Ticket #351 (reopened Bug report)

Attachments

wifidog_1.1.5-1_mipsel_whiterussian.ipk Download (44.8 KB) - added by anonymous 10 years ago.
prueba

Change History

Changed 11 years ago by benoitg

  • priority changed from high to low
  • status changed from new to closed
  • resolution set to invalid

There is nothing we can do without knowing what qos script you user, and exactly what it tries to do. There is a full firewall map of wifidog. We'd need the same for the qos script.

Changed 11 years ago by anonymous

  • status changed from closed to reopened
  • resolution invalid deleted

Hello

It's a pity because a qos with wifidog appears really one to me more. For the qos in question i use that of ndb which names qos-script.  http://downloads.openwrt.org/whiterussian/packages/qos-scripts_0.9.4-1_mipsel.ipk  http://wiki.openwrt.org/MiniHowtos/QoSHowto?highlight=%28qos%29

This qos will allow to give priorities has certain service such as for example the voip ssh etc etc. and to restrict the p2p via the use of l7-protocols.

thank you nevertheless

Denis

Changed 11 years ago by anonymous

That may be a stupid question, but are you sure the user you used for testing is actually validated?

Changed 11 years ago by denis

The user is well validated.

When I stop qos-script it has no problem there. It's the association of both which poses problem.

It's a pity really because the qos of ndb functions rather well

Changed 11 years ago by anonymous

hi! i meet this problem too!, found that just was the iptables command problems with the set mark in mangle table!! wifidog filter table(TABLE_WIFIDOG_OUTGOING ) conflict with qos default table

Changed 11 years ago by james@…

hi! i meet this problem too!, found that just was the iptables command problems with the set mark in mangle table!! wifidog filter table(TABLE_WIFIDOG_OUTGOING ) conflict with qos default table

Changed 11 years ago by james@…

root@GW005:~# iptables -L -t mangle Chain PREROUTING (policy ACCEPT) target prot opt source destination MARK all -- anywhere anywhere MARK set 0x2 MARK all -- anywhere anywhere MARK set 0x2 WiFiDog_Trusted all -- anywhere anywhere WiFiDog_Outgoing all -- anywhere anywhere Default all -- anywhere anywhere IMQ all -- anywhere anywhere IMQ: todev 0 MARK all -- anywhere anywhere MARK set 0x2

Chain INPUT (policy ACCEPT) target prot opt source destination

Chain FORWARD (policy ACCEPT) target prot opt source destination Default all -- anywhere anywhere MARK all -- anywhere anywhere MARK set 0x2

Chain OUTPUT (policy ACCEPT) target prot opt source destination Default all -- anywhere anywhere

Chain POSTROUTING (policy ACCEPT) target prot opt source destination WiFiDog_Incoming all -- anywhere anywhere Default all -- anywhere anywhere

Chain Default (4 references) target prot opt source destination CONNMARK all -- anywhere anywhere CONNMARK restore Default_ct all -- anywhere anywhere MARK match 0x0 MARK all -- anywhere anywhere MARK match 0x1 length 400:65535 MARK set 0x0 MARK all -- anywhere anywhere MARK match 0x2 length 800:65535 MARK set 0x0 MARK udp -- anywhere anywhere MARK match 0x0 length 0:500 MARK set 0x2 MARK icmp -- anywhere anywhere MARK set 0x1 MARK tcp -- anywhere anywhere MARK match 0x0 tcp spts:1024:65535 dpts:1024:65535 MARK set 0x4 MARK udp -- anywhere anywhere MARK match 0x0 udp spts:1024:65535 dpts:1024:65535 MARK set 0x4 MARK tcp -- anywhere anywhere length 0:128 MARK match !0x4 tcp flags:FIN,SYN,RST,PSH,ACK,URG/SYN MARK set 0x1 MARK tcp -- anywhere anywhere length 0:128 MARK match !0x4 tcp flags:FIN,SYN,RST,PSH,ACK,URG/ACK MARK set 0x1

Chain Default_ct (1 references) target prot opt source destination MARK all -- anywhere anywhere MARK match 0x0 ipp2p v0.8.1_rc1 --kazaa --gnu --edk --dc --bit MARK set 0x4 MARK all -- anywhere anywhere MARK match 0x0 LAYER7 l7proto edonkey MARK set 0x4 MARK all -- anywhere anywhere MARK match 0x0 LAYER7 l7proto bittorrent MARK set 0x4 MARK tcp -- anywhere anywhere MARK match 0x0 tcp multiport ports 22,53 MARK set 0x1 MARK udp -- anywhere anywhere MARK match 0x0 udp multiport ports 22,53 MARK set 0x1 MARK tcp -- anywhere anywhere MARK match 0x0 tcp multiport ports 20,21,25,80,110,443,993,995 MARK set 0x3 MARK tcp -- anywhere anywhere MARK match 0x0 tcp multiport ports 5190 MARK set 0x2 MARK udp -- anywhere anywhere MARK match 0x0 udp multiport ports 5190 MARK set 0x2 CONNMARK all -- anywhere anywhere CONNMARK save

Chain WiFiDog_Incoming (1 references) target prot opt source destination ACCEPT all -- anywhere 192.168.200.4

Chain WiFiDog_Outgoing (1 references) target prot opt source destination MARK all -- 192.168.200.4 anywhere MAC 00:E0:4C:01:D9:50 MARK set 0x2 MARK all -- anywhere anywhere MARK set 0x2

Chain WiFiDog_Trusted (1 references) target prot opt source destination

Changed 11 years ago by james@…

modify firewall.h like this will solve this problem:

typedef enum _t_fw_marks {

FW_MARK_PROBATION = 201, /**< @brief The client is in probation period and must be authenticated

@todo: VERIFY THAT THIS IS ACCURATE*/

FW_MARK_KNOWN = 202, /**< @brief The client is known to the firewall */ FW_MARK_LOCKED = 254 /**< @brief The client has been locked out */

} t_fw_marks;

Changed 11 years ago by james@…

sorry ,will not working too!!!

Changed 10 years ago by anonymous

prueba

Changed 8 years ago by jodoreps

  • version set to Gateway 20090925
  • description modified (diff)
Note: See TracTickets for help on using tickets.