Ticket #351 (reopened Bug report)

Opened 1 year ago

Last modified 9 months ago

wifidog and qos-script

Reported by: denis Assigned to:
Priority: low Milestone: Not yet assigned to a Milestone
Component: Gateway Keywords:
Cc:

Description

hello,

I test for some time to set up a qos using qos-script.

When wifidog and qos-script are active on my accès point only the port which are validating-users seems to function. The port that I add in known-users do not seem to open when I logist. if I stop the qos that functions perfectly. The use of the qos only also functions very well. It's the association of both which bug.

I tested with several versions of wifidog is the problem is same the beta6 rc1 and the last.

For information I already posted a ticket on the Dev of openwrt not knowing if the problem comes from the qos or of wifidog.

Thank for work

Denis

Attachments

Change History

07/07/07 11:24:19 changed by benoitg

  • priority changed from high to low.
  • status changed from new to closed.
  • resolution set to invalid.

There is nothing we can do without knowing what qos script you user, and exactly what it tries to do. There is a full firewall map of wifidog. We'd need the same for the qos script.

07/07/07 17:51:42 changed by anonymous

  • status changed from closed to reopened.
  • resolution deleted.

Hello

It's a pity because a qos with wifidog appears really one to me more. For the qos in question i use that of ndb which names qos-script. http://downloads.openwrt.org/whiterussian/packages/qos-scripts_0.9.4-1_mipsel.ipk http://wiki.openwrt.org/MiniHowtos/QoSHowto?highlight=%28qos%29

This qos will allow to give priorities has certain service such as for example the voip ssh etc etc. and to restrict the p2p via the use of l7-protocols.

thank you nevertheless

Denis

07/10/07 12:53:31 changed by anonymous

That may be a stupid question, but are you sure the user you used for testing is actually validated?

07/14/07 08:34:23 changed by denis

The user is well validated.

When I stop qos-script it has no problem there. It's the association of both which poses problem.

It's a pity really because the qos of ndb functions rather well

01/16/08 04:20:54 changed by anonymous

hi! i meet this problem too!, found that just was the iptables command problems with the set mark in mangle table!! wifidog filter table(TABLE_WIFIDOG_OUTGOING ) conflict with qos default table

01/16/08 04:21:31 changed by james@shekoutel.com

hi! i meet this problem too!, found that just was the iptables command problems with the set mark in mangle table!! wifidog filter table(TABLE_WIFIDOG_OUTGOING ) conflict with qos default table

01/16/08 04:23:33 changed by james@shekoutel.com

root@GW005:~# iptables -L -t mangle Chain PREROUTING (policy ACCEPT) target prot opt source destination MARK all -- anywhere anywhere MARK set 0x2 MARK all -- anywhere anywhere MARK set 0x2 WiFiDog_Trusted all -- anywhere anywhere WiFiDog_Outgoing all -- anywhere anywhere Default all -- anywhere anywhere IMQ all -- anywhere anywhere IMQ: todev 0 MARK all -- anywhere anywhere MARK set 0x2

Chain INPUT (policy ACCEPT) target prot opt source destination

Chain FORWARD (policy ACCEPT) target prot opt source destination Default all -- anywhere anywhere MARK all -- anywhere anywhere MARK set 0x2

Chain OUTPUT (policy ACCEPT) target prot opt source destination Default all -- anywhere anywhere

Chain POSTROUTING (policy ACCEPT) target prot opt source destination WiFiDog_Incoming all -- anywhere anywhere Default all -- anywhere anywhere

Chain Default (4 references) target prot opt source destination CONNMARK all -- anywhere anywhere CONNMARK restore Default_ct all -- anywhere anywhere MARK match 0x0 MARK all -- anywhere anywhere MARK match 0x1 length 400:65535 MARK set 0x0 MARK all -- anywhere anywhere MARK match 0x2 length 800:65535 MARK set 0x0 MARK udp -- anywhere anywhere MARK match 0x0 length 0:500 MARK set 0x2 MARK icmp -- anywhere anywhere MARK set 0x1 MARK tcp -- anywhere anywhere MARK match 0x0 tcp spts:1024:65535 dpts:1024:65535 MARK set 0x4 MARK udp -- anywhere anywhere MARK match 0x0 udp spts:1024:65535 dpts:1024:65535 MARK set 0x4 MARK tcp -- anywhere anywhere length 0:128 MARK match !0x4 tcp flags:FIN,SYN,RST,PSH,ACK,URG/SYN MARK set 0x1 MARK tcp -- anywhere anywhere length 0:128 MARK match !0x4 tcp flags:FIN,SYN,RST,PSH,ACK,URG/ACK MARK set 0x1

Chain Default_ct (1 references) target prot opt source destination MARK all -- anywhere anywhere MARK match 0x0 ipp2p v0.8.1_rc1 --kazaa --gnu --edk --dc --bit MARK set 0x4 MARK all -- anywhere anywhere MARK match 0x0 LAYER7 l7proto edonkey MARK set 0x4 MARK all -- anywhere anywhere MARK match 0x0 LAYER7 l7proto bittorrent MARK set 0x4 MARK tcp -- anywhere anywhere MARK match 0x0 tcp multiport ports 22,53 MARK set 0x1 MARK udp -- anywhere anywhere MARK match 0x0 udp multiport ports 22,53 MARK set 0x1 MARK tcp -- anywhere anywhere MARK match 0x0 tcp multiport ports 20,21,25,80,110,443,993,995 MARK set 0x3 MARK tcp -- anywhere anywhere MARK match 0x0 tcp multiport ports 5190 MARK set 0x2 MARK udp -- anywhere anywhere MARK match 0x0 udp multiport ports 5190 MARK set 0x2 CONNMARK all -- anywhere anywhere CONNMARK save

Chain WiFiDog_Incoming (1 references) target prot opt source destination ACCEPT all -- anywhere 192.168.200.4

Chain WiFiDog_Outgoing (1 references) target prot opt source destination MARK all -- 192.168.200.4 anywhere MAC 00:E0:4C:01:D9:50 MARK set 0x2 MARK all -- anywhere anywhere MARK set 0x2

Chain WiFiDog_Trusted (1 references) target prot opt source destination

01/16/08 04:37:53 changed by james@shekoutel.com

modify firewall.h like this will solve this problem:

typedef enum _t_fw_marks {

FW_MARK_PROBATION = 201, /**< @brief The client is in probation period and must be authenticated

@todo: VERIFY THAT THIS IS ACCURATE*/

FW_MARK_KNOWN = 202, /**< @brief The client is known to the firewall */ FW_MARK_LOCKED = 254 /**< @brief The client has been locked out */

} t_fw_marks;

01/16/08 11:01:02 changed by james@shekoutel.com

sorry ,will not working too!!!

Add/Change #351 (wifidog and qos-script)