Clarification on Rule order

Started by nicks

Clarification on Rule order   01 November 2013, 09:58

Just hoping for some clarification on my rule order and set-up with the new BWM program.

Physical Computer Set-up:
Satellite Modem -> Netgear Firewall/DHCP -> BWM -> (3) physical computers and wifi

BWM set-up:
Transparent bridge configured (my BWM computer does not use ICS)
Ignore Local traffic

Rule set-up and order:
Rule for computer 1 for 50mb/hour usage combined
Rule for computer 2 for 50mb/hour usage combined
Rule for computer 3 for 50mb/hour usage combined
Rule for Tracking MAC addresses at Source for 50mb/day usage combined

The idea is to keep the 3 computers almost always working on an hourly usage and to keep wifi users (iphones, ipads, laptops, etc...) limited to 50mb per day.

I am afraid that my MAC tracking rule will reset my 3 desktop computers hourly. But with this set-up, this should not happen, correct?

Any other suggestions or concerns?

Thanks for any input
-Nick

ps. THANK YOU ANDREW AND SOFTPERFECT for getting the dynamic MAC rules added to the program. HUGE help.
SoftPerfect Support forum - Andrew avatar image

Re: Clarification on Rule order   01 November 2013, 12:50

Hi Nick,

From what I see computers 1, 2 and 3 will be handled by the first three rules and anything else will be handled by the fourth rule.

Please post here a screen shot of your your ruleset (main window) and I will confirm it.

Andrew.

Re: Clarification on Rule order   03 November 2013, 07:54

Yeah, so I am definitely having troubles. The Mac rule i created started to filter access to the firewall and blocked all traffic from going through the firewall/DHCP. So wireless users could not get an IP address and no one could get through the BWM to the firewall and out. I created a new unlimited rule for the firewall and I think I solved the problem but I can not access the firewall's browser page. Here is my rule set. I think my problem has something to do with the interface selection...

Thanks for the suggestions and help!

SoftPerfect support forum
SoftPerfect Support forum - Andrew avatar image

Re: Clarification on Rule order   03 November 2013, 22:13

I can't really see if there a blocking rule in this ruleset. If there is, please post a screen shots where all the rules can be seen.

As to the interface selection, when using the bridging you should not use Any interface. This would cause double traffic processing, first as coming in and then as going out via the bridge. This leads to incorrect usage figures and performance degradation.

I suppose we'll have to add warning about this in the BM software itself.

Re: Clarification on Rule order   04 November 2013, 08:17

The rules you see are all the rules I have (well actually I have one more but it is disabled. I was trying to create different upload vs download rules but gave up and just want to focus on the single combined usage MAC rule). I have no generic blocking rule since everyone is welcome to use the network. I just want everyone's bandwidth managed.

So which interface should I apply my rules to? My wifi and user computers are after the BWM on the LAN side so I would think I should apply the rules to the LAN interface, right? And my firewall is before the BWM on the WAN side. My firewall rule I just want to be completely open since all traffic passes through it and the Dynamic MAC rule I created killed the firewall after the 75mb threshold was reached.

I am also still having problem with the BWM blocking computers from talking to my firewall/DHCP. Even the BWM itself can not talk to the firewall using the web interface of the firewall. My firewall is 192.168.3.1, my BWM is 192.168.3.2 for the WAN side and 192.168.3.3 for the LAN side.

-n
SoftPerfect Support forum - Andrew avatar image

Re: Clarification on Rule order   04 November 2013, 15:48

Yes, the rules should apply on the LAN interface in this case.

This will also automatically allow all traffic to the firewall as no bandwidth management will be on the WAN interface.

As to the inability to access the firewall, please check this page under Connectivity Issues.

Re: Clarification on Rule order   06 November 2013, 11:31

Andrew,

Thanks so much for your continued help. I adjusted my rules to look like this, what do you think?

SoftPerfect support forum

For the second item, not being able to access the firewall from the BWM, your suggestion to look at the Connectivity Issues web page worked perfectly. After I deleted the gateway ip from the LAN side, adjusted Metrics and added the run command, everything works great on the BWM.

I am still having problems with my third item. My wireless users on the LAN side of the BWM can not receive DHCP requests from the firewall which is on the WAN side of the BWM at 192.168.3.1. And users on the LAN side still can not access the local webpage for my firewall (192.168.3.1). So it seems that the metric trick worked for the BWM but not for the everyone else on the LAN side. I could care less about not being able to see the firewall webpage but I need to get DHCP to work desperately. My employees are about to revolt since they can't use their mobile devices.

I do know the router is working correctly and capable of serving DHCP since I tested by removing the BWM from the loop and having direct access from my wifi to the firewall and DHCP worked perfectly.

I am still going through the BWM user guide to find more insight but have had no luck so far.

-nick
SoftPerfect Support forum - Andrew avatar image

Re: Clarification on Rule order   06 November 2013, 12:30

I am not so sure, but try adding a rule that explicitly allows DHCP as shown below

SoftPerfect support forum

Hope this helps.

Re: Clarification on Rule order   07 November 2013, 06:01

Thanks Andrew but that one did not work. What is weird is that with the old version of the BWM we do not have a problem with this. I am still running the older version on another, completely separate network and having the DHCP on the WAN side has not been a problem. Also interesting to note is that with the older version I never had to do the Metric workaround I had to do above. My older BWM set-up has LAN side with no gateway and that was all that was required to make communication work there.

I am going to check the settings on my old version and keep banging my head against the wall.

-Nick

Re: Clarification on Rule order   07 November 2013, 06:47

HA! Figured it out! I checked my older version of BWM and saw that I did NOT have "Ignore Local Traffic" clicked in the Settings Menu on the older version. So I checked the new version, and I did have that selected. I un-checked it and now it works perfectly for DHCP.

Yay.

-Nick
SoftPerfect Support forum - Andrew avatar image

Re: Clarification on Rule order   07 November 2013, 11:13

Great. Sorry I didn't point to check that one out smile

Re: Clarification on Rule order   08 November 2013, 07:56

Sorry Andrew but it looks like I still have a problem with my rules.

It appears my firewall rule is capturing all traffic and my Dynamic MAC rule is not being used at all. Yesterday 1gig of traffic passed through my firewall rule and No traffic passed through my MAC rule.

So how do I adjust my firewall rule or my MAC rules? The reason I created the firewall rule was because the MAC rule was creating a stream for the firewall and only allowing 50mb to pass through it, then shutting down the firewall and blocking all internet traffic. I created the firewall rule to allow it unlimited access to the internet for all users to pass through but it looks like that overruled my MAC rule.

Argghhhh. Almost there. Thanks for all the help Andrew.

-Nick
SoftPerfect Support forum - Andrew avatar image

Re: Clarification on Rule order   08 November 2013, 13:11

Please post a fresh screenshot of the current ruleset wink

Re: Clarification on Rule order   09 November 2013, 08:34

Here is this morning's:

SoftPerfect support forum
SoftPerfect Support forum - Andrew avatar image

Re: Clarification on Rule order   09 November 2013, 13:17

Right now, that you have changed the rules to apply on the LAN interface only, you don't need the firewall rule any longer.

Just delete it and your traffic should begin to be properly metered by the Dynamic MAC rule.

Sometimes you can get the answer faster if you try the forum search and/or have a look at the software user manual to see if your question has already been answered.

Our forum rules are simple:

  • Be polite.
  • Do not spam.
  • If possible, check your spelling and grammar.

Author:

Email:

Subject

A brief and informative title for your message, approximately 4–8 words:

     

Spam prevention: please enter the following code in the input field below.

  *******   **     **  **         ********   **    ** 
 **     **   **   **   **    **   **     **  ***   ** 
 **           ** **    **    **   **     **  ****  ** 
 ********      ***     **    **   ********   ** ** ** 
 **     **    ** **    *********  **         **  **** 
 **     **   **   **         **   **         **   *** 
  *******   **     **        **   **         **    ** 

Message: