Re: [bwm-tools-tech] Please Help ...Traffic Control don't work !
Brought to you by:
nkukard
Menu
▾
▴
Re: [bwm-tools-tech] Please Help ...Traffic Control don't work !
|
From: Nigel K. <nk...@lb...> - 2005-04-15 09:57:00
|
Hi Ralph, I see nothing is being sent to be QUEUE'd for bandwidth shaping... 0 0 QUEUE all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match !0x0 counters are 0. I assume you have a box acting as a firewall for example... intenret => firewall => network or similar. All the ACCEPT targets for traffic that must be shaped must change to -j bwmd (what i mean is, everything that has been MARK'd), i see you have the bwmd chain, this is good... you're nearly up and running! -Nigel ral...@ra... wrote: > Hi again, > > sorry i must disturb again, but the traffic control don't work and i > don't know why !? > > Ok i chance a little bit by my firewall.xml what i post yesterday. > Now i can open all website with and without squid. > But what i see and think, all traffic from http and https goes past > the bwm_tool. > So i test ftp traffic, and suddenly i have move in my Forward chain > when i look under > /"iptables -L -n -v -t mangle"/ (see below). > But the ftp and all other traffic don't control from the bwm_tool. > > Please help, what is wrong in my firewall-file !? > Or is anything wrong around the bwm_tool ? > When i start the bwm_tool at first i sent the iptables with > "bwm_firewall firewall.xml -l", then i start bwmd or bwmd -f. > So i think it must work, or not ? > > Here comes now the output with "/iptables -L -n -v -t mangle"/ and > "/iptables -L -n -v", /hope you > see anything. > /iptables -L -t mangle -v -n > Chain PREROUTING (policy ACCEPT 153K packets, 122M bytes) > pkts bytes target prot opt in out source > destination > 80557 101M TOS tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp spt:80 TOS set 0x08 > 9286 411K TOS tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:80 TOS set 0x08 > 323 50860 TOS udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp spt:53 TOS set 0x10 > 175 11695 TOS udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp dpt:53 TOS set 0x10 > Chain INPUT (policy ACCEPT 126K packets, 104M bytes) > pkts bytes target prot opt in out source > destination > Chain FORWARD (policy ACCEPT 22009 packets, 18M bytes) > pkts bytes target prot opt in out source > destination > 8030 393K MARK tcp -- eth1 * 0.0.0.0/0 > 0.0.0.0/0 MARK set 0x514 > 10 673 MARK udp -- eth1 * 0.0.0.0/0 > 0.0.0.0/0 MARK set 0x514 > 131 5451 MARK tcp -- eth1 * 192.168.125.5 > !192.168.125.0/24 MARK set 0x4e3 > 0 0 MARK udp -- eth1 * 192.168.125.5 > !192.168.125.0/24 MARK set 0x4e3 > 8030 393K MARK tcp -- eth1 * > 0.0.0.0/0 0.0.0.0/0 MARK set 0x8fc > 10 673 MARK udp -- eth1 * 0.0.0.0/0 > 0.0.0.0/0 MARK set 0x8fc > 131 5451 MARK tcp -- eth1 * 192.168.125.5 > !192.168.125.0/24 MARK set 0x8cb > 0 0 MARK udp -- eth1 * 192.168.125.5 > !192.168.125.0/24 MARK set 0x8cb > Chain OUTPUT (policy ACCEPT 130K packets, 99M bytes) > pkts bytes target prot opt in out source > destination > tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp > spt:80 TOS set 0x08 > 54457 3505K TOS tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:80 TOS set 0x08 > 0 0 TOS tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp spt:53 TOS set 0x10 > 0 0 TOS tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpt:53 TOS set 0x10 > 175 41207 TOS udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp spt:53 TOS set 0x10 > 302 21791 TOS udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp dpt:53 TOS set 0x10 > Chain POSTROUTING (policy ACCEPT 152K packets, 117M bytes) > pkts bytes target prot opt in out source > destination/ > > /iptables -L -n -v/ > Chain INPUT (policy DROP 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > 175 11695 ACCEPT udp -- * * 0.0.0.0/0 > 0.0.0.0/0 udp dpt:53 > 239 18164 ACCEPT udp -- * * > 0.0.0.0/0 0.0.0.0/0 udp dpt:123 > 839 211K ACCEPT udp -- * * > 0.0.0.0/0 0.0.0.0/0 udp dpt:1812 > 160 34803 ACCEPT all -- lo * > 0.0.0.0/0 0.0.0.0/0 > 122K 104M ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > 187 18996 ACCEPT udp -- * * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > 0 0 input_int all -- * * 0.0.0.0/0 > 0.0.0.0/0 policy match dir in pol ipsec proto50 > 1517 72824 input_int all -- eth1 * 0.0.0.0/0 > 0.0.0.0/0 > 95 79913 input_ext all -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 DROP all - * * 0.0.0.0/0 > 0.0.0.0/0 > Chain FORWARD (policy DROP 0 packets, 0 bytes) > pkts bytes target prot opt in out source > destination > 278 13316 TCPMSS tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp toPMTU > 0 0 forward_int all -- * * 0.0.0.0/0 > 0.0.0.0/0 policy match dir in pol ipsec proto 50 > 8040 394K forward_int all -- eth1 * 0.0.0.0/0 > 0.0.0.0/0 > 13969 17M forward_ext all -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 DROP all -- * * 0.0.0.0/0 > 0.0.0.0/0 > Chain OUTPUT (policy DROP 5 packets, 200 bytes) > pkts bytes target prot opt in out source > destination > 296 43919 ACCEPT all -- * lo 0.0.0.0/0 > 0.0.0.0/0 > 130K 99M ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 state NEW,RELATED,ESTABLISHED > Chain POSTROUTING (0 references) > pkts bytes target prot opt in out source > destination > Chain PREROUTING (0 references) > pkts bytes target prot opt in out source > destination > Chain bwmd (0 references) > pkts bytes target prot opt in out source > destination > 0 0 QUEUE all -- * * 0.0.0.0/0 > 0.0.0.0/0 MARK match !0x0 > Chain forward_ext (1 references) > pkts bytes target prot opt in out source > destination > 2 150 ACCEPT icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 state RELATED icmp type 3 > 13967 17M ACCEPT all -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > 0 0 DROP all -- * * 0.0.0.0/0 > 0.0.0.0/0 state INVALID > 0 0 DROP all -- * * 0.0.0.0/0 > 0.0.0.0/0 > Chain forward_int (2 references) > pkts bytes target prot opt in out source > destination > 8028 393K ACCEPT all -- * eth0 0.0.0.0/0 > 0.0.0.0/0 state NEW,RELATED,ESTABLISHED > 0 0 ACCEPT all -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED > 12 480 DROP all -- * * 0.0.0.0/0 > 0.0.0.0/0 state INVALID > 0 0 DROP all -- * * 0.0.0.0/0 > 0.0.0.0/0 > Chain input_ext (1 references) > pkts bytes target prot opt in out source > destination > 1 104 ACCEPT icmp -- * * 0.0.0.0/0 > 0.0.0.0/0 state RELATED,ESTABLISHED icmp type3 > 59 72560 ACCEPT tcp -- * * 0.0.0.0/0 > 0.0.0.0/0 tcp dpts:1024:65535 > 3 99 ACCEPT udp -- * * 0.0.0.0/0 > 0.0.0.0/0 state NEW udp dpts:1024:65535 > 32 7150 DROP all -- * * 0.0.0.0/0 > 0.0.0.0/0 PKTTYPE = broadcast > 0 0 DROP all -- * * 0.0.0.0/0 > 0.0.0.0/0 state INVALID > 0 0 DROP all -- * * 0.0.0.0/0 > 0.0.0.0/0 > Chain input_int (2 references) > pkts bytes target prot opt in out source > destination > 1517 72824 ACCEPT all -- * * 0.0.0.0/0 > 0.0.0.0/0 > Hope you can see anything about this, when not, please let me know > what you need. > > Understand i right, that all traffic what i want to control with the > bwm_tool must go over the FORWARD Chains !? > > Best Regards > > Ralph Buchmann > > > To: bwm...@li... > bwm...@li... > bwm...@li... > Cc: nk...@lb... |
