[maemo-developers] Dynamic WIFI bandwidth management with iptables, netstat, nload, tc - was: ....

From: Darius Jack dariusjack2006 at yahoo.ie
Date: Mon Aug 4 19:34:23 EEST 2008 
Hi,

sorry my friend, but Dialog is an application ported to maemo, you should install it first to run (not bash command at all).
With Dialog you can write basic MS DOS-like menu driven interactive shell scripts.
Dialog is great development tool for Dummies and high school students, integrating shell scripts with some pseudo-GUIs.

Ok.
Another question is how to build basic WIFI bandwidth management application in shell script.
What I mean is to incorporate iptables, netstat, nload parsed output
to see a number of WiFi clients, protocols and traffic load, time connected and the like and implement wait rules in iptables for each specified WiFi client.

If you find my idea ok, just tell me how to proceed further.
Got the following limit, time limit from IPtables script
http://slackware.asmonet.net/download/rc.firewall


$IPT -A OUTPUT -m limit --limit 3/minute --limit-burst 3 -j LOG \
    --log-prefix "OUTPUT packet died: "

http://www.novell.com/communities/node/4995/adjusting-iptables-rule-server-health-monitoring

Got traffic control command tc application and some packet shaper solutions.
Looking for some basic tc shell scriptimplementations like iptables.

Darius

--- On Sun, 3/8/08, John Holmblad <jholmblad at acadiasecurenets.com> wrote:

> From: John Holmblad <jholmblad at acadiasecurenets.com>
> Subject: Re: Dynamic iptables firewall NAT IP masquerade shell scripts + dialog - kind request
> To: dariusjack2006 at yahoo.ie
> Cc: maemo-developers at maemo.org
> Date: Sunday, 3 August, 2008, 9:59 PM
> Darius,
> 
> it does not appear that the dialog command is included in
> the version of 
> bash (bash2) that can be installed in OS2008. I installed
> bash2 to see 
> if the dialog command is present but it is not as far as I
> have been 
> able to test.
> 
> In principle, I do see your point about how the use of the
> dialog 
> command with other shell scripting could be used for
> iptables config.
> 
> 
> Have you done a www search to see what is out there with
> respect to 
> front end scripts for iptables?
> 
> 
> Best Regards,
> 
>  
> 
> John Holmblad
> 
>  
> 
> Acadia Secure Networks, LLC
> 
> * *
> 
> *Serving the SmartDigital^TM home, entrepreneurial
> enterprise, and 
> emerging network service provider markets*
> 
> * *
> 
> *GSEC Gold,  GCWN Gold,  GAWN,  GGSC-0100,  NSA-IAM, 
> NSA-IEM***
> 
> *Cisco Select Certified Partner and SMB Specialist |
> **Microsoft Small 
> Business Specialist | Speakeasy Certified VOIP Partner |
> Linksys 
> Authorized LVS Partner | Qualys Certified Qualysguard
> Specialist*
> 
> * *
> 
> (M) 703 407 2278
> 
> (F)  703 620 5388
> 
>  
> 
> (W) www.acadiasecure.com
> 
>  
> 
> primary email address:  jholmblad at acadiasecure.com 
> <mailto:jholmblad at acadiasecure.com>
> 
> backup email address:  jholmblad at verizon.net
> <mailto:jholmblad at verizon.net>
> 
> 
> 
> Darius Jack wrote:
> > Hi John,
> >
> > thanks for your kind help.
> > Frankly speaking, what I mean is Dialog interface to
> iptables, bandwidth managment, firewall, NAT ....
> > As dialog is fast, not generating overheads to
> processor and graphics,
> > code is open as a shell script.
> > I just need 1-2 persons to work out a solution.
> > Very simple solution.
> > No compilation, no installation, no porting problems.
> > Just pls tell me what do you think about it.
> > Is Dialog not ok to enter parameters to shell scripts
> running iptables, firewall, NAT, Masquarade ?
> >
> > I am just testing one bandwidth management
> application, but frankly speaking would prefer another shell
> script based on iptables to set priorities.
> >
> > Darius
> >
> > \
> > - On Sat, 2/8/08, John Holmblad
> <jholmblad at acadiasecurenets.com> wrote:
> >
> >   
> >> From: John Holmblad
> <jholmblad at acadiasecurenets.com>
> >> Subject: Re: Dynamic iptables firewall NAT IP
> masquerade shell scripts + dialog - kind request
> >> To: dariusjack2006 at yahoo.ie
> >> Cc: maemo-developers at maemo.org
> >> Date: Saturday, 2 August, 2008, 10:18 PM
> >> Darius,
> >>
> >> your earlier post led me to research a product
> called
> >> Kmyfirewall which 
> >> is a GUI based front end for iptables that is
> designed for
> >> KDE. I asked 
> >> the develolper if he knew of anyone attempting to
> port the
> >> front end to 
> >> the Internet tabled but he does not know of any
> such
> >> attempt.
> >>
> >> Here also is the sourceforge www page for the
> project:
> >>
> >>
> >>     http://sourceforge.net/projects/kmyfirewall
> >>
> >> If I understand correctly it sounds like you one
> and
> >> perhaps 2 issues to 
> >> address:
> >>
> >> 1. Traffic Shaping for 802.11 clients to a given
> 802.11 AP
> >> on your network.
> >>
> >> 2. A convenient way to remotely manage your
> network using
> >> the Internet 
> >> Tablet as a management terminal (e.g. using SSH,
> VNC,or
> >> RDP, etc.) 
> >> communicating with your network through the
> Internet,
> >> itself accessed 
> >> from your Internet tablet via Bluetooth/3G,
> Bluetooth/evdo,
> >> or 802.11 to 
> >> a public or private 802.11 Access Point (e.g. hot
> spot).
> >>
> >>
> >>
> >> Best Regards,
> >>
> >>  
> >>
> >> John Holmblad
> >>
> >>  
> >>
> >> Acadia Secure Networks, LLC
> >>
> >> * *
> >>
> >> *Serving the SmartDigital^TM home, entrepreneurial
> >> enterprise, and 
> >> emerging network service provider markets*
> >>
> >> * *
> >>
> >> *GSEC Gold,  GCWN Gold,  GAWN,  GGSC-0100, 
> NSA-IAM, 
> >> NSA-IEM***
> >>
> >> *Cisco Select Certified Partner and SMB Specialist
> |
> >> **Microsoft Small 
> >> Business Specialist | Speakeasy Certified VOIP
> Partner |
> >> Linksys 
> >> Authorized LVS Partner | Qualys Certified
> Qualysguard
> >> Specialist*
> >>
> >> * *
> >>
> >> (M) 703 407 2278
> >>
> >> (F)  703 620 5388
> >>
> >>  
> >>
> >> (W) www.acadiasecure.com
> >>
> >>  
> >>
> >> primary email address:  jholmblad at acadiasecure.com
> 
> >> <mailto:jholmblad at acadiasecure.com>
> >>
> >> backup email address:  jholmblad at verizon.net
> >> <mailto:jholmblad at verizon.net>
> >>
> >>
> >>
> >> Darius Jack wrote:
> >>     
> >>> Hi John and others,
> >>>
> >>> spent last days learning how to manage
> bandwidth in my
> >>>       
> >> router + server.
> >>     
> >>> What I need is dynamic bandwidth management.
> >>>
> >>> To have 3 classes of wifi users.
> >>> class 1 - superuser - full bandwidth access
> >>> class 2 - users identified by MAC address
> >>> class 3 - anonymous users (no MAC address
> entered)
> >>>
> >>> What I get with iptables, wshaper is wan/lan
> bandwidth
> >>>       
> >> management.
> >>     
> >>> What I need is wlan bandwidth management by
> users no.
> >>>       
> >> , by application, by time of day, date and the
> like.
> >>     
> >>> Remotely assigning wifi access without the
> need to
> >>>       
> >> rebot server each time.
> >>     
> >>> Ok.
> >>> I can run iptables from command line anyway.
> >>>
> >>> But need a nice tool with basic graphical
> interface
> >>>       
> >> (dialog is ok)
> >>     
> >>> and append and remove/ delete MAC address, to
> generate
> >>>       
> >> iptables rules, when run as a shell script .
> >>     
> >>> Another issue is
> >>> I need my router + server to access wifi
> Internet as a
> >>>       
> >> client
> >>     
> >>> and share the same access to wifi clients as a
> server,
> >>> with bandwidth management on.
> >>>
> >>> Please refer me to some nice places with shell
> script
> >>>       
> >> solutions.
> >>     
> >>> thanks
> >>>
> >>> Darius
> >>>
> >>>
> >>> --- On Fri, 25/7/08, John Holmblad
> >>>       
> >> <jholmblad at acadiasecurenets.com> wrote:
> >>     
> >>>   
> >>>       
> >>>> From: John Holmblad
> >>>>         
> >> <jholmblad at acadiasecurenets.com>
> >>     
> >>>> Subject: Re: Dynamic iptables firewall NAT
> IP
> >>>>         
> >> masquerade shell scripts + dialog - kind request
> >>     
> >>>> To: dariusjack2006 at yahoo.ie
> >>>> Cc: maemo-developers at maemo.org
> >>>> Date: Friday, 25 July, 2008, 5:13 PM
> >>>> Darius,
> >>>>
> >>>> would a VNC client on your 770 be a
> solution to
> >>>>         
> >> manage your
> >>     
> >>>> systems? If 
> >>>> not,why not?
> >>>>
> >>>> Alternatively you install a linux virtual
> machine
> >>>>         
> >> on one of
> >>     
> >>>> your systems 
> >>>> and VNC into it from your 770 and then use
> that
> >>>>         
> >> linux VM to
> >>     
> >>>> control the 
> >>>> servers in your server "farm".
> >>>>
> >>>>
> >>>> Best Regards,
> >>>>
> >>>>  
> >>>>
> >>>> John Holmblad
> >>>>
> >>>>  
> >>>>
> >>>> Acadia Secure Networks, LLC
> >>>>
> >>>> * *
> >>>>
> >>>>
> >>>>
> >>>> Darius Jack wrote:
> >>>>     
> >>>>         
> >>>>> Hi,
> >>>>>
> >>>>> I am trying to restrict maemo wifi
> access to
> >>>>>           
> >> Internet
> >>     
> >>>>>       
> >>>>>           
> >>>> on-the-fly
> >>>>     
> >>>>         
> >>>>> and have one with admin's access
> ssh
> >>>>> and have some preloaded shell scripts
> running
> >>>>>           
> >> on a
> >>     
> >>>>>       
> >>>>>           
> >>>> server
> >>>>     
> >>>>         
> >>>>> and the ability to edit shell scripts
> locally
> >>>>>           
> >> on maemo
> >>     
> >>>>> and sent to server to be run
> >>>>> to avoid on-line shell script editing
> while
> >>>>>           
> >> wifi
> >>     
> >>>>>       
> >>>>>           
> >>>> network is suddenly off.
> >>>>     
> >>>>         
> >>>>> Ok. In plain words.
> >>>>> I need OS2007HE (or OS2008) running
> 770
> >>>>> to act as a remote console for a
> number of
> >>>>>           
> >> servers and
> >>     
> >>>>>       
> >>>>>           
> >>>> APs
> >>>>     
> >>>>         
> >>>>> and to control some servers + AP
> remotely
> >>>>> get traffic load data and more.
> >>>>> Not necessary VNC .
> >>>>> Going abroad I would like to still
> have a
> >>>>>           
> >> control of a
> >>     
> >>>>>       
> >>>>>           
> >>>> server and AP,
> >>>>     
> >>>>         
> >>>>> remote rebooting, remote ports
> closing, add/
> >>>>>           
> >> remove
> >>     
> >>>>>       
> >>>>>           
> >>>> MAC addresses
> >>>>     
> >>>>         
> >>>>> and the like.
> >>>>>
> >>>>> So maemo as mobile Linux console.
> >>>>> Any ideas, links to some scripting,
> dynamic
> >>>>>           
> >> iptables,
> >>     
> >>>>>       
> >>>>>           
> >>>> firewall, NAT, masquerade
> >>>>     
> >>>>         
> >>>>> thanks
> >>>>>
> >>>>> Darius
> >>>>>
> >>>>>
> >>>>> Send instant messages to your online
> friends
> >>>>>       
> >>>>>           
> >>>> http://uk.messenger.yahoo.com 
> >>>>     
> >>>>         
> >> _______________________________________________
> >>     
> >>>>> maemo-developers mailing list
> >>>>> maemo-developers at maemo.org
> >>>>>
> >>>>>       
> >>>>>           
> >>
> https://lists.maemo.org/mailman/listinfo/maemo-developers
> >>     
> >>>>     
> >>>>         
> >>>>>       
> >>>>>           
> >>> Send instant messages to your online friends
> >>>       
> >> http://uk.messenger.yahoo.com 
> >>     
> >>>
> >>>       
> >
> > Send instant messages to your online friends
> http://uk.messenger.yahoo.com 
> >
> >
> >

Send instant messages to your online friends http://uk.messenger.yahoo.com
More information about the maemo-developers mailing list