[bwm-tools-tech] bwm tools traffic shaping issue
Brought to you by:
nkukard
Menu
▾
▴
[bwm-tools-tech] bwm tools traffic shaping issue
|
From: vishal s. <vis...@ho...> - 2005-05-25 10:22:13
|
Hi Nigel
In brief, let me first describe what I am trying to do:
I have configured one Linux Box, 192.168.1.69 as a router and installed bwm
tools. This has the default gateway of 192.168.1.114
Also, I have configured another Linux Box, 192.168.1.163 and made the
previous box as its default gateway. So anything that not on the local net,
goes to 192.168.1.69.
This is my bwm firewall file:
<firewall>
<global>
<modules>
<load name="ip_queue"/>
<load name="ip_conntrack_ftp"/>
<load name="ip_nat_ftp"/>
</modules>
#Classes
<class name= "http_public_traffic_inout">
<address name="http_inout" proto="tcp" dst-port="80"/>
</class>
<class name= "https_public_traffic_inout">
<address name="https_inout" proto="tcp" dst-port="443"/>
</class>
<class name= "ftp_public_traffic_inout">
<address name="ftp_inout" proto="tcp" dst-port="21"/>
</class>
<class name= "DNS_traffic_inout">
<address name="DNS_inout" proto="udp" dst-port="53"/>
</class>
<class name= "icmp_traffic_inout">
<address name="icmp_inout" proto="icmp" />
</class>
<class name= "http_private_traffic_inout">
<address name="http_inout" dst="192.168.0.0/16" proto="tcp" dst-port="80"/>
</class>
<class name= "ftp_private_traffic_inout">
<address name="ftp_inout" dst="192.168.0.0/16" proto="tcp" dst-port="21"/>
</class>
<class name= "telnet_private_traffic_inout">
<address name="telnet_inout" dst="192.168.0.0/16" proto="tcp"
dst-port="23"/>
</class>
<class name= "ssh_private_traffic_inout">
<address name="ssh_inout" dst="192.168.0.0/16" proto="tcp" dst-port="22"/>
</class>
<class name= "smtp_private_traffic_inout">
<address name="http_inout" src="192.168.1.112" proto="tcp" dst-port="25"/>
</class>
<class name= "pop3_private_traffic_inout">
<address name="pop3_inout" src="192.168.1.112" dst="63.80.142.98"
proto="tcp" dst-port="110"/>
</class>
<class name= "icmp_private_traffic_inout">
<address name="icmp_inout" dst="192.168.0.0/16" proto="icmp" />
</class>
<class name= "http_private_traffic_outin">
<address name="http_outin" dst="192.168.0.0/16" proto="tcp" dst-port="80"
/>
</class>
<class name= "ftp_private_traffic_outin">
<address name="ftp_outin" dst="192.168.0.0/16" proto="tcp" dst-port="21"/>
</class>
<class name= "telnet_private_traffic_outin">
<address name="telnet_outin" dst="192.168.0.0/16" proto="tcp"
dst-port="23"/>
</class>
<class name= "ssh_private_traffic_outin">
<address name="ssh_outin" dst="192.168.0.0/16" proto="tcp" dst-port="22"/>
</class>
<class name= "icmp_private_traffic_outin">
<address name="icmp_outin" proto="icmp" />
</class>
<class name= "snmp_private_traffic">
<address name="snmpprivate" proto="tcp" dst-port="161"/>
</class>
</global>
<acl>
<table name="filter">
<chain name="INPUT">
<rule target="bwmd">
</rule>
</chain>
<chain name="OUTPUT">
<rule target="bwmd">
</rule>
</chain>
<chain name="FORWARD">
<rule target="bwmd">
</rule>
</chain>
</table>
</acl>
<traffic>
<flow name="total_in" max-rate="64000" report-timeout="60">
<flow name="http_https_public" max-rate="16000" burst-rate="120000"
nfmark="100">
http_public_traffic_inout
https_public_traffic_inout
http_private_traffic_inout
</flow>
<flow name="ftp_public" max-rate="16000" burst-rate="64000" nfmark="101">
ftp_public_traffic_inout
</flow>
<flow name="dns_icmp_public" max-rate="4000" burst-rate="4500"
nfmark="102">
DNS_traffic_inout
icmp_private_traffic_outin
</flow>
<flow name="ftp_private" max-rate="128000" burst-rate="128000"
nfmark="103">
ftp_private_traffic_inout
</flow>
</flow>
</traffic>
</firewall>
This is the o/p of iptables -L -n -v
[root@bplinux60 bwm_tools]# iptables -L -n -v
Chain INPUT (policy ACCEPT 64100 packets, 8753K bytes)
pkts bytes target prot opt in out source
destination
8701 1178K bwmd all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 41 packets, 1772 bytes)
pkts bytes target prot opt in out source
destination
47 2163 bwmd all -- * * 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy ACCEPT 37501 packets, 5413K bytes)
pkts bytes target prot opt in out source
destination
270 28205 bwmd all -- * * 0.0.0.0/0
0.0.0.0/0
Chain bwmd (3 references)
pkts bytes target prot opt in out source
destination
14 807 QUEUE all -- * * 0.0.0.0/0
0.0.0.0/0 MARK match !0x0
5136 703K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
And this the o/p of iptables -L -n -v -t mangle
[root@bplinux60 bwm_tools]# iptables -L -n -v -t mangle
Chain PREROUTING (policy ACCEPT 327K packets, 45M bytes)
pkts bytes target prot opt in out source
destination
Chain INPUT (policy ACCEPT 10826 packets, 1463K bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 47 packets, 2163 bytes)
pkts bytes target prot opt in out source
destination
0 0 MARK tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80 MARK set 0x64
0 0 MARK tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:443 MARK set 0x64
0 0 MARK tcp -- * * 0.0.0.0/0
192.168.0.0/16 tcp dpt:80 MARK set 0x64
10 471 MARK tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:21 MARK set 0x65
0 0 MARK udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:53 MARK set 0x66
4 336 MARK icmp -- * * 0.0.0.0/0
0.0.0.0/0 MARK set 0x66
10 471 MARK tcp -- * * 0.0.0.0/0
192.168.0.0/16 tcp dpt:21 MARK set 0x67
Chain OUTPUT (policy ACCEPT 2500 packets, 341K bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 66605 packets, 9144K bytes)
pkts bytes target prot opt in out source
destination
My problem is; when I fire bwmd and thereafter run bwm_monitor, the monitor
does display some counters , but I see no traffic limiting. For example, if
I limit ftp traffic to 8kb, it makes no effect. And strangely, ftp counters
arent updated.
Please help!!!
Vishal Singh
Vishal Singh
|
