bwm-tools-tech — General & Technical Discussion

Re: [bwm-tools-tech] newbie problem

[Kobe L. <ko...@mo...>]

Please include an 'iptables -L -nv' output.

You probably haven't entered a QUEUE target, try this

-N bwmd
-A bwmd -m mark ! --mark 0 -j QUEUE
-A bwmd -j ACCEPT
-A INPUT -j bwmd

and possibly
-A FORWARD -j bwmd

Greetz
Kobe


gottfried hufnagel wrote:

>dear list!
>
>hope this one is not toooo annoying for you.
>
>i'm trying to get bwm_tools running/configured.
>i've tried to keep my config-file as simple as possible just to get a simple 
>"beep" out of bwm ;) but no success .... ok ... this is, what i've done so 
>far:
>
> i have told iptables in the mangle-table to mark all incoming packets with 
>"001"
>--->
>-A INPUT -i eth0 -j MARK --set-mark 001
><----
>
>the bwm-config file looks like this
>---->
><firewall>
>        <global>
>                <modules>
>                        <load name="ip_queue"/>
>
>                </modules>
>        </global>
>
>        <acl>
>        </acl>
>
>        <nat>
>        </nat>
>
>        # Traffic flows
>        <traffic>
>                <flow name="flow_main" nfmark="001">
>                </flow>
>                <group name="group_incoming" report-timeout="30">
>                        flow_main;
>                </group>
>        </traffic>
></firewall>
><----
>
>so.. i have started the bwmd (using the -c option)
>when i start bwm_monitor it tells me that there is NO traffic. (i know it is)
>where have i gone wrong???
>
>any help appreciated!
>
>greetinx
>gottfried
>
>
>  
>

[bwm-tools-tech] newbie problem

[gottfried h. <got...@on...>]

dear list!

hope this one is not toooo annoying for you.

i'm trying to get bwm_tools running/configured.
i've tried to keep my config-file as simple as possible just to get a simpl=
e=20
"beep" out of bwm ;) but no success .... ok ... this is, what i've done so=
=20
far:

 i have told iptables in the mangle-table to mark all incoming packets with=
=20
"001"
=2D-->
=2DA INPUT -i eth0 -j MARK --set-mark 001
<----

the bwm-config file looks like this
=2D--->
<firewall>
        <global>
                <modules>
                        <load name=3D"ip_queue"/>

                </modules>
        </global>

        <acl>
        </acl>

        <nat>
        </nat>

        # Traffic flows
        <traffic>
                <flow name=3D"flow_main" nfmark=3D"001">
                </flow>
                <group name=3D"group_incoming" report-timeout=3D"30">
                        flow_main;
                </group>
        </traffic>
</firewall>
<----

so.. i have started the bwmd (using the -c option)
when i start bwm_monitor it tells me that there is NO traffic. (i know it i=
s)
where have i gone wrong???

any help appreciated!

greetinx
gottfried


=2D-=20
Ing. Gottfried Hufnagel
Systemadministrator
Zentraler Informatikdienst
=D6sterreichische Nationalbibliothek

Josefsplatz 1, 1015 Wien
Tel.:	(+43 1) 53 410 - 607
=46ax:	(+43 1) 53 410 - 610
Email:	got...@on...
Web:	www.onb.ac.at

Re: [bwm-tools-tech] nfmark or user problem? - replace user?

[go0ogl3 <go...@gm...>]

Hello,

some of the output of the iptables follows:

--cut here---
# iptables -t mangle -nvL
Chain PREROUTING (policy ACCEPT 83 packets, 6106 bytes)
pkts bytes target prot opt in out source destination

Chain INPUT (policy ACCEPT 83 packets, 6106 bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MARK udp -- * * 10.0.12.0/24 <http://10.0.12.0/24>
0.0.0.0/0<http://0.0.0.0/0>udp dpt:53 MARK set 0x69
0 0 MARK tcp -- * * 10.0.12.0/24 <http://10.0.12.0/24>
0.0.0.0/0<http://0.0.0.0/0>tcp dpt:53 MARK set 0x69
0 0 MARK udp -- * * 0.0.0.0/0 <http://0.0.0.0/0>
10.0.12.0/24<http://10.0.12.0/24>udp spt:53 MARK set 0xcd
0 0 MARK tcp -- * * 0.0.0.0/0 <http://0.0.0.0/0>
10.0.12.0/24<http://10.0.12.0/24>tcp spt:53 MARK set 0xcd
0 0 MARK tcp -- * * 10.0.12.0/24 <http://10.0.12.0/24>
0.0.0.0/0<http://0.0.0.0/0>length 0:100 MARK set 0x6e
0 0 MARK udp -- * * 10.0.12.0/24 <http://10.0.12.0/24>
0.0.0.0/0<http://0.0.0.0/0>length 0:100 MARK set 0x6e
0 0 MARK tcp -- * * 0.0.0.0/0 <http://0.0.0.0/0>
10.0.12.0/24<http://10.0.12.0/24>length 0:100 MARK set 0xd2
0 0 MARK udp -- * * 0.0.0.0/0 <http://0.0.0.0/0>
10.0.12.0/24<http://10.0.12.0/24>length 0:100 MARK set 0xd2
0 0 MARK icmp -- * * 10.0.12.0/24 <http://10.0.12.0/24>
0.0.0.0/0<http://0.0.0.0/0>MARK set 0x73
0 0 MARK icmp -- * * 0.0.0.0/0 <http://0.0.0.0/0>
10.0.12.0/24<http://10.0.12.0/24>MARK set 0xd7
0 0 MARK tcp -- * * 10.0.12.0/24 <http://10.0.12.0/24>
0.0.0.0/0<http://0.0.0.0/0>multiport ports 80,81,82,443,3128,8080 MARK
set 0x78
0 0 MARK tcp -- * * 0.0.0.0/0 <http://0.0.0.0/0>
10.0.12.0/24<http://10.0.12.0/24>multiport ports
80,81,82,443,3128,8080 MARK set 0xdc
---and here---

All the counters are zero because I've re-apllied the rules just before the=
=20
listing. The counters are increasing for the specified rule if I make=20
traffic of that type. in the bwmd chain i have something like:
 ---cut here---
Chain bwmd (34 references)
target prot opt source destination
QUEUE all -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0> MARK=
=20
match !0x0
ACCEPT all -- 0.0.0.0/0 <http://0.0.0.0/0> 0.0.0.0/0 <http://0.0.0.0/0>
---and here---
 If it's neccesary I can give you the scripts I'm using for generating the=
=20
rules.
 I guess I should make some rule after marking to jump in the bwmd chain=20
because the target is MARK, but I'll try that later when I'll have some=20
time. Thank you for opening my eyes. :)
 go0ogl3

On 6/15/05, Kobe Lenjou <ko...@mo...> wrote:
> Hello,
>=20
> Please list the output of 'iptables -L -n -v -t mangle' with your
> question. That's much better to read then your raw script.
>=20
> Your packets are probably wrong marked. Please note that one
> matching mark ('-j MARK) does NOT end processing of the chain, so if the
> packets matches another rule the mark will be overwritten. I wrote on my
> site, always list your marks from generic to specific (the lower the
> mark, the less specific the rule should be)
>=20
> Greetz
> Kobe
>=20
> go0ogl3 wrote:
>=20
> >Hello list,
> >
> >I am trying to use the nfmark feature to "help" use my 256kbit
> >bandwith wisely. I came up with a setup like this:
> >
> >The iptables part:
> >
> >---cut here---
> >IPT=3D`which iptables`
> >mark=3D"-j MARK --set-mark"
> >mf=3D"-t mangle -A FORWARD"
> >
> >iptables -N bwmd
> >iptables -A bwmd -m mark ! --mark 0x0 -j QUEUE
> >iptables -A bwmd -j ACCEPT
> >
> >echo " DNS"
> >$IPT $mf -p udp -s $lan --dport 53 $mark 105
> >$IPT $mf -p tcp -s $lan --dport 53 $mark 105
> >$IPT $mf -p udp -d $lan --sport 53 $mark 205
> >$IPT $mf -p tcp -d $lan --sport 53 $mark 205
> >
> >echo " ICMP"
> >$IPT $mf -p icmp -s $lan $mark 115
> >$IPT $mf -p icmp -d $lan $mark 215
> >..............
> >---and here---
> >
> >The download part of my firewall.xml file is:
> >
> >---cut here---
> > # trafic shape DOWNLOAD
> >
> > <flow name=3D"Main_in" max-rate=3D"30720" burst-rate=3D"30720"
> >queue-len=3D"30" queue-size=3D"30720" stats-len=3D"5" report-timeout=3D"=
60">
> >
> > <flow name=3D"Normal_in" max-rate=3D"30720" burst-rate=3D"30720"
> >queue-len=3D"30" queue-size=3D"30720" stats-len=3D"5" report-timeout=3D"=
60">
> > <flow name=3D"DNS_in" max-rate=3D"3072" burst-rate=3D"30720"
> >queue-len=3D"1" queue-size=3D"1" stats-len=3D"5" report-timeout=3D"60">
> > <queue prio=3D"5" nfmark=3D"105">
> > DNS_in;
> > </queue>
> > </flow>
> > <flow name=3D"ICMP_in" max-rate=3D"3072"
> >burst-rate=3D"30720" queue-len=3D"15" queue-size=3D"960" stats-len=3D"5"
> >report-timeout=3D"60">
> > <queue prio=3D"15" nfmark=3D"115">
> > ICMP_in;
> > </queue>
> > </flow>
> > <flow name=3D"HTTP_in" max-rate=3D"30720"
> >burst-rate=3D"30720" queue-len=3D"10" queue-size=3D"10240" stats-len=3D"=
5"
> >report-timeout=3D"60">
> > <queue prio=3D"20" nfmark=3D"120">
> > HTTP_in;
> > </queue>
> > </flow>
> > </flow>
> >
> > <flow name=3D"Bulk_in" max-rate=3D"30720" burst-rate=3D"30720"
> >queue-len=3D"90" queue-size=3D"92120" stats-len=3D"5" report-timeout=3D"=
60">
> > <flow name=3D"Other_in" max-rate=3D"15360"
> >burst-rate=3D"30720" queue-len=3D"60" queue-size=3D"61440" stats-len=3D"=
5"
> >report-timeout=3D"60">
> > <queue prio=3D"50" nfmark=3D"150">
> > Other_in;
> > </queue>
> > </flow>
> > <flow name=3D"P2P_in" max-rate=3D"15360"
> >burst-rate=3D"30720" queue-len=3D"90" queue-size=3D"92120" stats-len=3D"=
5"
> >report-timeout=3D"60">
> > <queue prio=3D"90" nfmark=3D"190">
> > P2P_in;
> > </queue>
> > </flow>
> > </flow>
> >
> > </flow>
> >
> > # ---end--- trafic shape DOWNLOAD
> >---and here---
> >
> >
> > The Problem (tested with icmp-ping type 8 packets):
> >- the packets get marked, then they reach the QUEUE target, I can see
> >the packets in the "Main_in" flow using bwm_monitor, but they are not
> >"classified" in the "ICMP_in" flow. Any other packet types (like http,
> >p2p, etc) are getting in the "Main" flow but they are not classified
> >in the coresponding flow according to the nfmark.
> > In the bwm_tools manual is something like: "nfmark=3D"..." -
> >Mandatory/Optional parameter to specify the NFMARK of the traffic that
> >applies to this flow. This must be used at the deepest level of flow
> >embedding to match traffic. Each nfmark value MUST be unique! " but
> >there is an example here:
> >"http://bwm-tools.pr.linuxrulz.org/doc/Integration.html#index-nfmark-55"
> >
> > I am using the bwm-tools 0.2.1, kernel 2.6.11.11 <http://2.6.11.11>,=20
iptables v1.2.11
> >
> >Where is the mistake?
> >
> >P.S.:
> >- I'm not very sure of the 'correct' usage of "queue-len" and
> >"queue-size" (in my config are --testing-- values)
> >- I'm not very sure if bwm-tools "understands" what I want to
> >accomplish with my hierarhical setup (I want dns, icmp and http
> >traffic to have priority and to be interactive-like and p2p and other
> >traffic to have last priority even if it will have a huge delay)
> >- I'm willing to write some sort of a manual (in about 2 weeks I hope
> >I'll have more free time) with examples if I will be able to fully
> >understand the "inner game" of bwm-tools
> >- Please excuse my english and my long email but i'm sleepy now...
> >
> >go0ogl3
> >
> >
> >-------------------------------------------------------
> >SF.Net <http://SF.Net> email is sponsored by: Discover Easy Linux=20
Migration Strategies
> >from IBM. Find simple to follow Roadmaps, straightforward articles,
> >informative Webcasts and more! Get everything you need to get up to
> >speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id=16492&op=3Dclick
> >_______________________________________________
> >bwm-tools-tech mailing list
> >bwm...@li...
> >https://lists.sourceforge.net/lists/listinfo/bwm-tools-tech
> >
> >
> >
> >
>=20
>=20
> -------------------------------------------------------
> SF.Net <http://SF.Net> email is sponsored by: Discover Easy Linux=20
Migration Strategies
> from IBM. Find simple to follow Roadmaps, straightforward articles,
> informative Webcasts and more! Get everything you need to get up to
> speed, fast. http://ads.osdn.com/?ad_id=3D7477&alloc_id=3D16492&op=3Dclic=
k
> _______________________________________________
> bwm-tools-tech mailing list
> bwm...@li...
> https://lists.sourceforge.net/lists/listinfo/bwm-tools-tech
>

Re: [bwm-tools-tech] nfmark or user problem? - replace user?

[Kobe L. <ko...@mo...>]

Hello,

    Please list the output of 'iptables -L -n -v -t mangle' with your 
question. That's much better to read then your raw script.

    Your packets are probably wrong marked. Please note that one 
matching mark ('-j MARK) does NOT end processing of the chain, so if the 
packets matches another rule the mark will be overwritten. I wrote on my 
site, always list your marks from generic to specific (the lower the 
mark, the less specific the rule should be)

Greetz
Kobe

go0ogl3 wrote:

>Hello list,
>
>I am trying to use the nfmark feature to "help" use my 256kbit
>bandwith wisely. I came up with a setup like this:
>
>The iptables part:
>
>---cut here---
>IPT=`which iptables`
>mark="-j MARK --set-mark"
>mf="-t mangle -A FORWARD"
>
>iptables -N bwmd
>iptables -A bwmd -m mark ! --mark 0x0 -j QUEUE
>iptables -A bwmd -j ACCEPT
>
>echo " DNS"
>$IPT $mf -p udp -s $lan --dport 53 $mark 105
>$IPT $mf -p tcp -s $lan --dport 53 $mark 105
>$IPT $mf -p udp -d $lan --sport 53 $mark 205
>$IPT $mf -p tcp -d $lan --sport 53 $mark 205
>
>echo " ICMP"
>$IPT $mf -p icmp -s $lan $mark 115
>$IPT $mf -p icmp -d $lan $mark 215
>..............
>---and here---
>
>The download part of my firewall.xml file is:
>
>---cut here---
>            # trafic shape DOWNLOAD
>
>     <flow name="Main_in" max-rate="30720" burst-rate="30720"
>queue-len="30" queue-size="30720" stats-len="5" report-timeout="60">
>
>            <flow name="Normal_in" max-rate="30720" burst-rate="30720"
>queue-len="30" queue-size="30720" stats-len="5" report-timeout="60">
>                <flow name="DNS_in" max-rate="3072" burst-rate="30720"
>queue-len="1" queue-size="1" stats-len="5" report-timeout="60">
>                    <queue prio="5" nfmark="105">
>                            DNS_in;
>                    </queue>
>                </flow>
>                <flow name="ICMP_in" max-rate="3072"
>burst-rate="30720" queue-len="15" queue-size="960" stats-len="5"
>report-timeout="60">
>                    <queue prio="15" nfmark="115">
>                            ICMP_in;
>                    </queue>
>                </flow>
>                <flow name="HTTP_in" max-rate="30720"
>burst-rate="30720" queue-len="10" queue-size="10240" stats-len="5"
>report-timeout="60">
>                    <queue prio="20" nfmark="120">
>                            HTTP_in;
>                    </queue>
>                </flow>
>            </flow>
>
>            <flow name="Bulk_in" max-rate="30720" burst-rate="30720"
>queue-len="90" queue-size="92120" stats-len="5" report-timeout="60">
>                <flow name="Other_in" max-rate="15360"
>burst-rate="30720" queue-len="60" queue-size="61440" stats-len="5"
>report-timeout="60">
>                    <queue prio="50" nfmark="150">
>                            Other_in;
>                    </queue>
>                </flow>
>                <flow name="P2P_in" max-rate="15360"
>burst-rate="30720" queue-len="90" queue-size="92120" stats-len="5"
>report-timeout="60">
>                    <queue prio="90" nfmark="190">
>                            P2P_in;
>                    </queue>
>                </flow>
>            </flow>
>
>    </flow>
>
>            # ---end--- trafic shape DOWNLOAD
>---and here---
>
>
>  The Problem (tested with icmp-ping type 8 packets):
>- the packets get marked, then they reach the QUEUE target, I can see
>the packets in the "Main_in" flow using bwm_monitor, but they are not
>"classified" in the "ICMP_in" flow. Any other packet types (like http,
>p2p, etc) are getting in the "Main" flow but they are not classified
>in the coresponding flow according to the nfmark.
>  In the bwm_tools manual is something like: "nfmark="..." -
>Mandatory/Optional parameter to specify the NFMARK of the traffic that
>applies to this flow. This must be used at the deepest level of flow
>embedding to match traffic. Each nfmark value MUST be unique! " but
>there is an example here:
>"http://bwm-tools.pr.linuxrulz.org/doc/Integration.html#index-nfmark-55"
>
>  I am using the bwm-tools 0.2.1, kernel 2.6.11.11, iptables v1.2.11
>
>Where is the mistake?
>
>P.S.: 
>-  I'm not very sure of the 'correct' usage of "queue-len" and
>"queue-size" (in my config are --testing-- values)
>-  I'm not very sure if bwm-tools "understands" what I want to
>accomplish with my hierarhical setup (I want dns, icmp and http
>traffic to have priority and to be interactive-like and p2p and other
>traffic to have last priority even if it will have a huge delay)
>-  I'm willing to write some sort of a manual (in about 2 weeks I hope
>I'll have more free time) with examples if I will be able to fully
>understand the "inner game" of bwm-tools
>-  Please excuse my english and my long email but i'm sleepy now... 
>
>go0ogl3
>
>
>-------------------------------------------------------
>SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
>from IBM. Find simple to follow Roadmaps, straightforward articles,
>informative Webcasts and more! Get everything you need to get up to
>speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
>_______________________________________________
>bwm-tools-tech mailing list
>bwm...@li...
>https://lists.sourceforge.net/lists/listinfo/bwm-tools-tech
>
>
>  
>

[bwm-tools-tech] nfmark or user problem? - replace user?

[go0ogl3 <go...@gm...>]

Hello list,

I am trying to use the nfmark feature to "help" use my 256kbit
bandwith wisely. I came up with a setup like this:

The iptables part:

---cut here---
IPT=3D`which iptables`
mark=3D"-j MARK --set-mark"
mf=3D"-t mangle -A FORWARD"

iptables -N bwmd
iptables -A bwmd -m mark ! --mark 0x0 -j QUEUE
iptables -A bwmd -j ACCEPT

echo " DNS"
$IPT $mf -p udp -s $lan --dport 53 $mark 105
$IPT $mf -p tcp -s $lan --dport 53 $mark 105
$IPT $mf -p udp -d $lan --sport 53 $mark 205
$IPT $mf -p tcp -d $lan --sport 53 $mark 205

echo " ICMP"
$IPT $mf -p icmp -s $lan $mark 115
$IPT $mf -p icmp -d $lan $mark 215
..............
---and here---

The download part of my firewall.xml file is:

---cut here---
            # trafic shape DOWNLOAD

     <flow name=3D"Main_in" max-rate=3D"30720" burst-rate=3D"30720"
queue-len=3D"30" queue-size=3D"30720" stats-len=3D"5" report-timeout=3D"60"=
>

            <flow name=3D"Normal_in" max-rate=3D"30720" burst-rate=3D"30720=
"
queue-len=3D"30" queue-size=3D"30720" stats-len=3D"5" report-timeout=3D"60"=
>
                <flow name=3D"DNS_in" max-rate=3D"3072" burst-rate=3D"30720=
"
queue-len=3D"1" queue-size=3D"1" stats-len=3D"5" report-timeout=3D"60">
                    <queue prio=3D"5" nfmark=3D"105">
                            DNS_in;
                    </queue>
                </flow>
                <flow name=3D"ICMP_in" max-rate=3D"3072"
burst-rate=3D"30720" queue-len=3D"15" queue-size=3D"960" stats-len=3D"5"
report-timeout=3D"60">
                    <queue prio=3D"15" nfmark=3D"115">
                            ICMP_in;
                    </queue>
                </flow>
                <flow name=3D"HTTP_in" max-rate=3D"30720"
burst-rate=3D"30720" queue-len=3D"10" queue-size=3D"10240" stats-len=3D"5"
report-timeout=3D"60">
                    <queue prio=3D"20" nfmark=3D"120">
                            HTTP_in;
                    </queue>
                </flow>
            </flow>

            <flow name=3D"Bulk_in" max-rate=3D"30720" burst-rate=3D"30720"
queue-len=3D"90" queue-size=3D"92120" stats-len=3D"5" report-timeout=3D"60"=
>
                <flow name=3D"Other_in" max-rate=3D"15360"
burst-rate=3D"30720" queue-len=3D"60" queue-size=3D"61440" stats-len=3D"5"
report-timeout=3D"60">
                    <queue prio=3D"50" nfmark=3D"150">
                            Other_in;
                    </queue>
                </flow>
                <flow name=3D"P2P_in" max-rate=3D"15360"
burst-rate=3D"30720" queue-len=3D"90" queue-size=3D"92120" stats-len=3D"5"
report-timeout=3D"60">
                    <queue prio=3D"90" nfmark=3D"190">
                            P2P_in;
                    </queue>
                </flow>
            </flow>

    </flow>

            # ---end--- trafic shape DOWNLOAD
---and here---


  The Problem (tested with icmp-ping type 8 packets):
- the packets get marked, then they reach the QUEUE target, I can see
the packets in the "Main_in" flow using bwm_monitor, but they are not
"classified" in the "ICMP_in" flow. Any other packet types (like http,
p2p, etc) are getting in the "Main" flow but they are not classified
in the coresponding flow according to the nfmark.
  In the bwm_tools manual is something like: "nfmark=3D"..." -
Mandatory/Optional parameter to specify the NFMARK of the traffic that
applies to this flow. This must be used at the deepest level of flow
embedding to match traffic. Each nfmark value MUST be unique! " but
there is an example here:
"http://bwm-tools.pr.linuxrulz.org/doc/Integration.html#index-nfmark-55"

  I am using the bwm-tools 0.2.1, kernel 2.6.11.11, iptables v1.2.11

Where is the mistake?

P.S.:=20
-  I'm not very sure of the 'correct' usage of "queue-len" and
"queue-size" (in my config are --testing-- values)
-  I'm not very sure if bwm-tools "understands" what I want to
accomplish with my hierarhical setup (I want dns, icmp and http
traffic to have priority and to be interactive-like and p2p and other
traffic to have last priority even if it will have a huge delay)
-  I'm willing to write some sort of a manual (in about 2 weeks I hope
I'll have more free time) with examples if I will be able to fully
understand the "inner game" of bwm-tools
-  Please excuse my english and my long email but i'm sleepy now...=20

go0ogl3

[bwm-tools-tech] Tutorial or Quickstart!!!

[Rizwan S. S. <ra...@ya...>]

as this tool uses xml to create a file it should not
be very hard to create a tool for configuration. any
language can be used. i can do a bit of programming in
java but i still need to get this working then i can
build a tool for xml file generation. i need help in
understanding it and getting it to work. i dont need
pushing every step, once i get it going i am sure i
will be able to move on from there.........


		
__________________________________ 
Discover Yahoo! 
Get on-the-go sports scores, stock quotes, news and more. Check it out! 
http://discover.yahoo.com/mobile.html

Re: [bwm-tools-tech] Tutorial or Quickstart!!!

[George L O. <glo...@ke...>]

A utility to help with configuration would certainly be good.
  ----- Original Message -----=20
  From: Giang Hu=20
  To: bwm...@li...=20
  Sent: Saturday, June 11, 2005 7:04 AM
  Subject: Re: [bwm-tools-tech] Tutorial or Quickstart!!!


  It would be better if it has a utility to help configuration. Do you =
think so?


  On 6/11/05, Rizwan Sarwar Sundhu <ra...@ya... > wrote:
    Hi,
        i have tried to use this tool and failed. the
    quick start guide or help=20
    provided on site is not helping as well. the
    information is confusing and
    not well organized for simple users like me (it might
    be helpful for
    experienced users). I think two or three simple but
    well explained tutorials=20
    would be a very helpful. I think this tool has a huge
    potential that is why
    i keep on trying to make it work. Not a single
    firewall and traffic shapping
    tool for linux has got my attention as much as this
    tool got. i know the
    developers are already doing a brilliant job on
    providing us with this tool
    but it would be very nice if someone can help
    providing a clear and concise
    documentation or tutorials. I would be more than happy=20
    to do that if i can
    get this thing going on my system.


    Regards
    Rizwan


    __________________________________________________
    Do You Yahoo!?
    Tired of spam?  Yahoo! Mail has the best spam protection around=20
    http://mail.yahoo.com


    -------------------------------------------------------
    This SF.Net email is sponsored by: NEC IT Guy Games.  How far can =
you shotput=20
    a projector? How fast can you ride your desk chair down the office =
luge track?
    If you want to score the big prize, get to know the little guy.
    Play to win an NEC 61" plasma display: =
http://www.necitguy.com/?r=3D20
    _______________________________________________
    bwm-tools-tech mailing list
    bwm...@li...
    https://lists.sourceforge.net/lists/listinfo/bwm-tools-tech




  --=20
  You are in control of your own wonderful life :)

Re: [bwm-tools-tech] Tutorial or Quickstart!!!

[Andrew N. <and...@gm...>]

I am working on the quick start. I am planing two versions one
integrating with an existing firewall and one as a stand alone
version. I also am considering making a configuration web based
interface. No details yet nor I have I stared any actual work just a
concept worked out.

The stand alone guide should be done very soon. I had other problems
this week that stole time from getting them finished. They are back on
the top of my priority list. I will post a link to the list after they
are finished.

On 6/10/05, Giang Hu <fre...@gm...> wrote:
> It would be better if it has a utility to help configuration. Do you thin=
k
> so?
>=20
>=20
> On 6/11/05, Rizwan Sarwar Sundhu <ra...@ya... > wrote:
> > Hi,
> >     i have tried to use this tool and failed. the
> > quick start guide or help=20
> > provided on site is not helping as well. the
> > information is confusing and
> > not well organized for simple users like me (it might
> > be helpful for
> > experienced users). I think two or three simple but
> > well explained tutorials=20
> > would be a very helpful. I think this tool has a huge
> > potential that is why
> > i keep on trying to make it work. Not a single
> > firewall and traffic shapping
> > tool for linux has got my attention as much as this
> > tool got. i know the
> > developers are already doing a brilliant job on
> > providing us with this tool
> > but it would be very nice if someone can help
> > providing a clear and concise
> > documentation or tutorials. I would be more than happy=20
> > to do that if i can
> > get this thing going on my system.
> >=20
> >=20
> > Regards
> > Rizwan
> >=20
> >=20
> > __________________________________________________
> > Do You Yahoo!?
> > Tired of spam?  Yahoo! Mail has the best spam protection around=20
> > http://mail.yahoo.com
> >=20
> >=20
> > -------------------------------------------------------
> > This SF.Net email is sponsored by: NEC IT Guy Games.  How far can you
> shotput=20
> > a projector? How fast can you ride your desk chair down the office luge
> track?
> > If you want to score the big prize, get to know the little guy.
> > Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=3D20
> > _______________________________________________
> > bwm-tools-tech mailing list
> > bwm...@li...
> >
> https://lists.sourceforge.net/lists/listinfo/bwm-tools-tech
> >=20
>=20
>=20
>=20
> --=20
> You are in control of your own wonderful life :)
>

Re: [bwm-tools-tech] Tutorial or Quickstart!!!

[Giang Hu <fre...@gm...>]

It would be better if it has a utility to help configuration. Do you think=
=20
so?

On 6/11/05, Rizwan Sarwar Sundhu <ra...@ya...> wrote:
>=20
> Hi,
> i have tried to use this tool and failed. the
> quick start guide or help
> provided on site is not helping as well. the
> information is confusing and
> not well organized for simple users like me (it might
> be helpful for
> experienced users). I think two or three simple but
> well explained tutorials
> would be a very helpful. I think this tool has a huge
> potential that is why
> i keep on trying to make it work. Not a single
> firewall and traffic shapping
> tool for linux has got my attention as much as this
> tool got. i know the
> developers are already doing a brilliant job on
> providing us with this tool
> but it would be very nice if someone can help
> providing a clear and concise
> documentation or tutorials. I would be more than happy
> to do that if i can
> get this thing going on my system.
>=20
>=20
> Regards
> Rizwan
>=20
>=20
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>=20
>=20
> -------------------------------------------------------
> This SF.Net <http://SF.Net> email is sponsored by: NEC IT Guy Games. How=
=20
> far can you shotput
> a projector? How fast can you ride your desk chair down the office luge=
=20
> track?
> If you want to score the big prize, get to know the little guy.
> Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=3D20
> _______________________________________________
> bwm-tools-tech mailing list
> bwm...@li...
> https://lists.sourceforge.net/lists/listinfo/bwm-tools-tech
>=20



--=20
You are in control of your own wonderful life :)

[bwm-tools-tech] Tutorial or Quickstart!!!

[Rizwan S. S. <ra...@ya...>]

Hi,
    i have tried to use this tool and failed. the
quick start guide or help 
provided on site is not helping as well. the
information is confusing and 
not well organized for simple users like me (it might
be helpful for 
experienced users). I think two or three simple but
well explained tutorials 
would be a very helpful. I think this tool has a huge
potential that is why 
i keep on trying to make it work. Not a single
firewall and traffic shapping 
tool for linux has got my attention as much as this
tool got. i know the 
developers are already doing a brilliant job on
providing us with this tool 
but it would be very nice if someone can help
providing a clear and concise 
documentation or tutorials. I would be more than happy
to do that if i can 
get this thing going on my system.


Regards
Rizwan


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Re: [bwm-tools-tech] Quick Start Guide

[Nigel K. <nk...@lb...>]

However much I would like to try, my weakest point is probably
documentation... I tried my best with the manual and I still hear its
kinda hard to understand :-(

If anyone is willing to write a quickstart guide I would have no problem
including it in the next release. I would be willing to dedicate some of
my time to help with any questions someone writing a guide would have.

Btw, have you checked Kobe's site?  http://www.murder4al.be/

--
Regards
Nigel

Re: [bwm-tools-tech] Quick Start Guide

[tanel a. <sa...@li...>]

That would help me a lot also...

TIA
----
tanel

On Thu, 2 Jun 2005, Andrew Niemantsverdriet wrote:

> Is there such a document out there?
>
> The doc's on the web site are great but a start to finish guide would
> be even better. I guess what I want is just something that has traffic
> shapping only and how to get it going step by step.
>
> I am confused as to how to even get started. I installed it but I have
> no idea on how to configure it.
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by Yahoo.
> Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
> Search APIs Find out how you can build Yahoo! directly into your own
> Applications - visit http://developer.yahoo.net/?fr_______________________________________________
> bwm-tools-tech mailing list
> bwm...@li...
> https://lists.sourceforge.net/lists/listinfo/bwm-tools-tech
>

[bwm-tools-tech] Quick Start Guide

[Andrew N. <and...@gm...>]

Is there such a document out there?

The doc's on the web site are great but a start to finish guide would
be even better. I guess what I want is just something that has traffic
shapping only and how to get it going step by step.

I am confused as to how to even get started. I installed it but I have
no idea on how to configure it.

Re: [bwm-tools-tech] bwm tools traffic shaping issue

[Giang Hu <fre...@gm...>]

On 5/26/05, vishal singh <vis...@ho...> wrote:
>=20
> Hi
> even i noticed that. Does that mean firewall rules are wrong?=20


- No, I did not say "firewall rules are wrong" :-o.=20

Didnt understand "downloaded from gateway".


- "downloaded from gateway" you are running services (ftp,...) on=20
192.168.1.69 <http://192.168.1.69> and then your client downloaded from it

Could you tell me if I am wrong in setting up the network? My "router" has
> only one i/face active, 192.168.1.69 <http://192.168.1.69>. and all=20
> packets are sent to it and
> come out of it. Is that the problem??


Again, I didnt say you are any wrong and I dont know howto explain. Sorry I=
=20
could not help you so far :(

Its not hard to build a (more really) testing network using ip alias:
- Config your "router" to run two ip. Ex: eth0:0 run
192.168.1.69/16<http://192.168.1.69/16>and eth0:1
10.0.0.1/8 <http://10.0.0.1/8>
- Config your client ip something like 10.x.x.x/8 with default gw
10.0.0.1/8<http://10.0.0.1/8>
- Config firewall rules and running test

I mean a "suggestion", good luck :)
Giang Hu=20


Vishal Singh



>From: Giang Hu <fre...@gm...>
> >To: bwm...@li...
> >Subject: Re: [bwm-tools-tech] bwm tools traffic shaping issue
> >Date: Wed, 25 May 2005 19:32:38 +0700
> >
> >Hi Vishal,
> >
> >bwmd take traffic limiting effect only if traffic target is *QUEUE*. As
> >your status:
> >
> >Chain bwmd (3 references)
> >pkts bytes target prot opt in out source
> >destination
> > 14 807 QUEUE all -- * * 0.0.0.0/0 <http://0.0.0.0/0>
> >0.0.0.0/0 <http://0.0.0.0/0> MARK match !0x0
> >5136 703K ACCEPT all -- * * 0.0.0.0/0 <http://0.0.0.0/0>
> >0.0.0.0/0 <http://0.0.0.0/0>
> >
> >Only small *FORWARD* traffic go through *QUEUE *when all others jump to
> >ACCEPT (did you downloaded from gateway? Set */nfmark/* for *INPUT*=20
> chain?)
> >
> >Just a though, good luck
> >Giang Hu.
> >
> >vishal singh wrote:
> >
> >>Hi Nigel
> >>
> >>In brief, let me first describe what I am trying to do:
> >>
> >>I have configured one Linux Box, 192.168.1.69 <http://192.168.1.69> as =
a=20
> router and installed
> >>bwm tools. This has the default gateway of 192.168.1.114<http://192.168=
.1.114>
> >>
> >>Also, I have configured another Linux Box, 192.168.1.163<http://192.168=
.1.163>and made the
> >>previous box as its default gateway. So anything that not on the local
> >>net, goes to 192.168.1.69 <http://192.168.1.69>.
> >>
> >>This is my bwm firewall file:
> >>
> >>
> >><firewall>
> >><global>
> >> <modules>
> >> <load name=3D"ip_queue"/>
> >> <load name=3D"ip_conntrack_ftp"/>
> >> <load name=3D"ip_nat_ftp"/>
> >> </modules>
> >>
> >>
> >>#Classes
> >>
> >> <class name=3D "http_public_traffic_inout">
> >><address name=3D"http_inout" proto=3D"tcp" dst-port=3D"80"/>
> >></class>
> >>
> >>
> >><class name=3D "https_public_traffic_inout">
> >><address name=3D"https_inout" proto=3D"tcp" dst-port=3D"443"/>
> >></class>
> >>
> >>
> >><class name=3D "ftp_public_traffic_inout">
> >><address name=3D"ftp_inout" proto=3D"tcp" dst-port=3D"21"/>
> >></class>
> >>
> >>
> >>
> >><class name=3D "DNS_traffic_inout">
> >><address name=3D"DNS_inout" proto=3D"udp" dst-port=3D"53"/>
> >></class>
> >>
> >>
> >><class name=3D "icmp_traffic_inout">
> >><address name=3D"icmp_inout" proto=3D"icmp" />
> >></class>
> >>
> >>
> >>
> >>
> >>
> >>
> >><class name=3D "http_private_traffic_inout">
> >><address name=3D"http_inout" dst=3D"192.168.0.0/16 <http://192.168.0.0/=
16>"=20
> proto=3D"tcp"
> >>dst-port=3D"80"/>
> >></class>
> >>
> >><class name=3D "ftp_private_traffic_inout">
> >><address name=3D"ftp_inout" dst=3D"192.168.0.0/16 <http://192.168.0.0/1=
6>"=20
> proto=3D"tcp"
> >>dst-port=3D"21"/>
> >></class>
> >>
> >>
> >><class name=3D "telnet_private_traffic_inout">
> >><address name=3D"telnet_inout" dst=3D"192.168.0.0/16 <http://192.168.0.=
0/16>"=20
> proto=3D"tcp"
> >>dst-port=3D"23"/>
> >></class>
> >>
> >>
> >><class name=3D "ssh_private_traffic_inout">
> >><address name=3D"ssh_inout" dst=3D"192.168.0.0/16 <http://192.168.0.0/1=
6>"=20
> proto=3D"tcp"
> >>dst-port=3D"22"/>
> >></class>
> >>
> >>
> >><class name=3D "smtp_private_traffic_inout">
> >><address name=3D"http_inout" src=3D"192.168.1.112 <http://192.168.1.112=
>"=20
> proto=3D"tcp"
> >>dst-port=3D"25"/>
> >></class>
> >>
> >>
> >><class name=3D "pop3_private_traffic_inout">
> >><address name=3D"pop3_inout" src=3D"192.168.1.112 <http://192.168.1.112=
>"=20
> dst=3D"63.80.142.98 <http://63.80.142.98>"
> >>proto=3D"tcp" dst-port=3D"110"/>
> >></class>
> >>
> >>
> >>
> >>
> >><class name=3D "icmp_private_traffic_inout">
> >><address name=3D"icmp_inout" dst=3D"192.168.0.0/16 <http://192.168.0.0/=
16>"=20
> proto=3D"icmp" />
> >></class>
> >>
> >>
> >>
> >>
> >>
> >>
> >><class name=3D "http_private_traffic_outin">
> >><address name=3D"http_outin" dst=3D"192.168.0.0/16 <http://192.168.0.0/=
16>"=20
> proto=3D"tcp" dst-port=3D"80"
> >>/>
> >></class>
> >>
> >><class name=3D "ftp_private_traffic_outin">
> >><address name=3D"ftp_outin" dst=3D"192.168.0.0/16 <http://192.168.0.0/1=
6>"=20
> proto=3D"tcp"
> >>dst-port=3D"21"/>
> >></class>
> >>
> >>
> >><class name=3D "telnet_private_traffic_outin">
> >><address name=3D"telnet_outin" dst=3D"192.168.0.0/16 <http://192.168.0.=
0/16>"=20
> proto=3D"tcp"
> >>dst-port=3D"23"/>
> >></class>
> >>
> >>
> >><class name=3D "ssh_private_traffic_outin">
> >><address name=3D"ssh_outin" dst=3D"192.168.0.0/16 <http://192.168.0.0/1=
6>"=20
> proto=3D"tcp"
> >>dst-port=3D"22"/>
> >></class>
> >>
> >>
> >><class name=3D "icmp_private_traffic_outin">
> >><address name=3D"icmp_outin" proto=3D"icmp" />
> >></class>
> >>
> >>
> >>
> >>
> >><class name=3D "snmp_private_traffic">
> >><address name=3D"snmpprivate" proto=3D"tcp" dst-port=3D"161"/>
> >></class>
> >></global>
> >>
> >><acl>
> >> <table name=3D"filter">
> >> <chain name=3D"INPUT">
> >> <rule target=3D"bwmd">
> >> </rule>
> >> </chain>
> >> <chain name=3D"OUTPUT">
> >> <rule target=3D"bwmd">
> >> </rule>
> >> </chain>
> >> <chain name=3D"FORWARD">
> >> <rule target=3D"bwmd">
> >> </rule>
> >> </chain>
> >> </table>
> >></acl>
> >>
> >>
> >><traffic>
> >> <flow name=3D"total_in" max-rate=3D"64000" report-timeout=3D"60">
> >> <flow name=3D"http_https_public" max-rate=3D"16000" burst-rate=3D"1200=
00"
> >>nfmark=3D"100">
> >> http_public_traffic_inout
> >> https_public_traffic_inout
> >> http_private_traffic_inout
> >> </flow>
> >> <flow name=3D"ftp_public" max-rate=3D"16000" burst-rate=3D"64000"
> >>nfmark=3D"101">
> >> ftp_public_traffic_inout
> >> </flow>
> >> <flow name=3D"dns_icmp_public" max-rate=3D"4000" burst-rate=3D"4500"
> >>nfmark=3D"102">
> >> DNS_traffic_inout
> >> icmp_private_traffic_outin
> >> </flow>
> >> <flow name=3D"ftp_private" max-rate=3D"128000" burst-rate=3D"128000"
> >>nfmark=3D"103">
> >> ftp_private_traffic_inout
> >> </flow>
> >> </flow>
> >>
> >> </traffic>
> >>
> >>
> >></firewall>
> >>
> >>
> >>This is the o/p of iptables -L -n -v
> >>
> >>
> >>[root@bplinux60 bwm_tools]# iptables -L -n -v
> >>Chain INPUT (policy ACCEPT 64100 packets, 8753K bytes)
> >>pkts bytes target prot opt in out source
> >>destination
> >>8701 1178K bwmd all -- * * 0.0.0.0/0 <http://0.0.0.0/0>
> >>0.0.0.0/0 <http://0.0.0.0/0>
> >>
> >>Chain FORWARD (policy ACCEPT 41 packets, 1772 bytes)
> >>pkts bytes target prot opt in out source
> >>destination
> >> 47 2163 bwmd all -- * * 0.0.0.0/0 <http://0.0.0.0/0>
> >>0.0.0.0/0 <http://0.0.0.0/0>
> >>
> >>Chain OUTPUT (policy ACCEPT 37501 packets, 5413K bytes)
> >>pkts bytes target prot opt in out source
> >>destination
> >> 270 28205 bwmd all -- * * 0.0.0.0/0 <http://0.0.0.0/0>
> >>0.0.0.0/0 <http://0.0.0.0/0>
> >>
> >>Chain bwmd (3 references)
> >>pkts bytes target prot opt in out source
> >>destination
> >> 14 807 QUEUE all -- * * 0.0.0.0/0 <http://0.0.0.0/0>
> >>0.0.0.0/0 <http://0.0.0.0/0> MARK match !0x0
> >>5136 703K ACCEPT all -- * * 0.0.0.0/0 <http://0.0.0.0/0>
> >>0.0.0.0/0 <http://0.0.0.0/0>
> >>
> >>
> >>
> >>And this the o/p of iptables -L -n -v -t mangle
> >>
> >>[root@bplinux60 bwm_tools]# iptables -L -n -v -t mangle
> >>Chain PREROUTING (policy ACCEPT 327K packets, 45M bytes)
> >>pkts bytes target prot opt in out source
> >>destination
> >>
> >>Chain INPUT (policy ACCEPT 10826 packets, 1463K bytes)
> >>pkts bytes target prot opt in out source
> >>destination
> >>
> >>Chain FORWARD (policy ACCEPT 47 packets, 2163 bytes)
> >>pkts bytes target prot opt in out source
> >>destination
> >> 0 0 MARK tcp -- * * 0.0.0.0/0 <http://0.0.0.0/0>
> >>0.0.0.0/0 <http://0.0.0.0/0> tcp dpt:80 MARK set 0x64
> >> 0 0 MARK tcp -- * * 0.0.0.0/0 <http://0.0.0.0/0>
> >>0.0.0.0/0 <http://0.0.0.0/0> tcp dpt:443 MARK set 0x64
> >> 0 0 MARK tcp -- * * 0.0.0.0/0 <http://0.0.0.0/0>
> >>192.168.0.0/16 <http://192.168.0.0/16> tcp dpt:80 MARK set 0x64
> >> 10 471 MARK tcp -- * * 0.0.0.0/0 <http://0.0.0.0/0>
> >>0.0.0.0/0 <http://0.0.0.0/0> tcp dpt:21 MARK set 0x65
> >> 0 0 MARK udp -- * * 0.0.0.0/0 <http://0.0.0.0/0>
> >>0.0.0.0/0 <http://0.0.0.0/0> udp dpt:53 MARK set 0x66
> >> 4 336 MARK icmp -- * * 0.0.0.0/0 <http://0.0.0.0/0>
> >>0.0.0.0/0 <http://0.0.0.0/0> MARK set 0x66
> >> 10 471 MARK tcp -- * * 0.0.0.0/0 <http://0.0.0.0/0>
> >>192.168.0.0/16 <http://192.168.0.0/16> tcp dpt:21 MARK set 0x67
> >>
> >>Chain OUTPUT (policy ACCEPT 2500 packets, 341K bytes)
> >>pkts bytes target prot opt in out source
> >>destination
> >>
> >>Chain POSTROUTING (policy ACCEPT 66605 packets, 9144K bytes)
> >>pkts bytes target prot opt in out source
> >>destination
> >>
> >>
> >>
> >>
> >>My problem is; when I fire bwmd and thereafter run bwm_monitor, the
> >>monitor does display some counters , but I see no traffic limiting. For
> >>example, if I limit ftp traffic to 8kb, it makes no effect. And=20
> strangely,
> >>ftp counters arent updated.
> >>
> >>Please help!!!
> >>
> >>
> >>Vishal Singh
> >>
> >>
> >>
> >>Vishal Singh
> >>
> >>
> >>
> >>
> >>-------------------------------------------------------
> >>This SF.Net <http://SF.Net> email is sponsored by Yahoo.
> >>Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
> >>Search APIs Find out how you can build Yahoo! directly into your own
> >>Applications - visit=20
> http://developer.yahoo.net/?fr=3Doffad-ysdn-ostg-q22005
> >>_______________________________________________
> >>bwm-tools-tech mailing list
> >>bwm...@li...
> >>https://lists.sourceforge.net/lists/listinfo/bwm-tools-tech
> >>
> >
>=20
>=20
>=20


--=20
You are in control of your own wonderful life :)

Re: [bwm-tools-tech] bwm tools traffic shaping issue

[vishal s. <vis...@ho...>]

Hi
even i noticed that. Does that mean firewall rules are wrong? Didnt 
understand "downloaded from gateway".

Could you tell me if I am wrong in setting up the network? My "router" has 
only one i/face active, 192.168.1.69. and all packets are sent to it and 
come out of it. Is that the problem??



Vishal Singh




>From: Giang Hu <fre...@gm...>
>To: bwm...@li...
>Subject: Re: [bwm-tools-tech] bwm tools traffic shaping issue
>Date: Wed, 25 May 2005 19:32:38 +0700
>
>Hi Vishal,
>
>bwmd take traffic limiting effect only if traffic target is *QUEUE*. As 
>your status:
>
>Chain bwmd (3 references)
>pkts bytes target     prot opt in     out     source               
>destination
>  14   807 QUEUE      all  --  *      *       0.0.0.0/0            
>0.0.0.0/0          MARK match !0x0
>5136  703K ACCEPT     all  --  *      *       0.0.0.0/0            
>0.0.0.0/0
>
>Only small *FORWARD* traffic go through *QUEUE *when all others jump to 
>ACCEPT (did you downloaded from gateway? Set */nfmark/* for *INPUT* chain?)
>
>Just a though, good luck
>Giang Hu.
>
>vishal singh wrote:
>
>>Hi Nigel
>>
>>In brief, let me first describe what I am trying to do:
>>
>>I have configured one Linux Box, 192.168.1.69 as a router and installed 
>>bwm tools. This has the default gateway of 192.168.1.114
>>
>>Also, I have configured another Linux Box, 192.168.1.163 and made the 
>>previous box as its default gateway. So anything that not on the local 
>>net, goes to 192.168.1.69.
>>
>>This is my bwm firewall file:
>>
>>
>><firewall>
>><global>
>>     <modules>
>>         <load name="ip_queue"/>
>>         <load name="ip_conntrack_ftp"/>
>>         <load name="ip_nat_ftp"/>
>>         </modules>
>>
>>
>>#Classes
>>
>>         <class name= "http_public_traffic_inout">
>><address name="http_inout"  proto="tcp" dst-port="80"/>
>></class>
>>
>>
>><class name= "https_public_traffic_inout">
>><address name="https_inout"  proto="tcp" dst-port="443"/>
>></class>
>>
>>
>><class name= "ftp_public_traffic_inout">
>><address name="ftp_inout"  proto="tcp" dst-port="21"/>
>></class>
>>
>>
>>
>><class name= "DNS_traffic_inout">
>><address name="DNS_inout"  proto="udp" dst-port="53"/>
>></class>
>>
>>
>><class name= "icmp_traffic_inout">
>><address name="icmp_inout" proto="icmp" />
>></class>
>>
>>
>>
>>
>>
>>
>><class name= "http_private_traffic_inout">
>><address name="http_inout" dst="192.168.0.0/16"  proto="tcp" 
>>dst-port="80"/>
>></class>
>>
>><class name= "ftp_private_traffic_inout">
>><address name="ftp_inout" dst="192.168.0.0/16"  proto="tcp" 
>>dst-port="21"/>
>></class>
>>
>>
>><class name= "telnet_private_traffic_inout">
>><address name="telnet_inout" dst="192.168.0.0/16"  proto="tcp" 
>>dst-port="23"/>
>></class>
>>
>>
>><class name= "ssh_private_traffic_inout">
>><address name="ssh_inout" dst="192.168.0.0/16"  proto="tcp" 
>>dst-port="22"/>
>></class>
>>
>>
>><class name= "smtp_private_traffic_inout">
>><address name="http_inout" src="192.168.1.112"  proto="tcp" 
>>dst-port="25"/>
>></class>
>>
>>
>><class name= "pop3_private_traffic_inout">
>><address name="pop3_inout" src="192.168.1.112" dst="63.80.142.98"  
>>proto="tcp" dst-port="110"/>
>></class>
>>
>>
>>
>>
>><class name= "icmp_private_traffic_inout">
>><address name="icmp_inout" dst="192.168.0.0/16" proto="icmp" />
>></class>
>>
>>
>>
>>
>>
>>
>><class name= "http_private_traffic_outin">
>><address name="http_outin" dst="192.168.0.0/16"  proto="tcp" dst-port="80" 
>>/>
>></class>
>>
>><class name= "ftp_private_traffic_outin">
>><address name="ftp_outin" dst="192.168.0.0/16"  proto="tcp" 
>>dst-port="21"/>
>></class>
>>
>>
>><class name= "telnet_private_traffic_outin">
>><address name="telnet_outin" dst="192.168.0.0/16"  proto="tcp" 
>>dst-port="23"/>
>></class>
>>
>>
>><class name= "ssh_private_traffic_outin">
>><address name="ssh_outin" dst="192.168.0.0/16"  proto="tcp" 
>>dst-port="22"/>
>></class>
>>
>>
>><class name= "icmp_private_traffic_outin">
>><address name="icmp_outin" proto="icmp" />
>></class>
>>
>>
>>
>>
>><class name= "snmp_private_traffic">
>><address name="snmpprivate" proto="tcp" dst-port="161"/>
>></class>
>></global>
>>
>><acl>
>>     <table name="filter">
>>     <chain name="INPUT">
>>     <rule target="bwmd">
>>     </rule>
>>     </chain>
>>     <chain name="OUTPUT">
>>     <rule target="bwmd">
>>     </rule>
>>     </chain>
>>     <chain name="FORWARD">
>>     <rule target="bwmd">
>>     </rule>
>>     </chain>
>>     </table>
>></acl>
>>
>>
>><traffic>
>>     <flow name="total_in" max-rate="64000" report-timeout="60">
>>     <flow name="http_https_public" max-rate="16000" burst-rate="120000" 
>>nfmark="100">
>>     http_public_traffic_inout
>>     https_public_traffic_inout
>>     http_private_traffic_inout
>>     </flow>
>>     <flow name="ftp_public" max-rate="16000" burst-rate="64000" 
>>nfmark="101">
>>     ftp_public_traffic_inout
>>     </flow>
>>     <flow name="dns_icmp_public" max-rate="4000" burst-rate="4500" 
>>nfmark="102">
>>     DNS_traffic_inout
>>     icmp_private_traffic_outin
>>     </flow>
>>     <flow name="ftp_private" max-rate="128000" burst-rate="128000" 
>>nfmark="103">
>>     ftp_private_traffic_inout
>>     </flow>
>>     </flow>
>>
>>     </traffic>
>>
>>
>></firewall>
>>
>>
>>This is the o/p of iptables -L -n -v
>>
>>
>>[root@bplinux60 bwm_tools]# iptables -L -n -v
>>Chain INPUT (policy ACCEPT 64100 packets, 8753K bytes)
>>pkts bytes target     prot opt in     out     source               
>>destination
>>8701 1178K bwmd       all  --  *      *       0.0.0.0/0            
>>0.0.0.0/0
>>
>>Chain FORWARD (policy ACCEPT 41 packets, 1772 bytes)
>>pkts bytes target     prot opt in     out     source               
>>destination
>>   47  2163 bwmd       all  --  *      *       0.0.0.0/0            
>>0.0.0.0/0
>>
>>Chain OUTPUT (policy ACCEPT 37501 packets, 5413K bytes)
>>pkts bytes target     prot opt in     out     source               
>>destination
>>  270 28205 bwmd       all  --  *      *       0.0.0.0/0            
>>0.0.0.0/0
>>
>>Chain bwmd (3 references)
>>pkts bytes target     prot opt in     out     source               
>>destination
>>   14   807 QUEUE      all  --  *      *       0.0.0.0/0            
>>0.0.0.0/0          MARK match !0x0
>>5136  703K ACCEPT     all  --  *      *       0.0.0.0/0            
>>0.0.0.0/0
>>
>>
>>
>>And this the o/p of iptables -L -n -v -t mangle
>>
>>[root@bplinux60 bwm_tools]# iptables -L -n -v -t mangle
>>Chain PREROUTING (policy ACCEPT 327K packets, 45M bytes)
>>pkts bytes target     prot opt in     out     source               
>>destination
>>
>>Chain INPUT (policy ACCEPT 10826 packets, 1463K bytes)
>>pkts bytes target     prot opt in     out     source               
>>destination
>>
>>Chain FORWARD (policy ACCEPT 47 packets, 2163 bytes)
>>pkts bytes target     prot opt in     out     source               
>>destination
>>    0     0 MARK       tcp  --  *      *       0.0.0.0/0            
>>0.0.0.0/0          tcp dpt:80 MARK set 0x64
>>    0     0 MARK       tcp  --  *      *       0.0.0.0/0            
>>0.0.0.0/0          tcp dpt:443 MARK set 0x64
>>    0     0 MARK       tcp  --  *      *       0.0.0.0/0            
>>192.168.0.0/16     tcp dpt:80 MARK set 0x64
>>   10   471 MARK       tcp  --  *      *       0.0.0.0/0            
>>0.0.0.0/0          tcp dpt:21 MARK set 0x65
>>    0     0 MARK       udp  --  *      *       0.0.0.0/0            
>>0.0.0.0/0          udp dpt:53 MARK set 0x66
>>    4   336 MARK       icmp --  *      *       0.0.0.0/0            
>>0.0.0.0/0          MARK set 0x66
>>   10   471 MARK       tcp  --  *      *       0.0.0.0/0            
>>192.168.0.0/16     tcp dpt:21 MARK set 0x67
>>
>>Chain OUTPUT (policy ACCEPT 2500 packets, 341K bytes)
>>pkts bytes target     prot opt in     out     source               
>>destination
>>
>>Chain POSTROUTING (policy ACCEPT 66605 packets, 9144K bytes)
>>pkts bytes target     prot opt in     out     source               
>>destination
>>
>>
>>
>>
>>My problem is; when I fire bwmd and thereafter run bwm_monitor, the 
>>monitor does display some counters , but I see no traffic limiting. For 
>>example, if I limit ftp traffic to 8kb, it makes no effect. And strangely, 
>>ftp counters arent updated.
>>
>>Please help!!!
>>
>>
>>Vishal Singh
>>
>>
>>
>>Vishal Singh
>>
>>
>>
>>
>>-------------------------------------------------------
>>This SF.Net email is sponsored by Yahoo.
>>Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
>>Search APIs Find out how you can build Yahoo! directly into your own
>>Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
>>_______________________________________________
>>bwm-tools-tech mailing list
>>bwm...@li...
>>https://lists.sourceforge.net/lists/listinfo/bwm-tools-tech
>>
>

Re: [bwm-tools-tech] bwm tools traffic shaping issue

[Giang Hu <fre...@gm...>]

Hi Vishal,

bwmd take traffic limiting effect only if traffic target is *QUEUE*. As 
your status:

Chain bwmd (3 references)
pkts bytes target     prot opt in     out     source               
destination
  14   807 QUEUE      all  --  *      *       0.0.0.0/0            
0.0.0.0/0          MARK match !0x0
5136  703K ACCEPT     all  --  *      *       0.0.0.0/0            
0.0.0.0/0

Only small *FORWARD* traffic go through *QUEUE *when all others jump to 
ACCEPT (did you downloaded from gateway? Set */nfmark/* for *INPUT* chain?)

Just a though, good luck
Giang Hu.

vishal singh wrote:

> Hi Nigel
>
> In brief, let me first describe what I am trying to do:
>
> I have configured one Linux Box, 192.168.1.69 as a router and 
> installed bwm tools. This has the default gateway of 192.168.1.114
>
> Also, I have configured another Linux Box, 192.168.1.163 and made the 
> previous box as its default gateway. So anything that not on the local 
> net, goes to 192.168.1.69.
>
> This is my bwm firewall file:
>
>
> <firewall>
> <global>
>     <modules>
>         <load name="ip_queue"/>
>         <load name="ip_conntrack_ftp"/>
>         <load name="ip_nat_ftp"/>
>         </modules>
>
>
> #Classes
>
>         <class name= "http_public_traffic_inout">
> <address name="http_inout"  proto="tcp" dst-port="80"/>
> </class>
>
>
> <class name= "https_public_traffic_inout">
> <address name="https_inout"  proto="tcp" dst-port="443"/>
> </class>
>
>
> <class name= "ftp_public_traffic_inout">
> <address name="ftp_inout"  proto="tcp" dst-port="21"/>
> </class>
>
>
>
> <class name= "DNS_traffic_inout">
> <address name="DNS_inout"  proto="udp" dst-port="53"/>
> </class>
>
>
> <class name= "icmp_traffic_inout">
> <address name="icmp_inout" proto="icmp" />
> </class>
>
>
>
>
>
>
> <class name= "http_private_traffic_inout">
> <address name="http_inout" dst="192.168.0.0/16"  proto="tcp" 
> dst-port="80"/>
> </class>
>
> <class name= "ftp_private_traffic_inout">
> <address name="ftp_inout" dst="192.168.0.0/16"  proto="tcp" 
> dst-port="21"/>
> </class>
>
>
> <class name= "telnet_private_traffic_inout">
> <address name="telnet_inout" dst="192.168.0.0/16"  proto="tcp" 
> dst-port="23"/>
> </class>
>
>
> <class name= "ssh_private_traffic_inout">
> <address name="ssh_inout" dst="192.168.0.0/16"  proto="tcp" 
> dst-port="22"/>
> </class>
>
>
> <class name= "smtp_private_traffic_inout">
> <address name="http_inout" src="192.168.1.112"  proto="tcp" 
> dst-port="25"/>
> </class>
>
>
> <class name= "pop3_private_traffic_inout">
> <address name="pop3_inout" src="192.168.1.112" dst="63.80.142.98"  
> proto="tcp" dst-port="110"/>
> </class>
>
>
>
>
> <class name= "icmp_private_traffic_inout">
> <address name="icmp_inout" dst="192.168.0.0/16" proto="icmp" />
> </class>
>
>
>
>
>
>
> <class name= "http_private_traffic_outin">
> <address name="http_outin" dst="192.168.0.0/16"  proto="tcp" 
> dst-port="80" />
> </class>
>
> <class name= "ftp_private_traffic_outin">
> <address name="ftp_outin" dst="192.168.0.0/16"  proto="tcp" 
> dst-port="21"/>
> </class>
>
>
> <class name= "telnet_private_traffic_outin">
> <address name="telnet_outin" dst="192.168.0.0/16"  proto="tcp" 
> dst-port="23"/>
> </class>
>
>
> <class name= "ssh_private_traffic_outin">
> <address name="ssh_outin" dst="192.168.0.0/16"  proto="tcp" 
> dst-port="22"/>
> </class>
>
>
> <class name= "icmp_private_traffic_outin">
> <address name="icmp_outin" proto="icmp" />
> </class>
>
>
>
>
> <class name= "snmp_private_traffic">
> <address name="snmpprivate" proto="tcp" dst-port="161"/>
> </class>
> </global>
>
> <acl>
>     <table name="filter">
>     <chain name="INPUT">
>     <rule target="bwmd">
>     </rule>
>     </chain>
>     <chain name="OUTPUT">
>     <rule target="bwmd">
>     </rule>
>     </chain>
>     <chain name="FORWARD">
>     <rule target="bwmd">
>     </rule>
>     </chain>
>     </table>
> </acl>
>
>
> <traffic>
>     <flow name="total_in" max-rate="64000" report-timeout="60">
>     <flow name="http_https_public" max-rate="16000" 
> burst-rate="120000" nfmark="100">
>     http_public_traffic_inout
>     https_public_traffic_inout
>     http_private_traffic_inout
>     </flow>
>     <flow name="ftp_public" max-rate="16000" burst-rate="64000" 
> nfmark="101">
>     ftp_public_traffic_inout
>     </flow>
>     <flow name="dns_icmp_public" max-rate="4000" burst-rate="4500" 
> nfmark="102">
>     DNS_traffic_inout
>     icmp_private_traffic_outin
>     </flow>
>     <flow name="ftp_private" max-rate="128000" burst-rate="128000" 
> nfmark="103">
>     ftp_private_traffic_inout
>     </flow>
>     </flow>
>
>     </traffic>
>
>
> </firewall>
>
>
> This is the o/p of iptables -L -n -v
>
>
> [root@bplinux60 bwm_tools]# iptables -L -n -v
> Chain INPUT (policy ACCEPT 64100 packets, 8753K bytes)
> pkts bytes target     prot opt in     out     source               
> destination
> 8701 1178K bwmd       all  --  *      *       0.0.0.0/0            
> 0.0.0.0/0
>
> Chain FORWARD (policy ACCEPT 41 packets, 1772 bytes)
> pkts bytes target     prot opt in     out     source               
> destination
>   47  2163 bwmd       all  --  *      *       0.0.0.0/0            
> 0.0.0.0/0
>
> Chain OUTPUT (policy ACCEPT 37501 packets, 5413K bytes)
> pkts bytes target     prot opt in     out     source               
> destination
>  270 28205 bwmd       all  --  *      *       0.0.0.0/0            
> 0.0.0.0/0
>
> Chain bwmd (3 references)
> pkts bytes target     prot opt in     out     source               
> destination
>   14   807 QUEUE      all  --  *      *       0.0.0.0/0            
> 0.0.0.0/0          MARK match !0x0
> 5136  703K ACCEPT     all  --  *      *       0.0.0.0/0            
> 0.0.0.0/0
>
>
>
> And this the o/p of iptables -L -n -v -t mangle
>
> [root@bplinux60 bwm_tools]# iptables -L -n -v -t mangle
> Chain PREROUTING (policy ACCEPT 327K packets, 45M bytes)
> pkts bytes target     prot opt in     out     source               
> destination
>
> Chain INPUT (policy ACCEPT 10826 packets, 1463K bytes)
> pkts bytes target     prot opt in     out     source               
> destination
>
> Chain FORWARD (policy ACCEPT 47 packets, 2163 bytes)
> pkts bytes target     prot opt in     out     source               
> destination
>    0     0 MARK       tcp  --  *      *       0.0.0.0/0            
> 0.0.0.0/0          tcp dpt:80 MARK set 0x64
>    0     0 MARK       tcp  --  *      *       0.0.0.0/0            
> 0.0.0.0/0          tcp dpt:443 MARK set 0x64
>    0     0 MARK       tcp  --  *      *       0.0.0.0/0            
> 192.168.0.0/16     tcp dpt:80 MARK set 0x64
>   10   471 MARK       tcp  --  *      *       0.0.0.0/0            
> 0.0.0.0/0          tcp dpt:21 MARK set 0x65
>    0     0 MARK       udp  --  *      *       0.0.0.0/0            
> 0.0.0.0/0          udp dpt:53 MARK set 0x66
>    4   336 MARK       icmp --  *      *       0.0.0.0/0            
> 0.0.0.0/0          MARK set 0x66
>   10   471 MARK       tcp  --  *      *       0.0.0.0/0            
> 192.168.0.0/16     tcp dpt:21 MARK set 0x67
>
> Chain OUTPUT (policy ACCEPT 2500 packets, 341K bytes)
> pkts bytes target     prot opt in     out     source               
> destination
>
> Chain POSTROUTING (policy ACCEPT 66605 packets, 9144K bytes)
> pkts bytes target     prot opt in     out     source               
> destination
>
>
>
>
> My problem is; when I fire bwmd and thereafter run bwm_monitor, the 
> monitor does display some counters , but I see no traffic limiting. 
> For example, if I limit ftp traffic to 8kb, it makes no effect. And 
> strangely, ftp counters arent updated.
>
> Please help!!!
>
>
> Vishal Singh
>
>
>
> Vishal Singh
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by Yahoo.
> Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
> Search APIs Find out how you can build Yahoo! directly into your own
> Applications - visit 
> http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
> _______________________________________________
> bwm-tools-tech mailing list
> bwm...@li...
> https://lists.sourceforge.net/lists/listinfo/bwm-tools-tech
>

Re: [bwm-tools-tech] bwm tools traffic shaping issue

[Kobe L. <ko...@mo...>]

Hi,

    This all looks perfect. Execpt you'r wrongly marking FTP traffiic.
    FTP Data traffic is NOT going over port 21, but over port 20 (if 
using active mode) or over some other portrange the server descides 
(usually somthing in the high port ranges 50.000+).

    Try to limit HTTP traffic (port 80) and download a huge file from 
somewhere, you'll see it work.

Greetz
Kobe

vishal singh wrote:

> Hi Nigel
>
> In brief, let me first describe what I am trying to do:
>
> I have configured one Linux Box, 192.168.1.69 as a router and 
> installed bwm tools. This has the default gateway of 192.168.1.114
>
> Also, I have configured another Linux Box, 192.168.1.163 and made the 
> previous box as its default gateway. So anything that not on the local 
> net, goes to 192.168.1.69.
>
> This is my bwm firewall file:
>
>
> <firewall>
> <global>
>     <modules>
>         <load name="ip_queue"/>
>         <load name="ip_conntrack_ftp"/>
>         <load name="ip_nat_ftp"/>
>         </modules>
>
>
> #Classes
>
>         <class name= "http_public_traffic_inout">
> <address name="http_inout"  proto="tcp" dst-port="80"/>
> </class>
>
>
> <class name= "https_public_traffic_inout">
> <address name="https_inout"  proto="tcp" dst-port="443"/>
> </class>
>
>
> <class name= "ftp_public_traffic_inout">
> <address name="ftp_inout"  proto="tcp" dst-port="21"/>
> </class>
>
>
>
> <class name= "DNS_traffic_inout">
> <address name="DNS_inout"  proto="udp" dst-port="53"/>
> </class>
>
>
> <class name= "icmp_traffic_inout">
> <address name="icmp_inout" proto="icmp" />
> </class>
>
>
>
>
>
>
> <class name= "http_private_traffic_inout">
> <address name="http_inout" dst="192.168.0.0/16"  proto="tcp" 
> dst-port="80"/>
> </class>
>
> <class name= "ftp_private_traffic_inout">
> <address name="ftp_inout" dst="192.168.0.0/16"  proto="tcp" 
> dst-port="21"/>
> </class>
>
>
> <class name= "telnet_private_traffic_inout">
> <address name="telnet_inout" dst="192.168.0.0/16"  proto="tcp" 
> dst-port="23"/>
> </class>
>
>
> <class name= "ssh_private_traffic_inout">
> <address name="ssh_inout" dst="192.168.0.0/16"  proto="tcp" 
> dst-port="22"/>
> </class>
>
>
> <class name= "smtp_private_traffic_inout">
> <address name="http_inout" src="192.168.1.112"  proto="tcp" 
> dst-port="25"/>
> </class>
>
>
> <class name= "pop3_private_traffic_inout">
> <address name="pop3_inout" src="192.168.1.112" dst="63.80.142.98"  
> proto="tcp" dst-port="110"/>
> </class>
>
>
>
>
> <class name= "icmp_private_traffic_inout">
> <address name="icmp_inout" dst="192.168.0.0/16" proto="icmp" />
> </class>
>
>
>
>
>
>
> <class name= "http_private_traffic_outin">
> <address name="http_outin" dst="192.168.0.0/16"  proto="tcp" 
> dst-port="80" />
> </class>
>
> <class name= "ftp_private_traffic_outin">
> <address name="ftp_outin" dst="192.168.0.0/16"  proto="tcp" 
> dst-port="21"/>
> </class>
>
>
> <class name= "telnet_private_traffic_outin">
> <address name="telnet_outin" dst="192.168.0.0/16"  proto="tcp" 
> dst-port="23"/>
> </class>
>
>
> <class name= "ssh_private_traffic_outin">
> <address name="ssh_outin" dst="192.168.0.0/16"  proto="tcp" 
> dst-port="22"/>
> </class>
>
>
> <class name= "icmp_private_traffic_outin">
> <address name="icmp_outin" proto="icmp" />
> </class>
>
>
>
>
> <class name= "snmp_private_traffic">
> <address name="snmpprivate" proto="tcp" dst-port="161"/>
> </class>
> </global>
>
> <acl>
>     <table name="filter">
>     <chain name="INPUT">
>     <rule target="bwmd">
>     </rule>
>     </chain>
>     <chain name="OUTPUT">
>     <rule target="bwmd">
>     </rule>
>     </chain>
>     <chain name="FORWARD">
>     <rule target="bwmd">
>     </rule>
>     </chain>
>     </table>
> </acl>
>
>
> <traffic>
>     <flow name="total_in" max-rate="64000" report-timeout="60">
>     <flow name="http_https_public" max-rate="16000" 
> burst-rate="120000" nfmark="100">
>     http_public_traffic_inout
>     https_public_traffic_inout
>     http_private_traffic_inout
>     </flow>
>     <flow name="ftp_public" max-rate="16000" burst-rate="64000" 
> nfmark="101">
>     ftp_public_traffic_inout
>     </flow>
>     <flow name="dns_icmp_public" max-rate="4000" burst-rate="4500" 
> nfmark="102">
>     DNS_traffic_inout
>     icmp_private_traffic_outin
>     </flow>
>     <flow name="ftp_private" max-rate="128000" burst-rate="128000" 
> nfmark="103">
>     ftp_private_traffic_inout
>     </flow>
>     </flow>
>
>     </traffic>
>
>
> </firewall>
>
>
> This is the o/p of iptables -L -n -v
>
>
> [root@bplinux60 bwm_tools]# iptables -L -n -v
> Chain INPUT (policy ACCEPT 64100 packets, 8753K bytes)
> pkts bytes target     prot opt in     out     source               
> destination
> 8701 1178K bwmd       all  --  *      *       0.0.0.0/0            
> 0.0.0.0/0
>
> Chain FORWARD (policy ACCEPT 41 packets, 1772 bytes)
> pkts bytes target     prot opt in     out     source               
> destination
>   47  2163 bwmd       all  --  *      *       0.0.0.0/0            
> 0.0.0.0/0
>
> Chain OUTPUT (policy ACCEPT 37501 packets, 5413K bytes)
> pkts bytes target     prot opt in     out     source               
> destination
>  270 28205 bwmd       all  --  *      *       0.0.0.0/0            
> 0.0.0.0/0
>
> Chain bwmd (3 references)
> pkts bytes target     prot opt in     out     source               
> destination
>   14   807 QUEUE      all  --  *      *       0.0.0.0/0            
> 0.0.0.0/0          MARK match !0x0
> 5136  703K ACCEPT     all  --  *      *       0.0.0.0/0            
> 0.0.0.0/0
>
>
>
> And this the o/p of iptables -L -n -v -t mangle
>
> [root@bplinux60 bwm_tools]# iptables -L -n -v -t mangle
> Chain PREROUTING (policy ACCEPT 327K packets, 45M bytes)
> pkts bytes target     prot opt in     out     source               
> destination
>
> Chain INPUT (policy ACCEPT 10826 packets, 1463K bytes)
> pkts bytes target     prot opt in     out     source               
> destination
>
> Chain FORWARD (policy ACCEPT 47 packets, 2163 bytes)
> pkts bytes target     prot opt in     out     source               
> destination
>    0     0 MARK       tcp  --  *      *       0.0.0.0/0            
> 0.0.0.0/0          tcp dpt:80 MARK set 0x64
>    0     0 MARK       tcp  --  *      *       0.0.0.0/0            
> 0.0.0.0/0          tcp dpt:443 MARK set 0x64
>    0     0 MARK       tcp  --  *      *       0.0.0.0/0            
> 192.168.0.0/16     tcp dpt:80 MARK set 0x64
>   10   471 MARK       tcp  --  *      *       0.0.0.0/0            
> 0.0.0.0/0          tcp dpt:21 MARK set 0x65
>    0     0 MARK       udp  --  *      *       0.0.0.0/0            
> 0.0.0.0/0          udp dpt:53 MARK set 0x66
>    4   336 MARK       icmp --  *      *       0.0.0.0/0            
> 0.0.0.0/0          MARK set 0x66
>   10   471 MARK       tcp  --  *      *       0.0.0.0/0            
> 192.168.0.0/16     tcp dpt:21 MARK set 0x67
>
> Chain OUTPUT (policy ACCEPT 2500 packets, 341K bytes)
> pkts bytes target     prot opt in     out     source               
> destination
>
> Chain POSTROUTING (policy ACCEPT 66605 packets, 9144K bytes)
> pkts bytes target     prot opt in     out     source               
> destination
>
>
>
>
> My problem is; when I fire bwmd and thereafter run bwm_monitor, the 
> monitor does display some counters , but I see no traffic limiting. 
> For example, if I limit ftp traffic to 8kb, it makes no effect. And 
> strangely, ftp counters arent updated.
>
> Please help!!!
>
>
> Vishal Singh
>
>
>
> Vishal Singh
>
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by Yahoo.
> Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
> Search APIs Find out how you can build Yahoo! directly into your own
> Applications - visit 
> http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
> _______________________________________________
> bwm-tools-tech mailing list
> bwm...@li...
> https://lists.sourceforge.net/lists/listinfo/bwm-tools-tech
>
>

[bwm-tools-tech] bwm tools traffic shaping issue

[vishal s. <vis...@ho...>]

Hi Nigel

In brief, let me first describe what I am trying to do:

I have configured one Linux Box, 192.168.1.69 as a router and installed bwm 
tools. This has the default gateway of 192.168.1.114

Also, I have configured another Linux Box, 192.168.1.163 and made the 
previous box as its default gateway. So anything that not on the local net, 
goes to 192.168.1.69.

This is my bwm firewall file:


<firewall>
<global>
	<modules>
		<load name="ip_queue"/>
		<load name="ip_conntrack_ftp"/>
		<load name="ip_nat_ftp"/>
		</modules>


#Classes

		<class name= "http_public_traffic_inout">
<address name="http_inout"  proto="tcp" dst-port="80"/>
</class>


<class name= "https_public_traffic_inout">
<address name="https_inout"  proto="tcp" dst-port="443"/>
</class>


<class name= "ftp_public_traffic_inout">
<address name="ftp_inout"  proto="tcp" dst-port="21"/>
</class>



<class name= "DNS_traffic_inout">
<address name="DNS_inout"  proto="udp" dst-port="53"/>
</class>


<class name= "icmp_traffic_inout">
<address name="icmp_inout" proto="icmp" />
</class>






<class name= "http_private_traffic_inout">
<address name="http_inout" dst="192.168.0.0/16"  proto="tcp" dst-port="80"/>
</class>

<class name= "ftp_private_traffic_inout">
<address name="ftp_inout" dst="192.168.0.0/16"  proto="tcp" dst-port="21"/>
</class>


<class name= "telnet_private_traffic_inout">
<address name="telnet_inout" dst="192.168.0.0/16"  proto="tcp" 
dst-port="23"/>
</class>


<class name= "ssh_private_traffic_inout">
<address name="ssh_inout" dst="192.168.0.0/16"  proto="tcp" dst-port="22"/>
</class>


<class name= "smtp_private_traffic_inout">
<address name="http_inout" src="192.168.1.112"  proto="tcp" dst-port="25"/>
</class>


<class name= "pop3_private_traffic_inout">
<address name="pop3_inout" src="192.168.1.112" dst="63.80.142.98"  
proto="tcp" dst-port="110"/>
</class>




<class name= "icmp_private_traffic_inout">
<address name="icmp_inout" dst="192.168.0.0/16" proto="icmp" />
</class>






<class name= "http_private_traffic_outin">
<address name="http_outin" dst="192.168.0.0/16"  proto="tcp" dst-port="80" 
/>
</class>

<class name= "ftp_private_traffic_outin">
<address name="ftp_outin" dst="192.168.0.0/16"  proto="tcp" dst-port="21"/>
</class>


<class name= "telnet_private_traffic_outin">
<address name="telnet_outin" dst="192.168.0.0/16"  proto="tcp" 
dst-port="23"/>
</class>


<class name= "ssh_private_traffic_outin">
<address name="ssh_outin" dst="192.168.0.0/16"  proto="tcp" dst-port="22"/>
</class>


<class name= "icmp_private_traffic_outin">
<address name="icmp_outin" proto="icmp" />
</class>




<class name= "snmp_private_traffic">
<address name="snmpprivate" proto="tcp" dst-port="161"/>
</class>
</global>

<acl>
	<table name="filter">
	<chain name="INPUT">
	<rule target="bwmd">
	</rule>
	</chain>
	<chain name="OUTPUT">
	<rule target="bwmd">
	</rule>
	</chain>
	<chain name="FORWARD">
	<rule target="bwmd">
	</rule>
	</chain>
	</table>
</acl>


<traffic>
	<flow name="total_in" max-rate="64000" report-timeout="60">
	<flow name="http_https_public" max-rate="16000" burst-rate="120000" 
nfmark="100">
	http_public_traffic_inout
	https_public_traffic_inout
	http_private_traffic_inout
	</flow>
	<flow name="ftp_public" max-rate="16000" burst-rate="64000" nfmark="101">
	ftp_public_traffic_inout
	</flow>
	<flow name="dns_icmp_public" max-rate="4000" burst-rate="4500" 
nfmark="102">
	DNS_traffic_inout
	icmp_private_traffic_outin
	</flow>
	<flow name="ftp_private" max-rate="128000" burst-rate="128000" 
nfmark="103">
	ftp_private_traffic_inout
	</flow>
	</flow>

	</traffic>


</firewall>


This is the o/p of iptables -L -n -v


[root@bplinux60 bwm_tools]# iptables -L -n -v
Chain INPUT (policy ACCEPT 64100 packets, 8753K bytes)
pkts bytes target     prot opt in     out     source               
destination
8701 1178K bwmd       all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT 41 packets, 1772 bytes)
pkts bytes target     prot opt in     out     source               
destination
   47  2163 bwmd       all  --  *      *       0.0.0.0/0            
0.0.0.0/0

Chain OUTPUT (policy ACCEPT 37501 packets, 5413K bytes)
pkts bytes target     prot opt in     out     source               
destination
  270 28205 bwmd       all  --  *      *       0.0.0.0/0            
0.0.0.0/0

Chain bwmd (3 references)
pkts bytes target     prot opt in     out     source               
destination
   14   807 QUEUE      all  --  *      *       0.0.0.0/0            
0.0.0.0/0          MARK match !0x0
5136  703K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0



And this the o/p of iptables -L -n -v -t mangle

[root@bplinux60 bwm_tools]# iptables -L -n -v -t mangle
Chain PREROUTING (policy ACCEPT 327K packets, 45M bytes)
pkts bytes target     prot opt in     out     source               
destination

Chain INPUT (policy ACCEPT 10826 packets, 1463K bytes)
pkts bytes target     prot opt in     out     source               
destination

Chain FORWARD (policy ACCEPT 47 packets, 2163 bytes)
pkts bytes target     prot opt in     out     source               
destination
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0          tcp dpt:80 MARK set 0x64
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0          tcp dpt:443 MARK set 0x64
    0     0 MARK       tcp  --  *      *       0.0.0.0/0            
192.168.0.0/16     tcp dpt:80 MARK set 0x64
   10   471 MARK       tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0          tcp dpt:21 MARK set 0x65
    0     0 MARK       udp  --  *      *       0.0.0.0/0            
0.0.0.0/0          udp dpt:53 MARK set 0x66
    4   336 MARK       icmp --  *      *       0.0.0.0/0            
0.0.0.0/0          MARK set 0x66
   10   471 MARK       tcp  --  *      *       0.0.0.0/0            
192.168.0.0/16     tcp dpt:21 MARK set 0x67

Chain OUTPUT (policy ACCEPT 2500 packets, 341K bytes)
pkts bytes target     prot opt in     out     source               
destination

Chain POSTROUTING (policy ACCEPT 66605 packets, 9144K bytes)
pkts bytes target     prot opt in     out     source               
destination




My problem is; when I fire bwmd and thereafter run bwm_monitor, the monitor 
does display some counters , but I see no traffic limiting. For example, if 
I limit ftp traffic to 8kb, it makes no effect. And strangely, ftp counters 
arent updated.

Please help!!!


Vishal Singh



Vishal Singh

Re: [bwm-tools-tech] Can't find the error

[Nigel K. <nk...@lb...>]

sorry if i didn't read your email fully (heavy work load atm, 6hr
response time... heh), is this a standalone box or a firewall with 2
network cards?

if its a firewall with 2 ethernet cards, the -j QUEUE must be in the
FORWARD chains, if its a standalone box you must have -j QUEUE in the
INPUT and OUTPUT chains... the same changes go for the marking, but this
in the mangle table.


-Nigel

Darren Cassar wrote:

> Hello,
>
>
>
> If anyone of you guys/gals (if any) could spare some time and show me
> where I am wrong, please do so. I have setup bwm tools and am trying
> to manage bandwidth used by two pcs behind the router. The router is a
> pc - Suse 9.1, 2 interfaces ...
>
>
>
> I will describe step by step what I am doing and what I would like to
> do. I don't want BWM to do firewalling, I need it only to manage
> bandwidth.
>
> I am downloading files from an web page using download accelerator at
> a constant speed of about 320KBps - it won't decrease!
>
>
>
> Using IPTABLES           */- iptables -A INPUT -m mark ! -mark 0 -j
> QUEUE/*
>
> n       */iptables -t mangle -A FORWARD -p TCP -s 172.17.100.4 -j MARK
> --set-mark 1001/*
>
> n       */iptables -t mangle -A FORWARD -p TCP -s 172.17.100.3 --dport
> 80 -j MARK --set-mark 1002/*
>
> n       */iptables -t mangle -A FORWARD -p TCP -s 172.17.100.3 --dport
> 22 -j MARK --set-mark 1003/*
>
>
>
> after executing the above commands, I made sure they were ok using
> iptables -L -n -v -t mangle
>
> from the following it seems doing fine!
>
>
>
> */xejku2:/opt/lampp/htdocs/wt # iptables -L -n -v -t mangle/*
>
> */Chain PREROUTING (policy ACCEPT 988K packets, 850M bytes)/*
>
> */ pkts bytes target     prot opt in     out     source
>           destination/*
>
> */ /*
>
> */Chain INPUT (policy ACCEPT 28902 packets, 2858K bytes)/*
>
> */ pkts bytes target     prot opt in     out     source
> destination/*
>
> */ /*
>
> */Chain FORWARD (policy ACCEPT 958K packets, 847M bytes)/*
>
> */ pkts bytes target     prot opt in     out     source
> destination/*
>
> */ 404K   17M MARK       tcp  --  *      *       172.17.100.4
> 0.0.0.0/0           MARK set 0x3e9/*
>
> */  216  9925 MARK       tcp  --  *      *       172.17.100.3
> 0.0.0.0/0           tcp dpt:80 MARK set 0x3ea/*
>
> */    0     0 MARK       tcp  --  *      *       172.17.100.3
> 0.0.0.0/0           tcp dpt:22 MARK set 0x3eb/*
>
> */ /*
>
> */Chain OUTPUT (policy ACCEPT 20674 packets, 3028K bytes)/*
>
> */ pkts bytes target     prot opt in     out     source
> destination/*
>
> */ /*
>
> */Chain POSTROUTING (policy ACCEPT 978K packets, 850M bytes)/*
>
> */ pkts bytes target     prot opt in     out     source
> destination/**//*
>
>
>
> Then, using command /path/to/bwmd -c file.xml -f --- file.xml being
> attatched below, I get an output, which I am interpreting as a good
> sign ******
>
>
>
> <firewall>
>
>    <global>
>
>        <modules>
>
>           <load name="ip_queue"/>
>
>        </modules>
>
>        <class name="all_out">
>
>           <address name="c_all_out"/>
>
>        </class>
>
>    </global>
>
>
>
>    #Traffic flows
>
>    <traffic>
>
>       <flow name="darren1" max-rate="1000" report-timeout="40"> <queue
> prio="99" nfmark="1001"> all_out; </queue> </flow>
>
>       <flow name="darren2" max-rate="1000" report-timeout="40"> <queue
> prio="50" nfmark="1002"> all_out; </queue> </flow>
>
>       <flow name="darren3" max-rate="1000" report-timeout="90"> <queue
> prio="75" nfmark="1003"> all_out; </queue> </flow>
>
>    </traffic>
>
> </firewall>
>
>
>
> ****** (the output mentioned above is shown here)
>
> */xejku2:/opt/lampp/htdocs/wt # /programs/bwm_tools-0.2.1/bwmd/bwmd -c
> darren.xml -f/*
>
> */BWM Daemon v0.2.1 - Copyright (c) 2003-2005 Linux Based Systems Design/*
>
> */ /*
>
> */BWMD: Loaded 3 flows and 3 queues/*
>
> */BWMD: Found 1 modules to load/*
>
> */Loading ip_queue...done/*
>
> */IPQ runner started.../*
>
> */Flow runner started.../*
>
> */Stat thread started.../*
>
> */Report runner started.../*
>
>
>
> Please, if anyone is noticing some gross mistake tell me, cos I cannot
> understand where I am wrong!
>
>
>
> Thanks to everyone,
>
>
>
>
>
> Darren Cassar
>
>
>
> Email ad...@da... <mailto:ad...@da...>
>
> URL www.darrencassar.com <http://www.darrencassar.com>
>

--
Nigel Kukard, PhD CompSc
(Chief Executive Officer)
Linux Based Systems Design
Web: www.lbsd.net          Email: nk...@lb...
Tel: (+27) 023 349 8000     Cell: (+27) 082 333 3723
Fax: (+27) 023 349 1395  Support: 086 747 7600
Address: LIGT House, 2 Klipdrift Rd, Rawsonville
Linux Systems Design & Technology Solutions


   The best language to use is the language that was designed for
                  what you want to use it for.


=====================================================================

Disclaimer
----------
The contents of this message and any attachments are intended
solely for the addressee's use and may be legally privileged and/or
confidential information. This message may not be retained,
distributed, copied or used if you are not he addressee of this
message. If this message was sent to you in error, please notify
the sender immediately by reply e-mail and then destroy the message
and any copies thereof.

Opinions, conclusions and other information in this message may be
personal to the sender and is not that of Linux Based Systems Design,
LinuxRulz or any of it's subsideries, associated companies or
principals and is therefore not endorsed by Linux Based Systems
Design or LinuxRulz. Due to e-maill communication being insecure,
Linux Based Systems Design and LinuxRulz do not guarantee
confidentiality, security, accuracy or performance of the e-mail.
Any liability for viruses is excluded to the fullest extent.

Re: [bwm-tools-tech] Compile Error

[Nigel K. <nk...@lb...>]

Ok,

First error first..... the "No such file or directory" errors below, you
need to install the ncurses-devel package.

I'll check if I listed it in the bwm tools requirements, if not, I'll
add it.


Regards
Nigel

Andrew Niemantsverdriet wrote:

>Ok well I was able to get around that error by installing
>rrdtool-devel from an RPM. And going to the development release.
>
>Here is now what I get when I issue a "make" command:
>
>creating bwmd
>make[2]: Leaving directory `/root/bwm_tools-200505041033/bwmd'
>Making all in bwm_monitor
>make[2]: Entering directory `/root/bwm_tools-200505041033/bwm_monitor'
>if gcc -DHAVE_CONFIG_H -I. -I. -I..    -I../include -pthread
>-I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include
>-I/usr/include/libxml2  -g -O2 -MT bwm_monitor-bwm_monitor.o -MD -MP
>-MF ".deps/bwm_monitor-bwm_monitor.Tpo" -c -o
>bwm_monitor-bwm_monitor.o `test -f 'bwm_monitor.c' || echo
>'./'`bwm_monitor.c; \
>then mv -f ".deps/bwm_monitor-bwm_monitor.Tpo"
>".deps/bwm_monitor-bwm_monitor.Po"; else rm -f
>".deps/bwm_monitor-bwm_monitor.Tpo"; exit 1; fi
>bwm_monitor.c:25:20: curses.h: No such file or directory
>bwm_monitor.c:27:19: panel.h: No such file or directory
>bwm_monitor.c:28:18: menu.h: No such file or directory
>bwm_monitor.c:34:18: term.h: No such file or directory
>In file included from bwm_monitor.c:38:
>display.h:32: error: syntax error before '*' token
>display.h:34: error: syntax error before '*' token
>display.h:34: warning: data definition has no type or storage class
>display.h:36: error: syntax error before '*' token
>display.h:36: warning: data definition has no type or storage class
>display.h:38: error: syntax error before '*' token
>display.h:40: error: syntax error before '*' token
>display.h:44: error: syntax error before "outs"
>display.h:44: warning: data definition has no type or storage class
>bwm_monitor.c:51: error: syntax error before '*' token
>bwm_monitor.c: In function `updateWindow':
>bwm_monitor.c:60: error: `flowName' undeclared (first use in this function)
>bwm_monitor.c:60: error: (Each undeclared identifier is reported only once
>bwm_monitor.c:60: error: for each function it appears in.)
>bwm_monitor.c:61: error: `serverSock' undeclared (first use in this function)
>bwm_monitor.c:74: error: `win' undeclared (first use in this function)
>bwm_monitor.c:100: error: `stderr' undeclared (first use in this function)
>bwm_monitor.c:113: error: `WA_NORMAL' undeclared (first use in this function)
>bwm_monitor.c:137: error: `ERR' undeclared (first use in this function)
>bwm_monitor.c: In function `statusWindow':
>bwm_monitor.c:154: error: `WINDOW' undeclared (first use in this function)
>bwm_monitor.c:154: error: `myWindow' undeclared (first use in this function)
>bwm_monitor.c:168: error: `WA_NORMAL' undeclared (first use in this function)
>bwm_monitor.c:168: error: `WA_UNDERLINE' undeclared (first use in this function)
>bwm_monitor.c:168: error: `WA_BOLD' undeclared (first use in this function)
>bwm_monitor.c: In function `main':
>bwm_monitor.c:210: error: `WINDOW' undeclared (first use in this function)
>bwm_monitor.c:210: error: `w_main' undeclared (first use in this function)
>bwm_monitor.c:211: error: `MENU' undeclared (first use in this function)
>bwm_monitor.c:211: error: `m_main' undeclared (first use in this function)
>bwm_monitor.c:212: error: `w_menu' undeclared (first use in this function)
>bwm_monitor.c:213: error: `ITEM' undeclared (first use in this function)
>bwm_monitor.c:213: error: `menu_items' undeclared (first use in this function)
>bwm_monitor.c:230: error: `stderr' undeclared (first use in this function)
>bwm_monitor.c:284: error: `stdscr' undeclared (first use in this function)
>bwm_monitor.c:289: error: `cursor_invisible' undeclared (first use in
>this function)
>bwm_monitor.c:297: error: `COLOR_BLUE' undeclared (first use in this function)
>bwm_monitor.c:297: error: `COLOR_BLACK' undeclared (first use in this function)
>bwm_monitor.c:298: error: `COLOR_WHITE' undeclared (first use in this function)
>bwm_monitor.c:299: error: `COLOR_GREEN' undeclared (first use in this function)
>bwm_monitor.c:301: error: `COLOR_YELLOW' undeclared (first use in this function)
>bwm_monitor.c:331: error: syntax error before ')' token
>bwm_monitor.c:359: error: `WA_NORMAL' undeclared (first use in this function)
>bwm_monitor.c:359: error: `WA_BOLD' undeclared (first use in this function)
>bwm_monitor.c:371: error: `E_UNKNOWN_COMMAND' undeclared (first use in
>this function)
>bwm_monitor.c:373: error: `E_REQUEST_DENIED' undeclared (first use in
>this function)
>make[2]: *** [bwm_monitor-bwm_monitor.o] Error 1
>make[2]: Leaving directory `/root/bwm_tools-200505041033/bwm_monitor'
>make[1]: *** [all-recursive] Error 1
>make[1]: Leaving directory `/root/bwm_tools-200505041033'
>make: *** [all] Error 2
>
>
>Any suggestions on how to fix that?
>
>
>On 5/22/05, Nigel Kukard <nk...@lb...> wrote:
>
>
>>Hi Andrew,
>>
>>
>>The -lpng dependency isn't from bwm tools itself, its probably  from
>>rrdtool.
>>
>>Can you include more logs of the build please?
>>
>>
>>
>>Regards
>>Nigel
>>
>>Andrew Niemantsverdriet wrote:
>>
>>
>>
>>>Hi List,
>>>
>>>I am have trouble when I ran "make". I am using the latest stable
>>>version of bwm and am compiling and a fedora core 3 machine.
>>>
>>>The error is this:
>>>
>>>/usr/bin/ld: cannot find -lpng
>>>collect2: ld returned 1 exit status
>>>make[2]: *** [bwm_graph] Error1
>>>make[2]: Leaving directory '/root/bwm_tools-0.2.1/bwm_graph'
>>>make[1]: *** [all-recursive] Error 1
>>>make[1]: Leaving directory '/root/bwm_tools-0.2.1'
>>>make: ** [all] Error 2
>>>
>>>Any help on what that means or how to fix it. The mailing list
>>>archives were not any help.
>>>_
>>>/-\ ndrew
>>>
>>>
>>>
>>>
>>--
>>Nigel Kukard, PhD CompSc
>>(Chief Executive Officer)
>>Linux Based Systems Design
>>Web: www.lbsd.net          Email: nk...@lb...
>>Tel: (+27) 023 349 8000     Cell: (+27) 082 333 3723
>>Fax: (+27) 023 349 1395  Support: 086 747 7600
>>Address: LIGT House, 2 Klipdrift Rd, Rawsonville
>>Linux Systems Design & Technology Solutions
>>
>>
>>   The best language to use is the language that was designed for
>>                  what you want to use it for.
>>
>>
>>

--
Nigel Kukard, PhD CompSc
(Chief Executive Officer)
Linux Based Systems Design
Web: www.lbsd.net          Email: nk...@lb...
Tel: (+27) 023 349 8000     Cell: (+27) 082 333 3723
Fax: (+27) 023 349 1395  Support: 086 747 7600
Address: LIGT House, 2 Klipdrift Rd, Rawsonville
Linux Systems Design & Technology Solutions


   The best language to use is the language that was designed for
                  what you want to use it for.


=====================================================================

Disclaimer
----------
The contents of this message and any attachments are intended
solely for the addressee's use and may be legally privileged and/or
confidential information. This message may not be retained,
distributed, copied or used if you are not he addressee of this
message. If this message was sent to you in error, please notify
the sender immediately by reply e-mail and then destroy the message
and any copies thereof.

Opinions, conclusions and other information in this message may be
personal to the sender and is not that of Linux Based Systems Design,
LinuxRulz or any of it's subsideries, associated companies or
principals and is therefore not endorsed by Linux Based Systems
Design or LinuxRulz. Due to e-maill communication being insecure,
Linux Based Systems Design and LinuxRulz do not guarantee
confidentiality, security, accuracy or performance of the e-mail.
Any liability for viruses is excluded to the fullest extent.

[bwm-tools-tech] Can't find the error

[Darren C. <da...@da...>]

Hello,

 

If anyone of you guys/gals (if any) could spare some time and show me where
I am wrong, please do so. I have setup bwm tools and am trying to manage
bandwidth used by two pcs behind the router. The router is a pc - Suse 9.1,
2 interfaces . 

 

I will describe step by step what I am doing and what I would like to do. I
don't want BWM to do firewalling, I need it only to manage bandwidth.

I am downloading files from an web page using download accelerator at a
constant speed of about 320KBps - it won't decrease!

 

Using IPTABLES           - iptables -A INPUT -m mark ! -mark 0 -j QUEUE

*       iptables -t mangle -A FORWARD -p TCP -s 172.17.100.4 -j MARK
--set-mark 1001

*       iptables -t mangle -A FORWARD -p TCP -s 172.17.100.3 --dport 80 -j
MARK --set-mark 1002

*       iptables -t mangle -A FORWARD -p TCP -s 172.17.100.3 --dport 22 -j
MARK --set-mark 1003

 

after executing the above commands, I made sure they were ok using iptables
-L -n -v -t mangle

from the following it seems doing fine!

 

xejku2:/opt/lampp/htdocs/wt # iptables -L -n -v -t mangle

Chain PREROUTING (policy ACCEPT 988K packets, 850M bytes)

 pkts bytes target     prot opt in     out     source
destination

 

Chain INPUT (policy ACCEPT 28902 packets, 2858K bytes)

 pkts bytes target     prot opt in     out     source
destination

 

Chain FORWARD (policy ACCEPT 958K packets, 847M bytes)

 pkts bytes target     prot opt in     out     source
destination

 404K   17M MARK       tcp  --  *      *       172.17.100.4
0.0.0.0/0           MARK set 0x3e9

  216  9925 MARK       tcp  --  *      *       172.17.100.3
0.0.0.0/0           tcp dpt:80 MARK set 0x3ea

    0     0 MARK       tcp  --  *      *       172.17.100.3
0.0.0.0/0           tcp dpt:22 MARK set 0x3eb

 

Chain OUTPUT (policy ACCEPT 20674 packets, 3028K bytes)

 pkts bytes target     prot opt in     out     source
destination

 

Chain POSTROUTING (policy ACCEPT 978K packets, 850M bytes)

 pkts bytes target     prot opt in     out     source
destination

 

Then, using command /path/to/bwmd -c file.xml -f --- file.xml being
attatched below, I get an output, which I am interpreting as a good sign
******

 

<firewall>

   <global>

       <modules>

          <load name="ip_queue"/>

       </modules>

       <class name="all_out">

          <address name="c_all_out"/>

       </class>

   </global>

 

   #Traffic flows

   <traffic>

      <flow name="darren1" max-rate="1000" report-timeout="40"> <queue
prio="99" nfmark="1001"> all_out; </queue> </flow>

      <flow name="darren2" max-rate="1000" report-timeout="40"> <queue
prio="50" nfmark="1002"> all_out; </queue> </flow>

      <flow name="darren3" max-rate="1000" report-timeout="90"> <queue
prio="75" nfmark="1003"> all_out; </queue> </flow>

   </traffic>

</firewall>

 

****** (the output mentioned above is shown here)

xejku2:/opt/lampp/htdocs/wt # /programs/bwm_tools-0.2.1/bwmd/bwmd -c
darren.xml -f

BWM Daemon v0.2.1 - Copyright (c) 2003-2005 Linux Based Systems Design

 

BWMD: Loaded 3 flows and 3 queues

BWMD: Found 1 modules to load

Loading ip_queue...done

IPQ runner started...

Flow runner started...

Stat thread started...

Report runner started...

 

Please, if anyone is noticing some gross mistake tell me, cos I cannot
understand where I am wrong!

 

Thanks to everyone,

 

 

Darren Cassar

 

Email ad...@da...

URL www.darrencassar.com

Re: [bwm-tools-tech] Compile Error

[Nigel K. <nk...@lb...>]

Hi Andrew,


The -lpng dependency isn't from bwm tools itself, its probably  from
rrdtool.

Can you include more logs of the build please?



Regards
Nigel

Andrew Niemantsverdriet wrote:

>Hi List,
>
>I am have trouble when I ran "make". I am using the latest stable
>version of bwm and am compiling and a fedora core 3 machine.
>
>The error is this:
>
>/usr/bin/ld: cannot find -lpng
>collect2: ld returned 1 exit status
>make[2]: *** [bwm_graph] Error1
>make[2]: Leaving directory '/root/bwm_tools-0.2.1/bwm_graph'
>make[1]: *** [all-recursive] Error 1
>make[1]: Leaving directory '/root/bwm_tools-0.2.1'
>make: ** [all] Error 2
>
>Any help on what that means or how to fix it. The mailing list
>archives were not any help.
> _
>/-\ ndrew
>
>
>-------------------------------------------------------
>This SF.Net email is sponsored by Oracle Space Sweepstakes
>Want to be the first software developer in space?
>Enter now for the Oracle Space Sweepstakes!
>http://ads.osdn.com/?ad_idt12&alloc_id344&opÌk
>_______________________________________________
>bwm-tools-tech mailing list
>bwm...@li...
>https://lists.sourceforge.net/lists/listinfo/bwm-tools-tech
>
>

--
Nigel Kukard, PhD CompSc
(Chief Executive Officer)
Linux Based Systems Design
Web: www.lbsd.net          Email: nk...@lb...
Tel: (+27) 023 349 8000     Cell: (+27) 082 333 3723
Fax: (+27) 023 349 1395  Support: 086 747 7600
Address: LIGT House, 2 Klipdrift Rd, Rawsonville
Linux Systems Design & Technology Solutions


   The best language to use is the language that was designed for
                  what you want to use it for.


=====================================================================

Disclaimer
----------
The contents of this message and any attachments are intended
solely for the addressee's use and may be legally privileged and/or
confidential information. This message may not be retained,
distributed, copied or used if you are not he addressee of this
message. If this message was sent to you in error, please notify
the sender immediately by reply e-mail and then destroy the message
and any copies thereof.

Opinions, conclusions and other information in this message may be
personal to the sender and is not that of Linux Based Systems Design,
LinuxRulz or any of it's subsideries, associated companies or
principals and is therefore not endorsed by Linux Based Systems
Design or LinuxRulz. Due to e-maill communication being insecure,
Linux Based Systems Design and LinuxRulz do not guarantee
confidentiality, security, accuracy or performance of the e-mail.
Any liability for viruses is excluded to the fullest extent.

[bwm-tools-tech] Compile Error

[Andrew N. <and...@gm...>]

Hi List,

I am have trouble when I ran "make". I am using the latest stable
version of bwm and am compiling and a fedora core 3 machine.

The error is this:

/usr/bin/ld: cannot find -lpng
collect2: ld returned 1 exit status
make[2]: *** [bwm_graph] Error1
make[2]: Leaving directory '/root/bwm_tools-0.2.1/bwm_graph'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory '/root/bwm_tools-0.2.1'
make: ** [all] Error 2

Any help on what that means or how to fix it. The mailing list
archives were not any help.
 _
/-\ ndrew

Re: [bwm-tools-tech] Failed to ACCEPT packet

[go0ogl3 <go...@gm...>]

Maybe you have a DROP policy or some others iptables filters.  Make a
check to be sure. I'm out of ideeas for now...

go0ogl3

On 5/13/05, Victor Yeo <ye...@nd...> wrote:
> See my answers below. thanks for any reply that might help.
> =20
> victor
> =20
> Could you give us the following information plz...
>=20
> 1. Version of BWM Tools you're using
> [Vic] bwm-0.2.1
>=20
> 2. Your kernel version
> [Vic] linux-2.4.20-8custom
>=20
> 3. iptables version
> [Vic] v1.2.7.a
>=20
> 4. distribution & version
> [Vic] Redhat 9
>=20
> 5. Pasted error from BWM Tools
> [Vic] When i run bwmd in one window, and open ftp connection in another t=
o
> "192.168.1.100", bwmd gives this error continuously:
> Failed to ACCEPT packet
> Failed to ACCEPT packet
> Failed to ACCEPT packet
> .................
> =20
> More info here:
> =20
> 192.168.1.100 is a PC on the same subnet.
> =20
> i added in the iptable rules :
> =20
>          iptables -t mangle -A INPUT -s 192.168.1.100 -j MARK --set-mark =
102
>          iptables -t mangle -A INPUT -d 192.168.1.100 -j MARK --set-mark =
102
>          iptables -t filter -A INPUT -m mark ! --mark 0x0 -j QUEUE
> and a new traffic flow to firewall.xml
>=20
>                        <traffic>
>                            <flow name=3D"pc_in" max-rate=3D"64000"
> report-timeout=3D"60"
>                                    nfmark=3D"100" />
>                            <flow name=3D"pc_out" max-rate=3D"64000"
> report-timeout=3D"60"
>                                    nfmark=3D"101" />
>                            <flow name=3D"pc_new" max-rate=3D"64000"
> report-timeout=3D"60"
>                                    nfmark=3D"102" />
>=20
>                        </traffic>
>

Re: [bwm-tools-tech] Failed to ACCEPT packet

[Victor Y. <ye...@nd...>]

See my answers below. thanks for any reply that might help.

victor

  Could you give us the following information plz...

  1. Version of BWM Tools you're using
  [Vic] bwm-0.2.1

  2. Your kernel version
  [Vic] linux-2.4.20-8custom

  3. iptables version
  [Vic] v1.2.7.a

  4. distribution & version
  [Vic] Redhat 9

  5. Pasted error from BWM Tools
  [Vic] When i run bwmd in one window, and open ftp connection in =
another to "192.168.1.100", bwmd gives this error continuously:
  Failed to ACCEPT packet
  Failed to ACCEPT packet
  Failed to ACCEPT packet
  .................

  More info here:

  192.168.1.100 is a PC on the same subnet.

  i added in the iptable rules :

           iptables -t mangle -A INPUT -s 192.168.1.100 -j MARK =
--set-mark 102
           iptables -t mangle -A INPUT -d 192.168.1.100 -j MARK =
--set-mark 102
           iptables -t filter -A INPUT -m mark ! --mark 0x0 -j QUEUE

  and a new traffic flow to firewall.xml

                         <traffic>
                             <flow name=3D"pc_in" max-rate=3D"64000" =
report-timeout=3D"60"
                                     nfmark=3D"100" />
                             <flow name=3D"pc_out" max-rate=3D"64000" =
report-timeout=3D"60"
                                     nfmark=3D"101" />
                             <flow name=3D"pc_new" max-rate=3D"64000" =
report-timeout=3D"60"
                                     nfmark=3D"102" />

                         </traffic>