, "**** No!"
  Even Apple seems to warn against wirelessly extending your network (see: http://support.apple.com/kb/HT4145#) and otherwise strongly recommends a roaming network where Ethernet cable is used to connect two wireless base stations. However, I am in an apartment where stringing together two wireless base stations with Ethernet cable would have an extremely low wife acceptance factor (WAF). I cannot (both contractually and from a skill prospective) hide Ethernet wire in the walls or ceiling. And having visible Ethernet cable running from room-to-room would be unacceptable, especially to the wife.
  So what is left? Do you have a Plan B for me? Thanks in advance for your help!

• TCP/UDP Ports and site used by FEP to download updates - needed to allow on perimeter firewall

  Can some one point me with information like what TCP/UDP ports are utilized by FEP and what DNS / site Name it uses to download FEP Updates. This is needed to tighten perimeter FireWall policies
  Thank you

  It should be the same as the documentation for all Software Updates:
  https://technet.microsoft.com/en-us/library/bcf8ed65-3bea-4bec-8bc5-22d9e54f5a6d#BKMK_ConfigureFirewalls
  Make sure to expand the "restrict access to specific domains" section to see the update related URLs.

• Should I block TCP/UDP ports 135 to 139 on my router?

  For the sake of Internet and Desktop security should I block TCP/UDP ports 135 to 139 both ways at all times on my router?  This seems to be recommended for Windows environments. Does Mavericks need these ports for its proper operation?  When tested, ports 135, 137,18 show as closed whereas all other ports are Stealth.  Ideally, they should all be Stealth.

  Have a read here: http://securityspread.com/2013/07/26/firewall/
  Stealth is just as good as closed, some would argue that stealth is just as much of a giveaway of the port being present as it being closed.
  The specific ports you mention pose no risk to OS X as far as I am aware.

• Handle a non existance of report object while using find_report_object ?

  How to handle a non existance of report object while using find_report_object?
  HOW CAN I HANDLE THE ERROR FRM-41219 PROGRAMATICALLY.
  SINCE ID_NULL IS NOT SUPPORTING FOR REPORT OBJECT.
  1) Message level for FRM-41219 is 20, even if i set the message level to 20, it's not getting suppresed.
  As per my follwoing code, error is rasing once immidiatlly after the find_report_object.
  DECLARE
  REPID REPORT_OBJECT;
  BEGIN
  REPID := FIND_REPORT_OBJECT('REP_OBJECT');
  --NOTE 'REP_OBJECT' DOES NOT EXIST, IT'S NOT GOING TO THE EXCEPTION
  --SECTION AND RASING THE ERROR 41219 CANNOT FIND REPORT : INVALID ID.
  --QUESTION : HOW CAN I HANDLE THIS ERROR?
  EXCEPTION
  WHEN OTHERS THEN
  MESSAGE('INSIDE EXCEPTION');
  MESSAGE('INSIDE EXCEPTION');
  END;

  This is really more of a Forms issue since these are Forms built-ins. However, check out note 209513.1 in Metalink. It describes how to check if the report objects exists and how to trap the error.
  Hope that helps,
  Toby

• QOS Network Planning - TCP/UDP Ports used in CWMS 2.5 MDC deployment

  Does anyone know if there is documentation that describes the WAN traffic in CWMS 2.5 MDC?  I'm looking for the TCP/UDP ports that must be prioritized on the WAN to properly class our traffic between the two data centers.  I can't find any such document.  
  Thanks,
  Matt 

  HI Matt,
  All the network requirements are listed in the CWMS 2.5 Planning Guide in Networking Checklist: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_0100.html
  I hope this is what you are looking for.
  -Dejan

• HT1758 Can i connect my non apple laptop to my iMac and use the iMac as an extra/dual screen while using my laptop?

  Got a new laptop from work, no choice on the type, but want to plug it's docking station into my iMac so I can use dual screens while using the laptop. Can I use the Ethernet port for this?

  Welcome to Apple Support Communities
  Target Display mode only supports Late 2009 and Mid 2010 27-inch iMacs, and Mid 2011 and newer iMacs to use them as external displays, but it only works over Mini DisplayPort or Thunderbolt, not Ethernet.
  Your PC needs Mini DisplayPort or Thunderbolt (depending on your iMac) to be able to use your iMac as an external display, so it is probably that you cannot use the iMac as an external display. Instead, look for information in the Internet about VNC viewers that allow you to do that

• Lync 2010 client does not offer any NON-direct UDP Candidates in its SIP Invite' SDP - why?

  Hello.
  We have a customer, experiencing the following issue.
  They have big multi-continental Lync Server 2010 Enterprise Edition deployment, with non-NAT'ted Edge Pool.
  The call scenario is simple: peer-to-peer video (A/V) call between external Lync client and Video system, Cisco VCS
  in this case but does not matter, which (video system) only supports media over UDP (which is nothing strange). The VCS has a lot of video endpoints all over the Globe, Lync clients are also everywhere, so call can be any "distance", not predictable.
  All video endpoints are registered on this single VCS.
  The video call, as I suspect, only succeeds IF direct peer-to-peer UDP connection works and fails otherwise.
  I skip the overall design, keeping here only what is relevant.
  Video system offers only its own local IP as UDP candidate (type = host), which in this particular
  case is expected, let's assume there is no TURN etc expected on video system' side, it is directly Internet-facing.
  Now the main bit. Lync client offers ALL proper TCP candidates: both local AND non-local, using external
  public IP addresses of both A/V Edge Hardware LoadBalancer VIP and public IP address of one of Edge servers.
  Those candidates are enlisted perfectly fine (I checked carefully), so SIP INVITE has them all offered.
  Now: the Lync 2010 client ONLY offers direct/local UDP candidate (type = host) with its own IP address,
  but does NOT offer any NON-local UDP Candidates at all (while, again, for TCP candidates the full set of non-local (A/V Edge) ones is offered).
  WHY this can happen?
  Again my guess on where to dig is: TCP candidates (which are completely useless for such video call)
  are all offered fine with A/V Edge's public IPs, both VIP and particular node ones. Does this fact make sense?
  WHAT can be the reason why the same or similar remote/Edge Candidates are not being
  offered/enlisted for UDP while for TCP they are offered?
  What I already found, to be excluded easily: the whole client sign-in and in-band provisioning is OK, all about
  certificates is Ok, and all about MRAS URI and MRAS Credentials (looking sign-in traces) is also fine. Client gets proper MRAS username/password and ALL about signaling before SDP is also fine (no TLS or MRAS related errors).
  I cannot rule-out potential DNS issues at the moment, however unlikely: otherwise how it would get proper list
  of NON-local TCP candidates and all SIP signalling with the Edge working Ok if it would be DNS-specific issue?
  What, however, I have not confirmed is: UDP port 3478 is most likely NOT opened on/between all of the involved parties (Edge's private and public interfaces, Hardware LoadBalancer's interfaces and client),
  and/or UDP 3478 communication is most likely getting blocked completely (when the client is external), however for instance TCP 443 is everywhere opened.
  Can THIS be somehow related to why it properly allocates non-local TCP but none of
  non-local UDP Candidates?
  What traces show on call negotiation is ICE Connectivity Failed and/or ICE Warning - I have real it carefully, did WireShark'ing, what I suspect is: simply ICE Connectivity Checks fails on direct P2P UDP which is of course expected, and because no non-local
  UDP candidates are offered and TCP is not allowed on video system' side - it fails. WireShark shows the following: millions of outgoing UDP from the client to Cisco VCS and not even one INcoming UDP back from VCS.
  Sometimes, depending on the external client's location, call, however, succeeds. I guess (guess)
  this is because SOMETIMES direct UDP flows Ok, while in vast majority of the cases it expectedly does not.
  Big thanks.
  /roubchi

  Hi,
  VideoendpointsonlysupportUDPmedia.ICEusuallyoffers3candidates: Host(privateIP), ServerReflexive(outsideIPaddressoffirewalllocaltothemediasupplyingagent–B2BUAorLyncClient),
   TURNserver(typicallytheEdgeServer/VCSExpressway)
  You can refer to the link of “Cisco
  VCS and Microsoft Lync Deployment Guide (X8.1)” to check the configuration of Lync integrated with Cisco VCS.
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Traffic shaping using dummynet

  I'm trying to create a set of firewall rules to shape the traffic coming out of my Mini. It's running a web server, and I'd like to prioritize ssh traffic over http. I set up an incoming and outgoing pipe with:
  # Download pipe
  ipfw pipe 1 config bw 1024kbit/s
  # Upload pipe
  ipfw pipe 2 config bw 256kbit/s
  I then make a few queues:
  # High priority queues
  ipfw queue 1 config pipe 1 weight 75
  ipfw queue 2 config pipe 2 weight 75
  # Medium priority queues
  ipfw queue 11 config pipe 1 weight 25
  ipfw queue 12 config pipe 2 weight 25
  # Low priority queues
  ipfw queue 101 config pipe 1 weight 5
  ipfw queue 102 config pipe 2 weight 5
  The problem then occurs when attempting to match traffic. I've tried variations on a theme like the following in an attempt to match outgoing web traffic:
  ipfw add queue 11 tcp from any src-port 80 to any out xmit en0
  The only rule that ever manages to match anything is:
  ipfw add queue 101 ip from any to any in recv en0
  The corresponding outgoing rule never catches anything:
  ipfw add queue 102 ip from any to any out xmit en0
  Any idea what I'm missing? Is there something I need to enable via sysctl?
  Thanks,
  Andreas

  1. when you have traffic shapping and the limit
  for the shaped value is exeeeded, all traffic arriving at the interface with
  no token in the token bucket is queued using the configured queue to thier appropriate queue..
  hence any type of queueing is not invoken unless some sort of trafiic conjestion exist either
  via shapping or otherwise.
  2. If you have a granular shaping instruction per protocol per bandwidth. The traffic over
  its shapped value would be queued and sent at maximun shape rate configured. ( that's one of the uses of shaping, to trim rate at which
  a specific traffic is sent). If its just queuing that is enable not shaping, then
  a traffic for a specific queue can use as much bandwidth as availabel when there is no other traffic, hence no congestion.
  3. if you have shaped and non-shaped traffic on an interface using GTS, the shaped traffic can use as much bandwidht as the maximum of the shaped
  value while not-shaped traffic will also use bandwidht on as see bandwidth without the need to be controlled, however non-shaped traffic will use
  all the bandwidht it needs till the interface start droping packet but the shaped traffic would be queued till there is enough token to start outputing
  from that queue. if the there are non-shaped traffic, it could be possible that they may overwelm the interface
  and prevent even shaped traffic from geting enough bandwidht to the shaped value.

• Timeouts on non load balanced traffic thru ACE

  I have a backend server creating a connection to a db server outside the ACE environment. This traffic is using the L3 function of the ACE and is not being load balanced. The connection is timing out after 1 hour. I have normalization disabled on the backend server VLAN but not on the front side VLAN of the ACE.
  2 Questions:
  - With normalization disabled do I still need to change the tcp inactivity timeout for this traffic? Or with normalization disabled shouldn't the non load balanced traffic be L3 routed and not effected by the tcp timeout value?
  - Also do I need to disable normalization on the front side VLAN of the ACE?
  thanks,
  kurt

  As per
  http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/v3.00_A1/configuration/security/guide/tcpipnrm.html#wp1075741
  "Disabling TCP normalization affects only Layer 4 traffic. TCP normalization is always enabled for Layer 7 traffic."
  By disabling TCP normalization the following Layer 4 connection parameters are ignored.
  exceed-mss-----Configure behavior if a packet exceeds MSS
  random-seq-num-disable----Disable TCP sequence number randomization
  reserved-bits-----Configure Reserved bits in TCP header
  syn-data-----Configure behavior for a SYN packet containing data
  tcp-options-----Configure TCP header options
  urgent-flag-----Allow/Clear Urgent flag
  I think you will need "Set timeout inactivity xxxx" command even if "no normalization" command is defined.
  Syed Iftekhar Ahmed

• Does anyone have any suggestions for Ad blocking? I'm getting a lot of pop up ads while using Facebook from Safari.

         I'm getting a lot of pop up ads. mostly while using  Facebook. I'm running Safari on a Macbook Pro running Yosemite. Does anyone have any suggestions for an Ad blocker. I don't see anything in the App store.
        I can't swear to it but I don't recall this being a problem pre-Yosemite. I could be wrong. I haven't been real active on Facebook until recently. I see some third party apps out there but am alway wary of non approved software.
       Thanks
       Ron

  You may have installed the "VSearch" trojan. Remove it as follows.
  Malware is always changing to get around the defenses against it. These instructions are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.
  Back up all data before proceeding.
  Step 1
  From the Safari menu bar, select
            Safari ▹ Preferences... ▹ Extensions
  Uninstall any extensions you don't know you need, including any that have the word "Spigot," "Trovi," or "Conduit" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.
  Reset the home page and default search engine in all the browsers, if it was changed.
  Step 2
  Triple-click anywhere in the line below on this page to select it:
  /Library/LaunchAgents/com.vsearch.agent.plist
  Right-click or control-click the line and select
            Services ▹ Reveal in Finder (or just Reveal)
  from the contextual menu.* A folder should open with an item named "com.vsearch.agent.plist" selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.
  Repeat with each of these lines:
  /Library/LaunchDaemons/com.vsearch.daemon.plist
  /Library/LaunchDaemons/com.vsearch.helper.plist
  Restart the computer and empty the Trash. Then delete the following items in the same way:
  /Library/Application Support/VSearch
  /System/Library/Frameworks/VSearch.framework
  ~/Library/Internet Plug-Ins/ConduitNPAPIPlugin.plugin
  Some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.
  The problem may have started when you downloaded and ran an application called "MPlayerX." That's the name of a legitimate free movie player, but the name is also used fraudulently to distribute VSearch. If there is an item with that name in the Applications folder, delete it, and if you wish, replace it with the genuine article from mplayerx.org.
  This trojan is often found on illegal websites that traffic in pirated content such as movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow.
  You may be wondering why you didn't get a warning from Gatekeeper about installing software from an unknown developer, as you should have. The reason is that the Internet criminal behind VSearch has a codesigning certificate issued by Apple, which causes Gatekeeper to give the installer a pass. Apple could revoke the certificate, but as of this writing has not done so, even though it's aware of the problem. This failure of oversight has compromised both Gatekeeper and the Developer ID program. You can't rely on Gatekeeper alone to protect you from harmful software.
  *If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination  command-C. In the Finder, select
            Go ▹ Go to Folder...
  from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

• WRT54GC v2.0 - UDP Traffic issue

  Hi, i've bought last week the wireless router WRT54GC v2.0 and it works good for normal navigation, port forwarding, wireless signal, ecc...
  I've only a problem, a big problem, it can't handle high UDP traffic, this issue can be experienced, e.g. with Kad network of eMule. I can connect to Kad and i'm not firewalled, but if i try to search something, the search results are always empty or almost empty. If i made the same search connecting with my ISP router it works fine.
  I tried with both wireless and wired connection from WRT54GC and the result is the same, so it's not a wireless problem. I tried to disable firewall, playing with settings, using DMZ o port triggering. The result was the same. I've updated the firmware to version 1.01.0 too.
  Is there a solution for this problem??
  Sorry for my english
  Message Edited by RedKite on 08-31-2008 02:39 AM

  I am not sure about the workwround ... however you can try filtering the UDP packets that are incoming .....

• Maximum number of tcp/udp connections

  I've got a WRT54G and recently I contacted linksys suport due to some problems I was having with
  BitTorrent clients(very common issue it seems). I have a home lan with 3 computers,
  and if 2 or more of them are on at the same time(even when only 1 is using bittorrent), the connection keeps going
  down.
  Linksys support told me a lot of routers face this problem since bittorrent works by opening lots of simultaneous
  tcp/udp connetions, and one thing I should do is try to limit these connections to a number the router can handle.
  Even though I might experience some poor speeds limiting connections, it seems it's all I have left. So, not a
  problem at all, except one question which brings us to the purpose of this message:
  Approximately HOW MANY TCP/UDP CONNECTIONS can WRT54g handle at the SAME TIME?
  Since I'm to share among 3 users, all of which are torrent freaks, I'm gonna have one heck of a hard time tryin' to
  guess the maximum number of connections each should have, specially when they're all on at the same time.
  Support said they don't have that information. So does anyone out there have a good guess?
  And also, does anyone know of any Linksys router (for home use) that is able to work with torrents without any
  problem at all?

  The wrt54g(s) upto v4 and the wrt54gL use a Linux 2.4.20 kernel.
  This Linux-kernel set a max of 1024 connections and a hastable of max 128 buckets, the gs models with 32 Mbyte have 2048/256.
  I see three problems:
  1. The following patch is not applied to the kernel: Netfilter / connection Tracking Remote DoS, CVE: CAN-2003-0187
  2. The hashsize is wrongly set, de default kernel 2.4.20 values are wrong, and may NOT be an even number (128), it should be a prime number.
  3. The ratio between hashsize and max amount of connections should be set to 1 and not 8, this to increase performance.
  Some improvement is made by Linksys in firmware version 4.21.1 and 4.30.9 (are neerly the same) .
  I hope this information helps,
  greetings,
  jchuit
  http://tarifa.sourceforge.net/