Re: [bwm-tools-tech] Traffic Control!!!!
Brought to you by:
nkukard
Menu
▾
▴
Re: [bwm-tools-tech] Traffic Control!!!!
|
From: Nigel K. <nk...@lb...> - 2005-04-18 08:37:14
|
Ok.... you need to use -j MARK --set-mark 2001 in your mangle table,
you must mark the traffic you wish to send to bwmd for shaping.
Once it has been marked, your normal ACCEPT target must be changed to
the bwmd target, which will intercept the traffic and shape it....
check the iptables firewall generated for the example.xml configuration
file and also that generated for the examples in the bwm tools
documentation.
You can then rewrite the bwmd configuration like this... (try it with
the most basic config, before you start fine-tuning the optional params)
<firewall><global>
<modules>
<load name="ip_queue"/>
</modules>
</global>
# Traffic flows
<traffic>
<flow name="mainline" max-rate="65536" report-timeout="60">
<queue nfmark="2001">
</queue>
</flow>
</traffic>
And add some rules maybe like this... (off the top of my head)...
iptables -t mangle -A FORWARD -p tcp --sport 20 -j MARK --set-mark 2001
iptables -t mangle -A FORWARD -p tcp --sport 21 -j MARK --set-mark 2001
iptables -t mangle -A FORWARD -p tcp --dport 20 -j MARK --set-mark 2001
iptables -t mangle -A FORWARD -p tcp --dport 21 -j MARK --set-mark 2001
iptables -A FORWARD -j bwmd
(i'm assuming there is no other rules in the above chains)
-Nigel
Rizwan Sarwar Sundhu wrote:
> Hi,
> i am not using bwmd for firewall, i only want to use it for
> traffic control at the moment because i am still getting familiar with
> it.Here is what i do,
>
> Create a new chain in existing iptables generated by my SuSEfirewall2:
>
> #iptables -N bwmd
>
>
> Then i add these two rules:
>
> #iptables -A bwmd -m mark ! --mark 0 -j QUEUE
> #iptables -A bwmd -j ACCEPT
>
>
> So i get this in iptables -L bwmd
>
> # iptables -L bwmd
> Chain bwmd (0 references)
> target prot opt source destination
> QUEUE all -- anywhere anywhere MARK
> match !0x0
> ACCEPT all -- anywhere anywhere
> Next i start bwmd with this command (file firewall.xm used is pasted
> below.)
>
> # bwmd -c test/firewall.xml
> BWM Daemon v200504060857 - Copyright (c) 2003-2005 Linux Based Systems
> Design
>
> Loading ip_queue...done
>
>
> File used as firewall.xml:
>
>
> <firewall><global>
> <modules>
> <load name="ip_queue"/>
> </modules>
> <class name="ftp_traffic_out_data">
> <address name="a_traffic_out"
> src="192.168.0.221" src-port="20"/>
> </class>
> <class name="ftp_traffic_out_control">
> <address name="b_traffic_out"
> src="192.168.0.221" src-port="21"/>
> </class></global>
> # Traffic flows
> <traffic><flow name="mainline" stats-len="10" queue-size="1000"
> queue-len="100" max-rate="65536" burst-rate="67172" report-timeout="60">
> <queue prio="50" nfmark="2001">
> ftp_traffic_out_data;
> ftp_traffic_out_control;
> </queue>
> </flow>
>
> </traffic>
>
> </firewall>
>
>
> Regards
> Rizwan
>
>
>
>
>
> ----- Original Message -----
> *From:* Nigel Kukard <mailto:nk...@lb...>
> *To:* Rizwan Sarwar Sundhu <mailto:ra...@ya...>
> *Cc:* bwm-tools-tech@lists..sourceforge.net
> <mailto:bwm...@li...>
> *Sent:* Monday, April 18, 2005 8:54 AM
> *Subject:* Re: [bwm-tools-tech] Traffic Control!!!!
>
> Hrm....
>
> You must have -j bwmd as the ACCEPT rules for traffic you want
> to shape.
>
> Can you attach your bwm tools config file, along with the iptables
> file it generates plz.
>
> Regards
> Nigel
>
> Rizwan Sarwar Sundhu wrote:
>
>> Hi,
>> Thanks for replying, i checked iptables -vnL bwmd but it does
>> not show any increase in counters.
>>
>> # iptables -vnL bwmd
>> Chain bwmd (0 references)
>> pkts bytes target prot opt in out
>> source destination
>> 0 0 QUEUE all -- * *
>> 0.0.0.0/0 0.0.0.0/0 MARK match !0x0
>> 0 0 ACCEPT all -- * *
>> 0.0.0.0/0 0.0.0.0/0
>> I can understand that traffic is not being forwaded to bwmd, but
>> why, not making sense to me. waiting for ur response
>>
>> Regard
>> Rizwan
>
> ------------------------------------------------------------------------
> Do you Yahoo!?
> Plan great trips with Yahoo! Travel
> <http://us.lrd.yahoo.com/_ylc=X3oDMTFmZ2htMTlyBF9TAzMyOTc1MDIEX3MDODYyNzYxNwRwb3MDMQRzZWMDbWFpbARzbGsDZm9vdGVy/SIG=10tesb5j9/**http%3a//travel.yahoo.com/>:
> Now over 17,000 guides!
> <http://us.lrd.yahoo.com/_ylc=X3oDMTFmMnFhajhhBF9TAzMyOTc1MDIEX3MDODYyNzYxNwRwb3MDMgRzZWMDbWFpbARzbGsDZm9vdGVy/SIG=12jqk5n45/**http%3a//travel.yahoo.com/p-travelguide-191500002-destination_guides_vacations-i>
--
Nigel Kukard, PhD CompSc
(Chief Executive Officer)
Linux Based Systems Design
Web: www.lbsd.net Email: nk...@lb...
Tel: (+27) 023 349 8000 Cell: (+27) 082 333 3723
Fax: (+27) 023 349 1395 Support: 086 747 7600
Address: LIGT House, 2 Klipdrift Rd, Rawsonville
Linux Systems Design & Technology Solutions
The best language to use is the language that was designed for
what you want to use it for.
=====================================================================
Disclaimer
----------
The contents of this message and any attachments are intended
solely for the addressee's use and may be legally privileged and/or
confidential information. This message may not be retained,
distributed, copied or used if you are not he addressee of this
message. If this message was sent to you in error, please notify
the sender immediately by reply e-mail and then destroy the message
and any copies thereof.
Opinions, conclusions and other information in this message may be
personal to the sender and is not that of Linux Based Systems Design,
LinuxRulz or any of it's subsideries, associated companies or
principals and is therefore not endorsed by Linux Based Systems
Design or LinuxRulz. Due to e-maill communication being insecure,
Linux Based Systems Design and LinuxRulz do not guarantee
confidentiality, security, accuracy or performance of the e-mail.
Any liability for viruses is excluded to the fullest extent.
|
