[bwm-tools-tech] Re: No Traffic Control ! ... or bwm_tool don't work !?
Brought to you by:
nkukard
Menu
▾
▴
[bwm-tools-tech] Re: No Traffic Control ! ... or bwm_tool don't work !?
|
From: <ral...@ra...> - 2005-05-01 01:50:43
|
Hi Giang and all other,
thanks for the answer, but i try this before.
I insert follow rules in the FORWARD-Table.
<table name="filter">
# Custom Rules
<chain name="PREROUTING">
</chain>
<chain name="POSTROUTING">
</chain>
<chain name="INPUT" default="DROP">
<rule target="bwmd">
eth1
</rule>
<rule target="bwmd">
eth0
</rule>
<rule target="bwmd">
lo
</rule>
</chain>
<chain name="FORWARD" default="DROP">
<rule target="forward_int">
eth1
</rule>
<rule target="forward_ext">
eth0
</rule>
</chain>
<chain name="OUTPUT" default="DROP">
<rule target="bwmd">
loo
bwmd
</rule>
</chain>
<chain name="forward_ext">
<rule target="bwmd">
eth0
</rule>
</chain>
<chain name="forward_int">
<rule target="bwmd">
eth0_out
</rule>
</chain>
</table>
So i become this Outputfile ...
*filter
:OUTPUT DROP
:forward_ext -
:bwmd -
:POSTROUTING -
:forward_int -
:INPUT DROP
:FORWARD DROP
:PREROUTING -
-A OUTPUT --out-interface lo -j bwmd
-A OUTPUT -j bwmd
-A forward_ext --in-interface eth0 -j bwmd
-A bwmd -m mark ! --mark 0 -j QUEUE
-A forward_int --out-interface eth0 -j bwmd
-A INPUT --in-interface eth1 -j bwmd
-A INPUT --in-interface eth0 -j bwmd
-A INPUT --in-interface lo -j bwmd
-A FORWARD --in-interface eth1 -j forward_int
-A FORWARD --in-interface eth0 -j forward_ext
COMMIT
*nat
:POSTROUTING -
:PREROUTING -
-A POSTROUTING --out-interface eth0 -j MASQUERADE
-A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
COMMIT
And when i check the traffic i see ....
iptables -L -v -n
Chain INPUT (policy DROP 39 packets, 3390 bytes)
pkts bytes target prot opt in out source destination
28 1464 bwmd all -- eth1 * 0.0.0.0/0 0.0.0.0/0
11 1926 bwmd all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 bwmd all -- lo * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 193 packets, 22352 bytes)
pkts bytes target prot opt in out source destination
217 40890 forward_int all -- eth1 * 0.0.0.0/0 0.0.0.0/0
193 22352 forward_ext all -- eth0 * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 65 packets, 9147 bytes)
pkts bytes target prot opt in out source destination
0 0 bwmd all -- * lo 0.0.0.0/0 0.0.0.0/0
65 9147 bwmd all -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (0 references)
pkts bytes target prot opt in out source destination
Chain PREROUTING (0 references)
pkts bytes target prot opt in out source destination
Chain bwmd (7 references)
pkts bytes target prot opt in out source destination
217 40890 QUEUE all -- * * 0.0.0.0/0 0.0.0.0/0 MARK match !0x0
Chain forward_ext (1 references)
pkts bytes target prot opt in out source destination
193 22352 bwmd all -- eth0 * 0.0.0.0/0 0.0.0.0/0
Chain forward_int (1 references)
pkts bytes target prot opt in out source destination
217 40890 bwmd all -- * eth0 0.0.0.0/0 0.0.0.0/0
So i don't understand why DROP all INPUT, OUTPUT and forward_ext traffic when it go over the bwm_tool ?
I read in a little iptable-book, that all traffic over the QUEUE-target, that don't go over a Userspace-Application, DROPPED.
And this is what we see above !
No i think, i have a little mistake between the iptables and bwm_tools. But i don't know how can i test it !?
So i think, it can be that i have a integration problem in my system.
In the documentation (page 18) are 4 points what i must do.
But with "bwm_firewall -c /etc/bwm_tools/firewall.xml -l" i can skip point 3 ! Is this right ?
And after this i start bwmd.
Think must be right, or !?
Now last Question .. in the doc page 19 stand, that "bwmd defaults using the configuration file /etc/bwm_tools/firewall.xml".
When i start bwmd i see how the tool load all modules.
Is it right, that bwmd not load the iptables automaticly in this moment ?
Sorry for all my stupid question. But anything is wrong with my system and i will understand it.
Thanks.
Regards
Ralph
To: nk...@lb...
Cc: bwm...@li...
|
