All Forums
> Bandwidth Manager
> Current topic
Setting Up Rules to Work on Gateway / File Server
Started by Dave
Dave
Setting Up Rules to Work on Gateway / File Server 06 June 2006, 23:57 |
Hello. I am having a problem getting my network setup correctly. I have a server with two NICs acting as a gateway to the internet (WAN/192.168.0.1). It also has local files to be shared. The 15 clients have IP addresses 192.168.0.x with 192.168.0.1 as their gateway. Here is what I have for rules on the server:
RULE 1
Direction: Both
Rate: Unlimited
Protocol: Any IP Based
Interface: LAN
Source: Whole IP Range: 192.168.0.0 to 192.168.0.15
Destination: Whole IP Range: 192.168.0.0 to 192.168.0.15
Dest: Any
Port: Any
INTERNET RULES FOR CLIENTS 2 THRU 15
Direction: Out
Rate: 300 kbit/s
Protocol: TCP/UDP
Interface: LAN
Source: Local
Source Port: Any
Destination: MAC Address
Destination Port: Any
Direction: In
Rate: 75 kbit/s
Protocol: TCP/UDP
Interface: LAN
Source: MAC Address
Source Port: Any
Destination: Local
Destination Port: Any
LAST RULE
Direction: Both
Rate: Blocked
Protocol: TCP/UDP
Interface: LAN
Source: Any
Destination: Any
Dest: Any
Port: Any
When I first set it up, the rules worked fine for controlling internet access, but accessing the shared files on the server was slow. After reading your forums, I added RULE 1 and it fixed the problem with the speed to the server’s shared files. Now my problem is that the internet access rules are only working on the IN/Upload side to the server. It is not restricting the internet download speed from the server. To verify, when I refresh my Rules View, the Received column changes for all of the clients’ exchanges to the server showing the upload limit is working, but the Sent from the server to the clients remains the same/zero. That is all falling under the Unlimited/RULE 1’s Sent column.
I have tried changing the Download/Out rule source from Local to Any, but it did not change my results.
Is there something else that I’m missing?
Thank you for your help,
Dave
RULE 1
Direction: Both
Rate: Unlimited
Protocol: Any IP Based
Interface: LAN
Source: Whole IP Range: 192.168.0.0 to 192.168.0.15
Destination: Whole IP Range: 192.168.0.0 to 192.168.0.15
Dest: Any
Port: Any
INTERNET RULES FOR CLIENTS 2 THRU 15
Direction: Out
Rate: 300 kbit/s
Protocol: TCP/UDP
Interface: LAN
Source: Local
Source Port: Any
Destination: MAC Address
Destination Port: Any
Direction: In
Rate: 75 kbit/s
Protocol: TCP/UDP
Interface: LAN
Source: MAC Address
Source Port: Any
Destination: Local
Destination Port: Any
LAST RULE
Direction: Both
Rate: Blocked
Protocol: TCP/UDP
Interface: LAN
Source: Any
Destination: Any
Dest: Any
Port: Any
When I first set it up, the rules worked fine for controlling internet access, but accessing the shared files on the server was slow. After reading your forums, I added RULE 1 and it fixed the problem with the speed to the server’s shared files. Now my problem is that the internet access rules are only working on the IN/Upload side to the server. It is not restricting the internet download speed from the server. To verify, when I refresh my Rules View, the Received column changes for all of the clients’ exchanges to the server showing the upload limit is working, but the Sent from the server to the clients remains the same/zero. That is all falling under the Unlimited/RULE 1’s Sent column.
I have tried changing the Download/Out rule source from Local to Any, but it did not change my results.
Is there something else that I’m missing?
Thank you for your help,
Dave
Re: Setting Up Rules to Work on Gateway / File Server 07 June 2006, 03:15 |
Admin Registered: 12 years ago Posts: 5 643 |
Is there a proxy server runnung on the two NICs machine?
I would change your rules in this way (ports are all set to "any":
I would change your rules in this way (ports are all set to "any":
Direction: Both Rate: Unlimited Protocol: Any IP Based Interface: LAN Source: Whole IP Range: 192.168.0.0 to 192.168.0.15 Destination: Whole IP Range: 192.168.0.0 to 192.168.0.15 INTERNET RULES FOR CLIENTS 2 THRU 15 Direction: Out Rate: 300 kbit/s Protocol: TCP/UDP Interface: LAN Source: Any Destination: MAC Address Direction: In Rate: 75 kbit/s Protocol: TCP/UDP Interface: LAN Source: MAC Address Destination: Any LAST RULE Direction: Both Rate: Blocked Protocol: TCP/UDP Interface: LAN Source: 192.168.0.0 to 192.168.255.255 Destination: AnyHope this helps. If no, please tell me more about the server configuration (software, not hardware).
Dave
Re: Setting Up Rules to Work on Gateway / File Server 07 June 2006, 09:49 |
Thank you for the quick reply. I changed the ports and source to Any:any and it is still the same. I do have the server setup as a caching proxy on 8080; I have tried using the rules found in the help file (Local:8080), but I get the same results where it only restricts the upload limit. I also wanted to limit bandwidth on other messaging apps that go around the proxy port, so I was using Any for the port. The proxy is ISA 2004. Will I need additional rules for this setup?
Dave
Dave
Re: Setting Up Rules to Work on Gateway / File Server 07 June 2006, 18:59 |
Admin Registered: 12 years ago Posts: 5 643 |
So, you've got a proxy server for downloads and NO proxy for uploads, right? Then, the rules will be different. First we need to describe those who download data through proxy. Secondly, allow unlimited local bandwidth. Finally, throttle uploads. The rules order is important:
Name: Downloads
Direction: Out
Rate: 300 kbit/s
Protocol: TCP/UDP
Interface: LAN
Source: Local : port 8080
Destination: MAC Address
Name: Local communications
Direction: Both
Rate: Unlimited
Protocol: Any IP Based
Interface: LAN
Source: Whole IP Range: 192.168.0.0 to 192.168.0.15
Destination: Whole IP Range: 192.168.0.0 to 192.168.0.15
Name: Uploads
Direction: In
Rate: 75 kbit/s
Protocol: TCP/UDP
Interface: LAN
Source: MAC Address
Destination: Any
Try this configuration without the blocking rule. If it works, I'll tell you how to block the rest (it isn't trivial is this case).
Dave
Re: Setting Up Rules to Work on Gateway / File Server 08 June 2006, 04:30 |
Re: Setting Up Rules to Work on Gateway / File Server 09 June 2006, 00:47 |
Admin Registered: 12 years ago Posts: 5 643 |
Yes, it won't work. First we need to list those who can download through the proxy. Then block anyone else. Second, permit local communications. Third, permit direct uploads. Then block anyone else. Have a look on the following ruleset:
Name: Downloads Direction: Out Rate: 300 kbit/s Protocol: TCP/UDP Interface: LAN Source: Local : port 8080 Destination: MAC Address .... Other rules permitting downloads must be here .... Name: Block unauthorized downloads Direction: Out Rate: Blocked Protocol: TCP/UDP Interface: LAN Source: Local : port 8080 Destination: 192.168.0.0 to 192.168.255.255 Name: Local communications Direction: Both Rate: Unlimited Protocol: Any IP Based Interface: LAN Source: Whole IP Range: 192.168.0.0 to 192.168.0.15 Destination: Whole IP Range: 192.168.0.0 to 192.168.0.15 Name: Uploads Direction: In Rate: 75 kbit/s Protocol: TCP/UDP Interface: LAN Source: MAC Address Destination: Any ... Other rules permitting uploads must be here ... Name: Block unauthorized uploads Direction: In Rate: Blocked Protocol: TCP/UDP Interface: LAN Source: 192.168.0.0 to 192.168.255.255 Destination: Any
Dave
Re: Setting Up Rules to Work on Gateway / File Server 09 June 2006, 03:55 |