Re: [bwm-tools-tech] Re: configure bwmd (firewall.xml)
Brought to you by:
nkukard
Menu
▾
▴
Re: [bwm-tools-tech] Re: configure bwmd (firewall.xml)
|
From: Andriy T. Y. <wir...@wi...> - 2003-06-19 06:19:28
|
On Wed, 18 Jun 2003 19:33:48 +0200 Nigel Kukard <nk...@lb...> wrote: > > Assume I what shape incomming and outgoing traffic for web (tcp port 80). > > I dont start bwm_firewall just do it by hand: > > > > iptables -t mangle -F > > iptables -t mangle -A INPUT -i eth0 -p tcp --sport 80 -j MARK --set-mark 1001 > > iptables -t mangle -A OUTPUT -o eth0 -p tcp --dport 80 -j MARK --set-mark 1002 > > > > iptables -t filter -F > > iptables -t filter -A INPUT -i eth0 -m mark --mark 1001 -j QUEUE > > iptables -t filter -A OUTPUT -o eth0 -m mark --mark 1002 -j QUEUE > > > > this looks fine :) > > > > > Look at part of firewall.xml that use bwmd: > > > > <traffic> > > <flow name="mainline" stats-len="10" queue-size="262144" queue-len="300" max-rate="65536" burst-rate="131072" counter-timeout="60"> > > <flow name="1_client_in" max-rate="8192" flow-id="1001"> > > c_traffic_in; > > </flow> > > <flow name="1_client_out" max-rate="8192" flow-id="1002"> > > c_traffic_out; > > </flow> > > </flow> > > </traffic> > > > > yep, you can define blank classes to be in the flows if you want to > write your own firewall scripts :) > > > > For example I what shape incomming traffic ( name="1_client_in" ) to 10240 bytes per sec (10KB/sec) > > and outgoing traffic ( name="1_client_out" ) to 1024 bytes per sec (1KB/sec). > > > > correct, as above > > > Which values for parameters > > > > stats-len > > queue-size > > queue-len > > max-rate > > burst-rate > > counter-timeout > > > > in this case? > > > > if you don't want bursting all you need define is the following... > stats-len = 0 > queue-len = 5 (allows 5 packets in the queue, you can also use 10) > max-rate = 1024 ok. I tried but not this not working - no download speed! :(( Can you give me correct working config file for my example? I what control 2 different flows incoming(10KB/s) & outgoing(1KB/s). I think that in this case I don't need parent (mainline) flow. Just 2 separate flows. -- Andriy T. Yanko wir...@wi... * Avoid The Gates of Hell use Linux ** Wenn ich sterbe, legt mir eine Birne in mein Grab ... |
