thr3ads.net - LARTC - Linux Gateway Qos_2 interfaces (1 lan and 1 internet) problem [Feb 2006]

If this information is useful, please help other people find it:
Share via:
Papadakis Dimitrios
2006-Feb-02 14:18 UTC
Linux Gateway Qos_2 interfaces (1 lan and 1 internet) problem

Hello...I have a Slackware based machine doing routing & QoS for my internal
LAN users...
It has two interfaces: eth1(100mbps) that connects to the aDSL modem(USR 9105)
and eth0(100mbps) that connects to my local LAN...
I''am using shorewall as a firewall...i think it''s configured
well as it''s working as i want and i pass all the online firewall
tests... :D

All lan users can use the masqueraded internet connection...
Now,i made a Qos script using htb and sfq and created 5 classes: 1 for
interactive traffic,1 for bulk and p2p traffic and 3 that have equal bandwidth
for my 3 lan users...

Now my problem is that the traffic from 10.0.0.25 doesn''t go to class
1:11 as i want..the same happens with 10.0.0.21 and 10.0.0.20
When i see tc statistics for the classes,traffic flows to 1:10,1:14 except the
users classes (1:11,1:12,1:13) beeing idle all the time
Happily ssh goes into interactive class but icmp doesn''t go into
interactive class...those things i''ve managed to test for now....

This is the first major problem...i don''t know now if ipp2p works...

misc information
-----------------
Slackware 10.2
tc utility, iproute2-ss050330
kernel 2.6.15 vanilla
iptables v1.3.3
aDSL 1024/256 

What am i doing wrong?

Here is the script i use:
--------------------------------------------------------------------
#!/bin/bash
# clean existing down- and uplink qdiscs, hide errors
tc qdisc del dev eth1 root    2> /dev/null > /dev/null
tc qdisc del dev eth1 ingress 2> /dev/null > /dev/null

#Create a mangle array
iptables -t mangle -F

#MSS Clamping discovery
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS 
--clamp-mss-to-pmtu

#------------------------------------ Klasseis
-----------------------------------------------#
#Create classes
# root class
tc qdisc add dev eth1 root handle 1: htb default 14

tc class add dev eth1 parent 1: classid 1:1 htb rate 250kbps ceil 250kbps

#interactive class
tc class add dev eth1 parent 1:1 classid 1:10 htb rate 50kbps ceil 250kbps prio
1

#users classes
tc class add dev eth1 parent 1:1 classid 1:11 htb rate 60kbps ceil 250kbps prio
2
tc class add dev eth1 parent 1:1 classid 1:12 htb rate 60kbps ceil 250kbps prio
2
tc class add dev eth1 parent 1:1 classid 1:13 htb rate 60kbps ceil 250kbps prio
2

#p2p class
tc class add dev eth1 parent 1:1 classid 1:14 htb rate 20kbps ceil 250kbps prio
6

#attach sfq on every class
tc qdisc add dev eth1 parent 1:10 handle 20: sfq perturb 10
tc qdisc add dev eth1 parent 1:11 handle 30: sfq perturb 10
tc qdisc add dev eth1 parent 1:12 handle 40: sfq perturb 10
tc qdisc add dev eth1 parent 1:13 handle 50: sfq perturb 10
tc qdisc add dev eth1 parent 1:14 handle 60: sfq perturb 10

#who goes to which class
tc filter add dev eth1 protocol ip parent 1:0 prio 2 u32 match ip src 10.0.0.25
flowid 1:11
tc filter add dev eth1 protocol ip parent 1:0 prio 2 u32 match ip src 10.0.0.20
flowid 1:12
tc filter add dev eth1 protocol ip parent 1:0 prio 2 u32 match ip src 10.0.0.21
flowid 1:13
tc filter add dev eth1 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10 #we
want interactive traffic here
tc filter add dev eth1 parent 1: protocol ip prio 6 handle 2 fw flowid 1:14 #we
want p2p traffic here

#Sending the TOS-bits to the appropriate classes
iptables -t mangle -A PREROUTING -m tos --tos Minimize-Delay -j MARK --set-mark
1
iptables -t mangle -A PREROUTING -m tos --tos Minimize-Delay -j RETURN
iptables -t mangle -A PREROUTING -m tos --tos Minimize-Cost -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -m tos --tos Minimize-Cost -j RETURN
iptables -t mangle -A PREROUTING -m tos --tos Maximize-Throughput -j MARK
--set-mark 2
iptables -t mangle -A PREROUTING -m tos --tos Maximize-Throughput -j RETURN

#Setting TOS-bit 
iptables -t mangle -A PREROUTING -p icmp -j TOS --set-tos Minimize-Delay
iptables -t mangle -A PREROUTING -p icmp -j RETURN
iptables -t mangle -A PREROUTING -p tcp --sport telnet -j TOS --set-tos
Minimize-Delay
iptables -t mangle -A PREROUTING -p tcp --dport telnet -j TOS --set-tos
Minimize-Delay
iptables -t mangle -A PREROUTING -p tcp --sport telnet -j RETURN
iptables -t mangle -A PREROUTING -p tcp --dport telnet -j RETURN
iptables -t mangle -A PREROUTING -p tcp --sport ssh -j TOS --set-tos
Minimize-Delay
iptables -t mangle -A PREROUTING -p tcp --dport ssh -j TOS --set-tos
Minimize-Delay
iptables -t mangle -A PREROUTING -p tcp --sport ssh -j RETURN
iptables -t mangle -A PREROUTING -p tcp --dport ssh -j RETURN
iptables -t mangle -A PREROUTING -p tcp --sport ftp -j TOS --set-tos
Minimize-Delay
iptables -t mangle -A PREROUTING -p tcp --dport ftp -j TOS --set-tos
Maximize-Throughput
iptables -t mangle -A PREROUTING -p tcp --dport ftp -j RETURN
iptables -t mangle -A PREROUTING -p tcp --dport ftp-data -j TOS --set-tos
Maximize-Throughput
iptables -t mangle -A PREROUTING -p tcp --sport ftp-data -j TOS --set-tos
Maximize-Throughput
iptables -t mangle -A PREROUTING -p tcp --dport ftp-data -j RETURN

# Prioritize packets to begin tcp connections, those with SYN flag set
iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j
MARK --set-mark 1
iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j
RETURN
#
----------------------------------------------------------------------------------------------------------------------------------------------------------#

#ipp2p for marking p2p traffic
#Letting ipp2p control tcp connections
iptables -t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -p tcp -m mark ! --mark 0 -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m ipp2p --debug --edk --kazaa --gnu
--dc --bit --apple --winmx --soul --ares -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -p tcp -m mark --mark 2 -j CONNMARK --save-mark

#Letting ippp2 controling udp connections
iptables -t mangle -A PREROUTING -p udp -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -p udp -m mark ! --mark 0 -j ACCEPT
iptables -t mangle -A PREROUTING -p udp -m ipp2p --debug --edk --kazaa --gnu
--dc --bit --apple --winmx --soul --ares -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -p udp -m mark --mark 2 -j CONNMARK --save-mark

#mark p2p traffic
iptables -t mangle -N MARKED
iptables -t mangle -A POSTROUTING  -m mark --mark 2 -j MARKED
iptables -t mangle -A MARKED -m physdev --physdev-out eth1 -j CLASSIFY
--set-class 1:14
------------------------------------------------------------------------------------------------



_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Apparently Analagous Threads

Search for more maybe matching threads
LARTC - Feb 2006 - Linux Gateway Qos_2 interfaces (1 lan and 1 internet) problem

Linux Gateway Qos_2 interfaces (1 lan and 1 internet) problem

Apparently Analagous Threads

Wisdom of the Ancients
