How to disable "Bandwidth Monitoring"

#2 Mon, 08/31/2009 - 09:03

andreychek

Howdy,

Well, I don't have shorewall on my test system here -- but when I go into Webmin -> Networking -> Bandwidth monitoring, and enable it, it presents a new button labeled "Turn Off Monitoring".

Are you saying that when you go back into the Bandwidth Monitoring screen, there's no Turn Off Monitoring button?

If not, what options are displaying there?

-Eric

#3 Mon, 08/31/2009 - 10:16

alessice

Hi Eric,

I haven't the "Turn Off" button. See the screenshot.

Thanks

#4 Mon, 08/31/2009 - 10:21

andreychek

Okay, first, that has to be the smallest screenshot ever :-)

But, I can kind of read it... it looks as if Virtualmin thinks bandwidth monitoring is not currently enabled.

Are you certain that it is?

Can you attach two more files:

One containing the output of the command: iptables -L -n
The other containing the output of running "crontab -l" as root.

Thanks!

-Eric

#5 Tue, 09/01/2009 - 02:17

alessice

Hi Eric,

thanks for the reply and sorry for the small screenshot :-( . I'm not using Virtualmin

crontab -l m h dom mon dow command

14 0 * * * /etc/webmin/cron/tempdelete.pl 0 * * * * /etc/webmin/bandwidth/rotate.pl

iptables -L -n

Chain INPUT (policy DROP) target prot opt source destination
LOG 0 -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefix BANDWIDTH_IN:' LOG 0 -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefixBANDWIDTH_IN:' ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0
eth0_in 0 -- 0.0.0.0/0 0.0.0.0/0
Reject 0 -- 0.0.0.0/0 0.0.0.0/0
LOG 0 -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:' reject 0 -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP) target prot opt source destination
LOG 0 -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefix BANDWIDTH_OUT:' LOG 0 -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefixBANDWIDTH_IN:' eth0_fwd 0 -- 0.0.0.0/0 0.0.0.0/0
Reject 0 -- 0.0.0.0/0 0.0.0.0/0
LOG 0 -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:' reject 0 -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy DROP) target prot opt source destination
LOG 0 -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 7 prefix BANDWIDTH_OUT:' ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 fw2net 0 -- 0.0.0.0/0 0.0.0.0/0 policy match dir out pol none Reject 0 -- 0.0.0.0/0 0.0.0.0/0 LOG 0 -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefixShorewall:OUTPUT:REJECT:' reject 0 -- 0.0.0.0/0 0.0.0.0/0

Chain Drop (2 references) target prot opt source destination
reject tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 dropBcast 0 -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 11 dropInvalid 0 -- 0.0.0.0/0 0.0.0.0/0
DROP udp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 135,445 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:137 dpts:1024:65535 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 135,139,445 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 dropNotSyn tcp -- 0.0.0.0/0 0.0.0.0/0
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53

Chain Reject (4 references) target prot opt source destination
reject tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 dropBcast 0 -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 11 dropInvalid 0 -- 0.0.0.0/0 0.0.0.0/0
reject udp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 135,445 reject udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 reject udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:137 dpts:1024:65535 reject tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 135,139,445 DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:1900 dropNotSyn tcp -- 0.0.0.0/0 0.0.0.0/0
DROP udp -- 0.0.0.0/0 0.0.0.0/0 udp spt:53

Chain all2all (0 references) target prot opt source destination
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED Reject 0 -- 0.0.0.0/0 0.0.0.0/0
LOG 0 -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:' reject 0 -- 0.0.0.0/0 0.0.0.0/0

Chain dropBcast (2 references) target prot opt source destination
DROP 0 -- 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast DROP 0 -- 0.0.0.0/0 0.0.0.0/0 PKTTYPE = multicast

Chain dropInvalid (2 references) target prot opt source destination
DROP 0 -- 0.0.0.0/0 0.0.0.0/0 state INVALID

Chain dropNotSyn (2 references) target prot opt source destination
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02

Chain dynamic (2 references) target prot opt source destination

Chain eth0_fwd (1 references) target prot opt source destination
dynamic 0 -- 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW smurfs 0 -- 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW policy match dir in pol none norfc1918 0 -- 0.0.0.0/0 0.0.0.0/0 state NEW policy match dir in pol none tcpflags tcp -- 0.0.0.0/0 0.0.0.0/0 policy match dir in pol none

Chain eth0_in (1 references) target prot opt source destination
dynamic 0 -- 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW smurfs 0 -- 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW policy match dir in pol none norfc1918 0 -- 0.0.0.0/0 0.0.0.0/0 state NEW policy match dir in pol none tcpflags tcp -- 0.0.0.0/0 0.0.0.0/0 policy match dir in pol none net2fw 0 -- 0.0.0.0/0 0.0.0.0/0 policy match dir in pol none

Chain fw2net (1 references) target prot opt source destination
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0

Chain logdrop (0 references) target prot opt source destination
LOG 0 -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:logdrop:DROP:' DROP 0 -- 0.0.0.0/0 0.0.0.0/0

Chain logflags (5 references) target prot opt source destination
LOG 0 -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:logflags:DROP:' DROP 0 -- 0.0.0.0/0 0.0.0.0/0

Chain logreject (0 references) target prot opt source destination
LOG 0 -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:logreject:REJECT:' reject 0 -- 0.0.0.0/0 0.0.0.0/0

Chain net2all (0 references) target prot opt source destination
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED Drop 0 -- 0.0.0.0/0 0.0.0.0/0
LOG 0 -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:' DROP 0 -- 0.0.0.0/0 0.0.0.0/0

Chain net2fw (1 references) target prot opt source destination
ACCEPT 0 -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 ACCEPT tcp -- 79.48.96.156 0.0.0.0/0 tcp dpt:22 ACCEPT tcp -- 83.211.186.6 0.0.0.0/0 tcp dpt:22 ACCEPT tcp -- 88.149.155.248 0.0.0.0/0 tcp dpt:22 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 ACCEPT tcp -- 79.48.96.156 0.0.0.0/0 tcp dpt:3306 ACCEPT tcp -- 83.211.186.6 0.0.0.0/0 tcp dpt:3306 ACCEPT tcp -- 88.149.155.248 0.0.0.0/0 tcp dpt:3306 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000 Drop 0 -- 0.0.0.0/0 0.0.0.0/0
LOG 0 -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:net2fw:DROP:' DROP 0 -- 0.0.0.0/0 0.0.0.0/0

Chain norfc1918 (2 references) target prot opt source destination
rfc1918 0 -- 172.16.0.0/12 0.0.0.0/0
rfc1918 0 -- 0.0.0.0/0 0.0.0.0/0 ctorigdst 172.16.0.0/12 rfc1918 0 -- 192.168.0.0/16 0.0.0.0/0
rfc1918 0 -- 0.0.0.0/0 0.0.0.0/0 ctorigdst 192.168.0.0/16 rfc1918 0 -- 10.0.0.0/8 0.0.0.0/0
rfc1918 0 -- 0.0.0.0/0 0.0.0.0/0 ctorigdst 10.0.0.0/8

Chain reject (11 references) target prot opt source destination
DROP 0 -- 255.255.255.255 0.0.0.0/0
DROP 0 -- 224.0.0.0/4 0.0.0.0/0
DROP 0 -- 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast DROP 0 -- 0.0.0.0/0 0.0.0.0/0 PKTTYPE = multicast DROP 0 -- 255.255.255.255 0.0.0.0/0
DROP 0 -- 224.0.0.0/4 0.0.0.0/0
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset REJECT udp -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-unreachable REJECT 0 -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain rfc1918 (6 references) target prot opt source destination
LOG 0 -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:rfc1918:DROP:' DROP 0 -- 0.0.0.0/0 0.0.0.0/0

Chain shorewall (0 references) target prot opt source destination

Chain smurfs (2 references) target prot opt source destination
LOG 0 -- 195.225.169.255 0.0.0.0/0 LOG flags 0 level 6 prefix Shorewall:smurfs:DROP:' DROP 0 -- 195.225.169.255 0.0.0.0/0 LOG 0 -- 255.255.255.255 0.0.0.0/0 LOG flags 0 level 6 prefixShorewall:smurfs:DROP:' DROP 0 -- 255.255.255.255 0.0.0.0/0
LOG 0 -- 224.0.0.0/4 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:smurfs:DROP:' DROP 0 -- 224.0.0.0/4 0.0.0.0/0

Chain tcpflags (2 references) target prot opt source destination
logflags tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x29 logflags tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x3F/0x00 logflags tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x06 logflags tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x03/0x03 logflags tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:0 flags:0x17/0x02

Now, I have find in the /etc/shorewall/ the "start" file added by Webmin:

~# cat /etc/shorewall/start run_iptables -I INPUT -i eth0 -j LOG --log-prefix BANDWIDTH_IN: --log-level debug run_iptables -I FORWARD -i eth0 -j LOG --log-prefix BANDWIDTH_IN: --log-level debug run_iptables -I FORWARD -o eth0 -j LOG --log-prefix BANDWIDTH_OUT: --log-level debug run_iptables -I OUTPUT -o eth0 -j LOG --log-prefix BANDWIDTH_OUT: --log-level debug run_iptables -I INPUT -i eth0 -j LOG --log-prefix BANDWIDTH_IN: --log-level debug

So, for disabiling Bandwidth monitor is sufficient delete the "start" file and remove the cron entry ?

Why my installation not have the "Turn Off" button?

Thanks.

#6 Tue, 09/01/2009 - 08:36

andreychek

Okay, well, it certainly appears as though the monitoring is active.

While we could probably manually disable it by altering the Shorewall start file and cron entries that you mentioned -- you might also consider filing a bug report (using the Support button above).

At that point, Jamie can a look and fix the issue, as well as make sure those are really the only steps needed to disable it.

-Eric

#7 Tue, 09/01/2009 - 11:34

alessice

Thanks, i have opens a bug:

https://www.virtualmin.com/node/11293

Bye