[bwm-tools-tech] Re: configure bwmd (firewall.xml)
Brought to you by:
nkukard
Menu
▾
▴
[bwm-tools-tech] Re: configure bwmd (firewall.xml)
|
From: Nigel K. <nk...@lb...> - 2003-06-18 17:34:11
|
> Assume I what shape incomming and outgoing traffic for web (tcp port 80). > I dont start bwm_firewall just do it by hand: >=20 > iptables -t mangle -F > iptables -t mangle -A INPUT -i eth0 -p tcp --sport 80 -j MARK --set-mar= k 1001 > iptables -t mangle -A OUTPUT -o eth0 -p tcp --dport 80 -j MARK --set-mar= k 1002 >=20 > iptables -t filter -F > iptables -t filter -A INPUT -i eth0 -m mark --mark 1001 -j QUEUE > iptables -t filter -A OUTPUT -o eth0 -m mark --mark 1002 -j QUEUE >=20 this looks fine :) >=20 > Look at part of firewall.xml that use bwmd: >=20 > <traffic> > <flow name=3D"mainline" stats-len=3D"10" queue-size=3D"262144" queue-len= =3D"300" max-rate=3D"65536" burst-rate=3D"131072" counter-timeout=3D"60"> > <flow name=3D"1_client_in" max-rate=3D"8192" flow-id=3D"1001"> > c_traffic_in; > </flow> > <flow name=3D"1_client_out" max-rate=3D"8192" flow-id=3D"1002"> > c_traffic_out; > </flow> > </flow> > </traffic> >=20 yep, you can define blank classes to be in the flows if you want to write your own firewall scripts :) > For example I what shape incomming traffic ( name=3D"1_client_in" ) to 1= 0240 bytes per sec (10KB/sec) > and outgoing traffic ( name=3D"1_client_out" ) to 1024 bytes per sec (1= KB/sec). >=20 correct, as above > Which values for parameters=20 >=20 > stats-len > queue-size > queue-len > max-rate > burst-rate > counter-timeout >=20 > in this case? >=20 if you don't want bursting all you need define is the following... stats-len =3D 0 queue-len =3D 5 (allows 5 packets in the queue, you can also use 10) max-rate =3D 1024 >=20 > I tried to set some parameters but when downloading big file (~20 Mb) I g= ot NOT fluent flow and not stable speed (with jumps). this could be the dropping of packets instead of queueing, add a nice queue-len so you don't drop packets. > ( When I shape trafic with kernel QoS download flow approximally equal t= o rate that I set to qdisc and flow was fluent. ) >=20 try adding a queue-len... else the packets are dropped > What are relationships between parameters? >=20 check the configuration documentation in the doc directory :) > And more : What is CONCEPTION of shaping? >=20 conception means the realization of it, maybe when it was first conceived... when someone first realized it was needed... *shrug* > --=20 > Andriy T. Yanko > wir...@wi... >=20 > * Avoid The Gates of Hell use Linux > ** Wenn ich sterbe, legt mir eine Birne in mein Grab ... --=20 Nigel Kukard (Chief Executive Officer) Lando Technologies Africa (Pty) Ltd ni...@la... www.lando.co.za Tel: 083 399 5822 Fax: 086 1100036 Hoheisen Park Bellville, Cape Town National Internet Service Provider The best language to use is the language that was designed for what you want to use it for - 1997 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Disclaimer ---------- The contents of this message and any attachments are intended=20 solely for the addressee's use and may be legally privileged and/or=20 confidential information. This message may not be retained,=20 distributed, copied or used if you are not he addressee of this=20 message. If this message was sent to you in error, please notify=20 the sender immediately by reply e-mail and then destroy the message=20 and any copies thereof. Opinions, conclusions and other information in this message may be=20 personal to the sender and is not that of Lando Technologies Africa=20 or any of it's subsideries, associated companies or principals and=20 is therefore not endorsed by any of the Lando groups of companies.=20 Due to e-maill communication being insecure, Lando groups of=20 companies do not guarantee confidentiality, security, accuracy or =20 performance of the e-mail. Any liability for viruses is excluded=20 to the fullest extent. |
