[bwm-tools-devel] COMMIT - r45 - trunk/doc
Brought to you by:
nkukard
Menu
▾
▴
[bwm-tools-devel] COMMIT - r45 - trunk/doc
|
From: SVN C. <sv...@li...> - 2005-01-19 13:45:05
|
Author: nkukard
Date: 2005-01-19 15:44:24 +0200 (Wed, 19 Jan 2005)
New Revision: 45
Modified:
trunk/doc/bwmtools.texi
Log:
* Small documentation update to clarify the QUEUE target in relation to the INPUT, OUTPUT and FORWARD chains
* Small update to explain that bwmd must be end target of all accepted traffic in the INPUT or FORWARD chains
Modified: trunk/doc/bwmtools.texi
===================================================================
--- trunk/doc/bwmtools.texi 2005-01-15 19:42:31 UTC (rev 44)
+++ trunk/doc/bwmtools.texi 2005-01-19 13:44:24 UTC (rev 45)
@@ -866,8 +866,7 @@
@*
@itemize
@item
-You want to use BWM Tools for both your firewall and traffic shaping, nothing
-else.
+You want to use BWM Tools for both your firewall and traffic shaping.
@*@*
This is the easiest scenario to deal with, only having 4 steps below to get
your firewall, NAT and traffic shaping up and running@dots{}
@@ -875,7 +874,9 @@
@enumerate
@item
Configure your classes, ACL's, NAT and traffic shaping rules as described in
-the previous sections.
+the previous sections. The end target for all accepted traffic must be
+@dfn{bwmd} in the @dfn{INPUT} chain or @dfn{OUTPUT} chain if you doing single
+box or a router configuration respectively.
@*
@item
Run BWM Firewall with the below possible arguments to generate an
@@ -944,13 +945,17 @@
@item
@cindex queue
BWM Tools uses the userpace queueing mechanism, all packets to be shaped must
-be targetted at @dfn{QUEUE}.
+be targetted at @dfn{QUEUE} in the @dfn{filter} table. This is done by either
+adding a rule to the @dfn{INPUT} and @dfn{OUTPUT} chain in the case of a
+single box which you need to shape traffic to and from respectively. While
+in the case of a firewall where traffic passes through you would add a rule
+to the @dfn{FORWARD} chain.
@*
@item
Therefore in order for BWM Tools to shape traffic, packets must be MARK'ed with
a number corrosponding to the number specified in the @code{nfmark="@dots{}"}
parameter defined in the @code{<flow>} tag and targetted in iptables to
-@dfn{QUEUE} instead of @dfn{ACCEPT}.
+@dfn{QUEUE} instead of @dfn{ACCEPT} as per above.
@end itemize
@*
Imagine you would like your linux router to rate limit all traffic from and to
@@ -962,10 +967,10 @@
Configuring @command{iptables}
@*@*
@smallexample
+@command{iptables -t filter -A FORWARD -m mark ! --mark 0x0 -j QUEUE}
@command{iptables -t mangle -A FORWARD -s 192.168.1.100 -j MARK --set-mark 100}
@command{iptables -t mangle -A FORWARD -d 192.168.1.100 -j MARK --set-mark 101}
@end smallexample
-@*
@item
Configuring @command{bwmd}
@*@*
|
