LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 02-02-2006, 10:21 AM   #1
Dimitris_Papadakis
LQ Newbie
 
Registered: Sep 2005
Location: Greece
Distribution: Slackware
Posts: 1

Rep: Reputation: 0
Qos,router(slackware) with 2 interfaces (lan+internet) problem


Hello...I have a Slackware based machine doing routing & QoS for my internal LAN users...
It has two interfaces: eth1(100mbps) that connects to the aDSL modem(USR 9105) and eth0(100mbps) that connects to my local LAN...
I'am using shorewall as a firewall...i think it's configured well as it's working as i want and i pass all the online firewall tests...

All lan users can use the masqueraded internet connection...
Now,i made a Qos script using htb and sfq and created 5 classes: 1 for interactive traffic,1 for bulk and p2p traffic and 3 that have equal bandwidth for my 3 lan users...

Now my problem is that the traffic from 10.0.0.25 doesn't go to class 1:11 as i want..the same happens with 10.0.0.21 and 10.0.0.20
When i see tc statistics for the classes,traffic flows to 1:10,1:14 except the users classes (1:11,1:12,1:13) beeing idle all the time
Happily ssh goes into interactive class but icmp doesn't go into interactive class...those things i've managed to test for now....

This is the first major problem...i don't know yet if ipp2p works...

misc information
-----------------
Slackware 10.2
tc utility, iproute2-ss050330
kernel 2.6.15 vanilla
iptables v1.3.3
aDSL 1024/256

What am i doing wrong?

Here is the script i use:

Code:
#!/bin/bash
# clean existing down- and uplink qdiscs, hide errors
tc qdisc del dev eth1 root    2> /dev/null > /dev/null
tc qdisc del dev eth1 ingress 2> /dev/null > /dev/null

#Create a mangle array
iptables -t mangle -F

#MSS Clamping discovery
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS  --clamp-mss-to-pmtu

#------------------------------------ Klasseis -----------------------------------------------#
#Create classes
# root class
tc qdisc add dev eth1 root handle 1: htb default 14

tc class add dev eth1 parent 1: classid 1:1 htb rate 250kbps ceil 250kbps

#interactive class
tc class add dev eth1 parent 1:1 classid 1:10 htb rate 50kbps ceil 250kbps prio 1

#users classes
tc class add dev eth1 parent 1:1 classid 1:11 htb rate 60kbps ceil 250kbps prio 2
tc class add dev eth1 parent 1:1 classid 1:12 htb rate 60kbps ceil 250kbps prio 2
tc class add dev eth1 parent 1:1 classid 1:13 htb rate 60kbps ceil 250kbps prio 2

#p2p class
tc class add dev eth1 parent 1:1 classid 1:14 htb rate 20kbps ceil 250kbps prio 6

#attach sfq on every class
tc qdisc add dev eth1 parent 1:10 handle 20: sfq perturb 10
tc qdisc add dev eth1 parent 1:11 handle 30: sfq perturb 10
tc qdisc add dev eth1 parent 1:12 handle 40: sfq perturb 10
tc qdisc add dev eth1 parent 1:13 handle 50: sfq perturb 10
tc qdisc add dev eth1 parent 1:14 handle 60: sfq perturb 10

#who goes to which class
tc filter add dev eth1 protocol ip parent 1:0 prio 2 u32 match ip src 10.0.0.25 flowid 1:11
tc filter add dev eth1 protocol ip parent 1:0 prio 2 u32 match ip src 10.0.0.20 flowid 1:12
tc filter add dev eth1 protocol ip parent 1:0 prio 2 u32 match ip src 10.0.0.21 flowid 1:13
tc filter add dev eth1 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10 #we want interactive traffic here
tc filter add dev eth1 parent 1: protocol ip prio 6 handle 2 fw flowid 1:14 #we want p2p traffic here

#Sending the TOS-bits to the appropriate classes
iptables -t mangle -A PREROUTING -m tos --tos Minimize-Delay -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -m tos --tos Minimize-Delay -j RETURN
iptables -t mangle -A PREROUTING -m tos --tos Minimize-Cost -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -m tos --tos Minimize-Cost -j RETURN
iptables -t mangle -A PREROUTING -m tos --tos Maximize-Throughput -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -m tos --tos Maximize-Throughput -j RETURN

#Setting TOS-bit 
iptables -t mangle -A PREROUTING -p icmp -j TOS --set-tos Minimize-Delay
iptables -t mangle -A PREROUTING -p icmp -j RETURN
iptables -t mangle -A PREROUTING -p tcp --sport telnet -j TOS --set-tos Minimize-Delay
iptables -t mangle -A PREROUTING -p tcp --dport telnet -j TOS --set-tos Minimize-Delay
iptables -t mangle -A PREROUTING -p tcp --sport telnet -j RETURN
iptables -t mangle -A PREROUTING -p tcp --dport telnet -j RETURN
iptables -t mangle -A PREROUTING -p tcp --sport ssh -j TOS --set-tos Minimize-Delay
iptables -t mangle -A PREROUTING -p tcp --dport ssh -j TOS --set-tos Minimize-Delay
iptables -t mangle -A PREROUTING -p tcp --sport ssh -j RETURN
iptables -t mangle -A PREROUTING -p tcp --dport ssh -j RETURN
iptables -t mangle -A PREROUTING -p tcp --sport ftp -j TOS --set-tos Minimize-Delay
iptables -t mangle -A PREROUTING -p tcp --dport ftp -j TOS --set-tos Maximize-Throughput
iptables -t mangle -A PREROUTING -p tcp --dport ftp -j RETURN
iptables -t mangle -A PREROUTING -p tcp --dport ftp-data -j TOS --set-tos Maximize-Throughput
iptables -t mangle -A PREROUTING -p tcp --sport ftp-data -j TOS --set-tos Maximize-Throughput
iptables -t mangle -A PREROUTING -p tcp --dport ftp-data -j RETURN

# Prioritize packets to begin tcp connections, those with SYN flag set
iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 1
iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
# ----------------------------------------------------------------------------------------------------------------------------------------------------------#

#ipp2p for marking p2p traffic
#Letting ipp2p control tcp connections
iptables -t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -p tcp -m mark ! --mark 0 -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m ipp2p --debug --edk --kazaa --gnu --dc --bit --apple --winmx --soul --ares -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -p tcp -m mark --mark 2 -j CONNMARK --save-mark

#Letting ippp2 controling udp connections
iptables -t mangle -A PREROUTING -p udp -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -p udp -m mark ! --mark 0 -j ACCEPT
iptables -t mangle -A PREROUTING -p udp -m ipp2p --debug --edk --kazaa --gnu --dc --bit --apple --winmx --soul --ares -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -p udp -m mark --mark 2 -j CONNMARK --save-mark

#mark p2p traffic
iptables -t mangle -N MARKED
iptables -t mangle -A POSTROUTING  -m mark --mark 2 -j MARKED
iptables -t mangle -A MARKED -m physdev --physdev-out eth1 -j CLASSIFY --set-class 1:14

Last edited by Dimitris_Papadakis; 02-02-2006 at 10:39 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SuSE 9.2 Internet over LAN to Router bmcgregor3 Linux - Networking 2 01-24-2005 07:53 PM
Can See Router But Not Lan Or Internet shimshai Linux - Networking 2 04-25-2004 09:54 PM
LAN Gaming, with router doesn't work, but can reach the internet GT_Onizuka Linux - Networking 4 02-26-2004 10:08 PM
problem with internet speed within my lan after linux router ilovebytes Linux - Networking 6 02-10-2004 12:41 PM
tell difference between internet / lan (behind a router) yapp Linux - Security 7 10-28-2003 05:37 AM


All times are GMT -5. The time now is 12:22 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration