wifidog and qos-script

[denis]

hello,

I test for some time to set up a qos using qos-script.

When wifidog and qos-script are active on my accès point only the port which are validating-users seems to function. The port that I add in known-users do not seem to open when I logist. if I stop the qos that functions perfectly. The use of the qos only also functions very well. It's the association of both which bug.

I tested with several versions of wifidog is the problem is same the beta6 rc1 and the last.

For information I already posted a ticket on the Dev of openwrt not knowing if the problem comes from the qos or of wifidog.

Thank for work

Denis

[benoitg]

There is nothing we can do without knowing what qos script you user, and exactly what it tries to do. There is a full firewall map of wifidog. We'd need the same for the qos script.

[anonymous]

Hello

It's a pity because a qos with wifidog appears really one to me more. For the qos in question i use that of ndb which names qos-script.  http://downloads.openwrt.org/whiterussian/packages/qos-scripts_0.9.4-1_mipsel.ipk  http://wiki.openwrt.org/MiniHowtos/QoSHowto?highlight=%28qos%29

This qos will allow to give priorities has certain service such as for example the voip ssh etc etc. and to restrict the p2p via the use of l7-protocols.

thank you nevertheless

Denis

[anonymous]

That may be a stupid question, but are you sure the user you used for testing is actually validated?

[denis]

The user is well validated.

When I stop qos-script it has no problem there. It's the association of both which poses problem.

It's a pity really because the qos of ndb functions rather well

[anonymous]

hi! i meet this problem too!, found that just was the iptables command problems with the set mark in mangle table!! wifidog filter table(TABLE_WIFIDOG_OUTGOING ) conflict with qos default table

[james@…]

hi! i meet this problem too!, found that just was the iptables command problems with the set mark in mangle table!! wifidog filter table(TABLE_WIFIDOG_OUTGOING ) conflict with qos default table

[james@…]

root@GW005:~# iptables -L -t mangle Chain PREROUTING (policy ACCEPT) target prot opt source destination MARK all -- anywhere anywhere MARK set 0x2 MARK all -- anywhere anywhere MARK set 0x2 WiFiDog_Trusted all -- anywhere anywhere WiFiDog_Outgoing all -- anywhere anywhere Default all -- anywhere anywhere IMQ all -- anywhere anywhere IMQ: todev 0 MARK all -- anywhere anywhere MARK set 0x2

Chain INPUT (policy ACCEPT) target prot opt source destination

Chain FORWARD (policy ACCEPT) target prot opt source destination Default all -- anywhere anywhere MARK all -- anywhere anywhere MARK set 0x2

Chain OUTPUT (policy ACCEPT) target prot opt source destination Default all -- anywhere anywhere

Chain POSTROUTING (policy ACCEPT) target prot opt source destination WiFiDog_Incoming all -- anywhere anywhere Default all -- anywhere anywhere

Chain Default (4 references) target prot opt source destination CONNMARK all -- anywhere anywhere CONNMARK restore Default_ct all -- anywhere anywhere MARK match 0x0 MARK all -- anywhere anywhere MARK match 0x1 length 400:65535 MARK set 0x0 MARK all -- anywhere anywhere MARK match 0x2 length 800:65535 MARK set 0x0 MARK udp -- anywhere anywhere MARK match 0x0 length 0:500 MARK set 0x2 MARK icmp -- anywhere anywhere MARK set 0x1 MARK tcp -- anywhere anywhere MARK match 0x0 tcp spts:1024:65535 dpts:1024:65535 MARK set 0x4 MARK udp -- anywhere anywhere MARK match 0x0 udp spts:1024:65535 dpts:1024:65535 MARK set 0x4 MARK tcp -- anywhere anywhere length 0:128 MARK match !0x4 tcp flags:FIN,SYN,RST,PSH,ACK,URG/SYN MARK set 0x1 MARK tcp -- anywhere anywhere length 0:128 MARK match !0x4 tcp flags:FIN,SYN,RST,PSH,ACK,URG/ACK MARK set 0x1

Chain Default_ct (1 references) target prot opt source destination MARK all -- anywhere anywhere MARK match 0x0 ipp2p v0.8.1_rc1 --kazaa --gnu --edk --dc --bit MARK set 0x4 MARK all -- anywhere anywhere MARK match 0x0 LAYER7 l7proto edonkey MARK set 0x4 MARK all -- anywhere anywhere MARK match 0x0 LAYER7 l7proto bittorrent MARK set 0x4 MARK tcp -- anywhere anywhere MARK match 0x0 tcp multiport ports 22,53 MARK set 0x1 MARK udp -- anywhere anywhere MARK match 0x0 udp multiport ports 22,53 MARK set 0x1 MARK tcp -- anywhere anywhere MARK match 0x0 tcp multiport ports 20,21,25,80,110,443,993,995 MARK set 0x3 MARK tcp -- anywhere anywhere MARK match 0x0 tcp multiport ports 5190 MARK set 0x2 MARK udp -- anywhere anywhere MARK match 0x0 udp multiport ports 5190 MARK set 0x2 CONNMARK all -- anywhere anywhere CONNMARK save

Chain WiFiDog_Incoming (1 references) target prot opt source destination ACCEPT all -- anywhere 192.168.200.4

Chain WiFiDog_Outgoing (1 references) target prot opt source destination MARK all -- 192.168.200.4 anywhere MAC 00:E0:4C:01:D9:50 MARK set 0x2 MARK all -- anywhere anywhere MARK set 0x2

Chain WiFiDog_Trusted (1 references) target prot opt source destination

[james@…]

modify firewall.h like this will solve this problem:

typedef enum _t_fw_marks {

FW_MARK_PROBATION = 201, /**< @brief The client is in probation period and must be authenticated

@todo: VERIFY THAT THIS IS ACCURATE*/

FW_MARK_KNOWN = 202, /**< @brief The client is known to the firewall */ FW_MARK_LOCKED = 254 /**< @brief The client has been locked out */

} t_fw_marks;

[james@…]

sorry ,will not working too!!!

[anonymous]

prueba