Re: [bwm-tools-tech] What is wrong with this config
Brought to you by:
nkukard
Menu
▾
▴
Re: [bwm-tools-tech] What is wrong with this config
|
From: Sudip K. <sa...@he...> - 2007-04-04 11:33:05
|
hey,
Place this tags in the global and the acl section respectively ,
#Inside the global tag
<chain name="FORWARD">
<rule cmd-line="-m mark ! --mark 0x0" target="bwmd">
bwmdfw
</rule>
</chain>
#Inside the acl tag
<chain name="FORWARD">
<rule cmd-line="-m mark ! --mark 0x0" target="bwmd">
bwmdfw
</rule>
</chain>
Watch the packets flow of the filter table regarding the queue chain if
anything goes wrong.
--------------------
Sudip Karki
> Ok I am trying to get bwm-tools running on a CentOS 4.4 box.
>
> It has two network interfaces in a bridge:
>
> cat /etc/sysconfig/network-scripts/ifcfg-eth0
> DEVICE=eth0
> HWADDR=00:0C:41:E2:A1:03
> ONBOOT=yes
> TYPE=Ethernet
> BRIDGE=br0
> #IPADDR=192.168.100.98
> #NETMASK=255.255.255.0
> #GATEWAY=192.168.100.1
>
> cat /etc/sysconfig/network-scripts/ifcfg-eth1
> DEVICE=eth1
> HWADDR=00:D0:B7:B3:96:69
> ONBOOT=yes
> TYPE=Ethernet
> BRIDGE=br0
>
> cat /etc/sysconfig/network-scripts/ifcfg-br0
> DEVICE=br0
> TYPE=Bridge
> IPADDR=192.168.100.98
> NETMASK=255.255.255.0
> ONBOOT=yes
>
> I my firewall.xml file looks like this:
> <firewall>
> # Global configuration and access classes
> <global>
> # Modules we need to load
> <modules>
> <load name="ip_queue"/>
> </modules>
> # BEGIN access classes
> <class name="ssh_traffic">
> <address dst="192.168.100.98" proto="tcp"
> dst-port="22"/>
> </class>
> <class name="http_traffic">
> <address dst="192.168.100.98" proto="tcp"
> dst-port="80"/>
> </class>
> # END access classes
> # Traffic Classes
> <class name="laptop_up">
> <address src="192.168.100.97"/>
> </class>
> <class name="laptop_down">
> <address src="! 192.168.100.97"
> dst="192.168.100.97"/>
> </class>
> </global>
> # Access control lists
> <acl>
> <table name="filter">
> <chain name="INPUT" default="ACCEPT">
> <rule name="allowed_traffic"
> target="ACCEPT">
> http_traffic
> ssh_traffic
> </rule>
> </chain>
> <chain name="FORWARD" default="ACCEPT">
> </chain>
> <chain name="OUTPUT" default="ACCEPT">
> </chain>
> </table>
> </acl>
> # Traffic flows
> <traffic>
> # Allow about 256k total usage
> <flow name="traffic_total" max-rate="32000"
> report-timeout="60">
> <flow name="flow_laptop_down" max-rate="25000"
> burst-rate="32000" report-timeout="60">
> <queue prio="40"
> nfmark="1001">laptop_down;</queue> </flow>
> # Only allow 64k upload
> <flow name="flow_laptop_up" max-rate="8000"
> report-timeout="60">
> <queue prio="30"
> nfmark="1002">laptop_up;</queue>
> </flow>
> </flow>
> </traffic>
> </firewall>
>
> I have ip_forwarding turned on in the CentOS box.
>
> I load the firewall like this: bwm_firewall -l
> I then start bwmd in the foreground like this: bwmd -f
> I a new terminal I start bwm_monitor and when I look at the stats for
> traffic total I don't see any packets flowing even though I am
> browsing the web with the laptop
>
>
> When I go to test I expect my laptop that has an IP of 192.168.100.97 to
> get no more than 256k of download. Speed test do not show that. What am
> I missing?
>
> If I forgot any important information I can post it.
>
> Thanks for any help in advance,
> _
> /-\ ndrew
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share
> your opinions on IT & business topics through brief surveys-and earn
> cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> bwm-tools-tech mailing list
> bwm...@li...
> https://lists.sourceforge.net/lists/listinfo/bwm-tools-tech
|
