Re: [bwm-tools-tech] nfmark or user problem? - replace user?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hello,

    Please list the output of 'iptables -L -n -v -t mangle' with your 
question. That's much better to read then your raw script.

    Your packets are probably wrong marked. Please note that one 
matching mark ('-j MARK) does NOT end processing of the chain, so if the 
packets matches another rule the mark will be overwritten. I wrote on my 
site, always list your marks from generic to specific (the lower the 
mark, the less specific the rule should be)

Greetz
Kobe

go0ogl3 wrote:

>Hello list,
>
>I am trying to use the nfmark feature to "help" use my 256kbit
>bandwith wisely. I came up with a setup like this:
>
>The iptables part:
>
>---cut here---
>IPT=`which iptables`
>mark="-j MARK --set-mark"
>mf="-t mangle -A FORWARD"
>
>iptables -N bwmd
>iptables -A bwmd -m mark ! --mark 0x0 -j QUEUE
>iptables -A bwmd -j ACCEPT
>
>echo " DNS"
>$IPT $mf -p udp -s $lan --dport 53 $mark 105
>$IPT $mf -p tcp -s $lan --dport 53 $mark 105
>$IPT $mf -p udp -d $lan --sport 53 $mark 205
>$IPT $mf -p tcp -d $lan --sport 53 $mark 205
>
>echo " ICMP"
>$IPT $mf -p icmp -s $lan $mark 115
>$IPT $mf -p icmp -d $lan $mark 215
>..............
>---and here---
>
>The download part of my firewall.xml file is:
>
>---cut here---
>            # trafic shape DOWNLOAD
>
>     <flow name="Main_in" max-rate="30720" burst-rate="30720"
>queue-len="30" queue-size="30720" stats-len="5" report-timeout="60">
>
>            <flow name="Normal_in" max-rate="30720" burst-rate="30720"
>queue-len="30" queue-size="30720" stats-len="5" report-timeout="60">
>                <flow name="DNS_in" max-rate="3072" burst-rate="30720"
>queue-len="1" queue-size="1" stats-len="5" report-timeout="60">
>                    <queue prio="5" nfmark="105">
>                            DNS_in;
>                    </queue>
>                </flow>
>                <flow name="ICMP_in" max-rate="3072"
>burst-rate="30720" queue-len="15" queue-size="960" stats-len="5"
>report-timeout="60">
>                    <queue prio="15" nfmark="115">
>                            ICMP_in;
>                    </queue>
>                </flow>
>                <flow name="HTTP_in" max-rate="30720"
>burst-rate="30720" queue-len="10" queue-size="10240" stats-len="5"
>report-timeout="60">
>                    <queue prio="20" nfmark="120">
>                            HTTP_in;
>                    </queue>
>                </flow>
>            </flow>
>
>            <flow name="Bulk_in" max-rate="30720" burst-rate="30720"
>queue-len="90" queue-size="92120" stats-len="5" report-timeout="60">
>                <flow name="Other_in" max-rate="15360"
>burst-rate="30720" queue-len="60" queue-size="61440" stats-len="5"
>report-timeout="60">
>                    <queue prio="50" nfmark="150">
>                            Other_in;
>                    </queue>
>                </flow>
>                <flow name="P2P_in" max-rate="15360"
>burst-rate="30720" queue-len="90" queue-size="92120" stats-len="5"
>report-timeout="60">
>                    <queue prio="90" nfmark="190">
>                            P2P_in;
>                    </queue>
>                </flow>
>            </flow>
>
>    </flow>
>
>            # ---end--- trafic shape DOWNLOAD
>---and here---
>
>
>  The Problem (tested with icmp-ping type 8 packets):
>- the packets get marked, then they reach the QUEUE target, I can see
>the packets in the "Main_in" flow using bwm_monitor, but they are not
>"classified" in the "ICMP_in" flow. Any other packet types (like http,
>p2p, etc) are getting in the "Main" flow but they are not classified
>in the coresponding flow according to the nfmark.
>  In the bwm_tools manual is something like: "nfmark="..." -
>Mandatory/Optional parameter to specify the NFMARK of the traffic that
>applies to this flow. This must be used at the deepest level of flow
>embedding to match traffic. Each nfmark value MUST be unique! " but
>there is an example here:
>"http://bwm-tools.pr.linuxrulz.org/doc/Integration.html#index-nfmark-55"
>
>  I am using the bwm-tools 0.2.1, kernel 2.6.11.11, iptables v1.2.11
>
>Where is the mistake?
>
>P.S.: 
>-  I'm not very sure of the 'correct' usage of "queue-len" and
>"queue-size" (in my config are --testing-- values)
>-  I'm not very sure if bwm-tools "understands" what I want to
>accomplish with my hierarhical setup (I want dns, icmp and http
>traffic to have priority and to be interactive-like and p2p and other
>traffic to have last priority even if it will have a huge delay)
>-  I'm willing to write some sort of a manual (in about 2 weeks I hope
>I'll have more free time) with examples if I will be able to fully
>understand the "inner game" of bwm-tools
>-  Please excuse my english and my long email but i'm sleepy now... 
>
>go0ogl3
>
>
>-------------------------------------------------------
>SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
>from IBM. Find simple to follow Roadmaps, straightforward articles,
>informative Webcasts and more! Get everything you need to get up to
>speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
>_______________________________________________
>bwm-tools-tech mailing list
>bwm...@li...
>https://lists.sourceforge.net/lists/listinfo/bwm-tools-tech
>
>
>  
>