Rules for server with Kerio Winroute Pro, switch and LAN

Started by maly_szcz

Hi.

I'm testing now some software and I have a problem with setting rules.

I have a network as follows:
ISP
  |
Server with Kerio Winroute Pro (wiyh proxy) on XP SP2 and Bandwidth Monitor Lite (Local IP 192.168.0.1)
  |
Switch
|  |  |
A  B  C
A, B and C are computers in local network (192.168.0.2-192.168.0.4)

I want to limit download for each of them to 32kB/s (32kB/s for each separately)
I want to limit upload for each of them to 16kB/s (16kB/s for each separately)
Next I want to set rule that limits speed using proxy on server to 64kB/s for each separately
And finally I want to let them all to communicate with the server without limits (server sharing files).
(next step will be setting different limits for each computer)

At beggining I setted the rules for computer A:
Rule 1: download limit to 32kB/s
Direction: Out
Protocol TCP and UDP
Source: Any:any
Destination: 192.168.0.2:any
Interface: DOM (interface of local network)

Rule 2: upload limit to 16kB/s
Direction: In
Protocol TCP and UDP
Source: 192.168.0.2:any
Destination: Any:any
Interface: DOM (interface of local network)
That configuration works fine, but the problem appears when I adding rule to unlimit local traffic (connecions from/to computer A and server). I added as first rule (before any other):
Rule 1: local traffic
Direction: Both
Protocol TCP and UDP
Source: 192.168.0.2:any
Destination: 192.168.0.1:any
Interface: DOM (interface of local network)
I tried too replace source and destination and I tried to use local host and i tried to use IP ranges but in each case I added this rule local traffic is unlimited, but traffic to Internet too. When I move the local traffic rule to end of rules list, limits 32 and 16kB/s are for local traffic too. Where I'm doing something wrong? Could you tell me how I have to set my rules to work it fine?

Sorry for my english. I hope You understand me.

Thanks for any help.
maly_szcz

Re: I Have a problem with rules   28 May 2006, 09:00

I forgot to write tat in first case (rule 1 and 2) a setted too:
Rule1:
Rate limit: 32kB/s
Rule2:
rate limit 16kB/s

In second case (when adding local traffic rule):
rate limit: unlimited
SoftPerfect Support forum - Andrew avatar image

Re: I Have a problem with rules   28 May 2006, 15:22

I am not quite sure why you mentioned 32/16 kB and 64 Kb. Are the users able to access the Internet in both ways: directly and through proxy?
So, if you want to limit them as 32/16 each if they access directly and 64/64 if they access through proxy, make your rules like this:
Rule 1: download/upload limit to 64kB/s
Direction: Both
Protocol TCP and UDP
Source: local host : proxy port
Destination: 192.168.0.2:any
Interface: DOM (interface of local network)

Rule 2: local traffic
Direction: Both
Protocol TCP and UDP
Source: 192.168.0.1 - 192.168.0.255
Destination: 192.168.0.1 - 192.168.0.255
Interface: DOM (interface of local network)

Rule 3: download limit to 32kB/s
Direction: Out
Protocol TCP and UDP
Source: Any:any
Destination: 192.168.0.2:any
Interface: DOM (interface of local network)

Rule 4 upload limit to 16kB/s
Direction: In
Protocol TCP and UDP
Source: 192.168.0.2:any
Destination: Any:any
Interface: DOM (interface of local network)
The rules order is very important, if you change it, these may not work. First rule catches any traffic between the proxy server (we used its port) and client 192.168.0.2. Second rule catches any local traffic except traffic from/to proxy server as it already catched by first rule. Third rule limits traffic that comes from the Internet (because all local traffic was caught with two previous rules). Fourth rule limits traffic that comes to the Internet

If this helps, and you would like to populate these rules to all clients, use this order:

Rule 1: download/upload limit to 64kB/s
Rule 2: download/upload limit to 64kB/s
...
Rule 5: download/upload limit to 64kB/s
Rule 6: local traffic
Rule 7: download limit to 32kB/s
Rule 8: upload limit to 16kB/s
Rule 9: download limit to 32kB/s
Rule 10: upload limit to 16kB/s
...
maly_szcz

Re: I Have a problem with rules   28 May 2006, 17:42

Hi.
Thanks for Your answer.
You asked: "I am not quite sure why you mentioned 32/16 kB and 64 Kb. Are the users able to access the Internet in both ways: directly and through proxy?"
32/16kB/s down/up for direct access to internet (xDSL is not simetric, direct acces is for p2p, e-mail, etc.). I want to allow faster access through proxy (64kB/s). It's http proxy witch users can use with them Internet browsers. Faster http proxy allow to surf in Internet even if p2p (like eMule, Bitcomrt etc) works at the same moment. Do You know what I mean?

I know that rules order is importatn. I was using BWM 1.3 some time ago, and it works fine.
I make my rules as You sad, but excluding rule 1 for start (only rules 2 to 4 at the same order, as You write). I tested rules like that yesterday. It's NOT working.
When I make rules like You sad, local traffic is unlimited, but Internet access too. When I disable local traffic rule, Internet access is limitesd, but local traffic of course too.
At the start I want to make rules which will limit internet access and unlimit local traffic.
I tried too make a rule like you writed (local traffic) and make only one rule to limit 32/32kB/s in both directions, and it not working.

The only way when it working is when I make:
Rule 1: local traffic
rate limit: unlimited
Direction: Both
Protocol TCP and UDP
Source: 192.168.0.1 - 192.168.0.255
Destination: 192.168.0.1 - 192.168.0.255
Interface: DOM (interface of local network)

Rule 2: download/upload limit to 32kB/s
Rate limit: 32kB/s
Direction: both
Protocol TCP and UDP
Source: local:any
Destination: any:any
Interface: INTERNET

In this case local traffic is unlimited, but internet access is limited to 32/32kB/s for whole access (1 user have 32/32, 2 users hae 16/16, 3 users have ~11/11, etc). I want to set limit for any user indywidually.
I have notices that if I make rules to limit upload/download it works. If i maky next rule (as first), where source or destination is IP 192.168.0.1 or local host and unlimit this rule, internet access is unlimited too.

I don't know what to do. I remember, that i makes rules for BWM 1.3 and it worked fine. Why in 2.5 is not working? It may be becouse of using Kerio Winroute Pro?
maly_szcz

Re: I Have a problem with rules   28 May 2006, 19:49

Ok.
Now i know what was wrong.
When I uninstalled Kerio Winroute Firewall (not Pro as I wrote at the beginning) and when I launched ICS everything is OK. Do You know why it is not working with Kerio Winroute Firewall? I know that may be a problem to work both applications together (errors), but I don't know why limits do not work correctly.
SoftPerfect Support forum - Andrew avatar image

Re: I Have a problem with rules   29 May 2006, 00:43

It's difficult to say what's wrong here. Probably KWF does some packets processing and modifies these before they arrive to the bandwidth manager layer, but I don't know exactly, sorry.
maly_szcz

Re: I Have a problem with rules   29 May 2006, 06:42

Ok smile
Thanks for help. Now I know how to setup for proxy. smile
I made correct rules (for internet traffic and local traffic), but KWF not working correctly with BWM.

Thanks.

Sometimes you can get the answer faster if you try the forum search and/or have a look at the software user manual to see if your question has already been answered.

Our forum rules are simple:

  • Be polite.
  • Do not spam.
  • If possible, check your spelling and grammar.

Author:

Email:

Subject

A brief and informative title for your message, approximately 4–8 words:

     

Spam prevention: please enter the following code in the input field below.

 **      **  ********  **     **  **     **  **        
 **  **  **  **        ***   ***  **     **  **    **  
 **  **  **  **        **** ****  **     **  **    **  
 **  **  **  ******    ** *** **  **     **  **    **  
 **  **  **  **        **     **   **   **   ********* 
 **  **  **  **        **     **    ** **          **  
  ***  ***   **        **     **     ***           **  

Message: