Re: [bwm-tools-tech] bwm - configuration

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi Rajveer,

I can now see that the packets are getting marked as per below iptables -L
-nv -t mangle
-------------
Chain PREROUTING (policy ACCEPT 3478 packets, 532K bytes)
 pkts bytes target     prot opt in     out     source
destination         

Chain INPUT (policy ACCEPT 1224 packets, 188K bytes)
 pkts bytes target     prot opt in     out     source
destination         

Chain FORWARD (policy ACCEPT 2254 packets, 344K bytes)
 pkts bytes target     prot opt in     out     source
destination         
 1036 65825 MARK       tcp  --  *      *       192.168.0.2
!192.168.0.0/24    MARK set 0x3e9 
    8   769 MARK       udp  --  *      *       192.168.0.2
!192.168.0.0/24     MARK set 0x3e9 
 2235  341K MARK       tcp  --  *      *       0.0.0.0/0
0.0.0.0/0           MARK set 0x3f0 
   17  2626 MARK       udp  --  *      *       0.0.0.0/0
0.0.0.0/0           MARK set 0x3f0 

Chain OUTPUT (policy ACCEPT 1105 packets, 175K bytes)
 pkts bytes target     prot opt in     out     source
destination         

Chain POSTROUTING (policy ACCEPT 3359 packets, 519K bytes)
 pkts bytes target     prot opt in     out     source
destination
-------------
My iptables are as below:
------------
# Generated using BWM Firewall v0.2.3: Wed Jul 19 13:32:48 2006

*mangle
:OUTPUT ACCEPT
:INPUT ACCEPT
:FORWARD ACCEPT
-A FORWARD --destination ! 192.168.0.0/24 --source 192.168.0.2  --protocol
tcp  -j  MARK --set-mark 1001 
-A FORWARD --destination ! 192.168.0.0/24 --source 192.168.0.2  --protocol
udp  -j  MARK --set-mark 1001 
-A FORWARD --protocol tcp  -j  MARK --set-mark 1008 
-A FORWARD --protocol udp  -j  MARK --set-mark 1008 
COMMIT
*filter
:OUTPUT ACCEPT
:bwmd -
:INPUT ACCEPT
:FORWARD ACCEPT
-A bwmd -m mark ! --mark 0 -j QUEUE
-A bwmd -j ACCEPT
COMMIT
-----------
iptables -L -nv is as below
-----------
Chain INPUT (policy ACCEPT 1275 packets, 191K bytes)
 pkts bytes target     prot opt in     out     source
destination         

Chain FORWARD (policy ACCEPT 2272 packets, 350K bytes)
 pkts bytes target     prot opt in     out     source
destination         

Chain OUTPUT (policy ACCEPT 1159 packets, 182K bytes)
 pkts bytes target     prot opt in     out     source
destination         

Chain bwmd (0 references)
 pkts bytes target     prot opt in     out     source
destination         
    0     0 QUEUE      all  --  *      *       0.0.0.0/0
0.0.0.0/0           MARK match !0x0 
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0
0.0.0.0/0       

-------------
>From the below it is clear that the packets are getting marked but for some
reason not getting forwarded to the bwmd chain.
Please help if you can.

Regards
Ravi

  _____  

From: bwm...@li...
[mailto:bwm...@li...] On Behalf Of rajveer
singh
Sent: Wednesday, July 19, 2006 11:56 AM
To: bwm...@li...
Subject: Re: [bwm-tools-tech] bwm - configuration

hi ravi,

It means simply none of the packet which is marking.

simply use any client machine. which is accessing internet by using gateway
ip of your machine on which you are configuring bwm-tools. but remember
do'nt assgin ip address of your machine in proxy setting in web browser.
then see whether if you are able to access internet or not.

Regards

Rajveer Singh

On Wed, 19 Jul 2006 Ravi Patwari wrote :
>Hi Rajveer,
>
>Thanks for the quick reply.
>
>Actually I have removed the full iptables itself and only put the lines
>which were created by bwm_firewall.
>
>In the iptables -L -n -v I see packet movement but I do not see any packet
>movement in iptables -L -v -n -t mangle which should show the packets
>getting marked and I guess that is why there is no bandwidth monitoring.
>
>Any ideas?
>
>Regards
>Ravi
>
>  _____
>
> From: rajveer singh [mailto:raj...@re...]
>Sent: Wednesday, July 19, 2006 11:16 AM
>To: Ravi Patwari
>Subject: Re: [bwm-tools-tech] bwm - configuration
>
>
>
>  hi ravi
>
>try to see #iptables -Lnv
>and see whether any traffic is showing or not. if you there is not any
>packet movement is shown then surely there will be some problem with your
>iptables rules or you may be using squid proxy which is not transparant. so
>there is very simple way share your internet without squid by using
iptables
>rules. and then see traffic movement. if you get success. then try to
>implement further transparent proxy or what u like.
>
>regards
>rajveer singh
>
>
>On Tue, 18 Jul 2006 Ravi Patwari wrote :
> >Hi All,
> >
> >I have been trying to install bwm_tools since the last one week and have
> >been totally unsuccessful.
> >
> >Initially I had problems in installing but eventually was able to do it.
> >
> >The problem is in the config files.
> >
> >I already have iptables running and hence do not want to use the NAT and
>ACL
> >functions. I tried the most simple xml file with global and traffic
> >sections, created the firewall file from the xml file, then pasted this
> >output to iptables. I removed all the current iptables rules just to
test.
> >
> >Then I restarted iptables, and then checked bwm_monitor but cannot see
any
> >traffic being monitored or shaped.
> >
> >Please advise urgently.
> >
> >I also saw in the archives that someone was working on a simpler step by
> >step configuration manual last yesr. Please advise if the same is
finished
> >and where I can download it from.
> >
> >Any help will be highly appreciated.
> >
> >Regards
> >Ravi
> > 

<http://adworks.rediff.com/cgi-bin/AdWorks/sigclick.cgi/www.rediff.com/signa
ture-home.htm/1507191490@Middle5?PARTNER=3>  