Hi, I want to configure QoS in my shorewall conf but I have a doubt. Now I am using tcrules with prerouting and with the file providers, like this. 2:P 192.168.0.11 0.0.0.0/0 tcp 25 So, with this way I route my smtp traffic with my provider number 2. Well, now I want to configure QoS with tcclasses and tcdevices, but if I do that I need to use the MARK in the tcclasses So, how can I do this and also work with my preroutings rules? Thanks ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
On 10/3/2013 1:32 PM, Nico Pagliaro wrote:> Hi, I want to configure QoS in my shorewall conf but I have a doubt. > Now I am using tcrules with prerouting and with the file providers, like > this. > > 2:P 192.168.0.11 0.0.0.0/0 <http://0.0.0.0/0> tcp 25 >Change your Multi-ISP configuration to use marks that are shifted to the left 8 bits. /etc/shorewall/shorewall.conf: PROVIDER_OFFSET=8 /etc/shorewall/providers: <name> 2 0x200 ... /etc/shorewall/tcrules: 0x200:P 192.168.0.11 - - tcp 25 Now you can mark in FORWARD/POSTROUTING for QOS using mark values 1-255. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
Thanks Toms for your reply. Suppose this example: I have 2 ISP ISP1 ISP2 and my LAN I have traffic that goes through ISP1, like HTTP and streaming with UDP port 8000. So, I need to have both things here, in one hand a rule in tcrules that preroute all my internal traffic to Internet with tcp port 80 with ISP1 and in the hand, I need to have QoS in those packets with udp port 8000 that goes to that ISP1, for example reserve a minimum of 512 kbps upload So, how can I do this? providers: #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS COPY ISP1 1 1 main eth0 xxx.xxx..x.. ISP2 2 2 main eth5 xxx.xxx.x.x.x. tcrules #MARK SOURCE DEST PROTO DEST SOURCE USER TEST LENGTH TOS 1:P 192.168.0.0/24 0.0.0/0 tcp http,https 1:P 192.168.0.0/24 0.0.0.0/0 udp 8000 2:P 192.168.0.0/24 0.0.0.0/0 tcp 20,21,22 I have eth0, eth1 (ISP1), eth2 (ISP2) I am a little confuse how I figure this. thanks On Thu, Oct 3, 2013 at 6:14 PM, Tom Eastep <teastep@shorewall.net> wrote:> On 10/3/2013 1:32 PM, Nico Pagliaro wrote: > > Hi, I want to configure QoS in my shorewall conf but I have a doubt. > > Now I am using tcrules with prerouting and with the file providers, like > > this. > > > > 2:P 192.168.0.11 0.0.0.0/0 <http://0.0.0.0/0> tcp 25 > > > > Change your Multi-ISP configuration to use marks that are shifted to the > left 8 bits. > > /etc/shorewall/shorewall.conf: > > PROVIDER_OFFSET=8 > > /etc/shorewall/providers: > > <name> 2 0x200 ... > > /etc/shorewall/tcrules: > > 0x200:P 192.168.0.11 - - tcp 25 > > Now you can mark in FORWARD/POSTROUTING for QOS using mark values 1-255. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > > ------------------------------------------------------------------------------ > October Webinars: Code for Performance > Free Intel webinars can help you accelerate application performance. > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most > from > the latest Intel processors and coprocessors. See abstracts and register > > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
My shorewall version is 4.5.0.2 and my kernel is 2.6.18 On Fri, Oct 4, 2013 at 4:36 PM, Nico Pagliaro <nicopag@gmail.com> wrote:> Thanks Toms for your reply. > > Suppose this example: > > I have 2 ISP > ISP1 > ISP2 > > and my LAN > I have traffic that goes through ISP1, like HTTP and streaming with UDP > port 8000. > So, I need to have both things here, in one hand a rule in tcrules that > preroute all my internal traffic to Internet with tcp port 80 with ISP1 > and in the hand, I need to have QoS in those packets with udp port 8000 > that goes to that ISP1, for example reserve a minimum of 512 kbps upload > > So, how can I do this? > > providers: > #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY > OPTIONS COPY > ISP1 1 1 main eth0 > xxx.xxx..x.. > ISP2 2 2 main eth5 > xxx.xxx.x.x.x. > > > tcrules > #MARK SOURCE DEST PROTO DEST SOURCE USER > TEST LENGTH TOS > 1:P 192.168.0.0/24 0.0.0/0 tcp http,https > 1:P 192.168.0.0/24 0.0.0.0/0 udp 8000 > > 2:P 192.168.0.0/24 0.0.0.0/0 tcp 20,21,22 > > I have eth0, eth1 (ISP1), eth2 (ISP2) > > > I am a little confuse how I figure this. > thanks > > > > > > On Thu, Oct 3, 2013 at 6:14 PM, Tom Eastep <teastep@shorewall.net> wrote: > >> On 10/3/2013 1:32 PM, Nico Pagliaro wrote: >> > Hi, I want to configure QoS in my shorewall conf but I have a doubt. >> > Now I am using tcrules with prerouting and with the file providers, like >> > this. >> > >> > 2:P 192.168.0.11 0.0.0.0/0 <http://0.0.0.0/0> tcp 25 >> > >> >> Change your Multi-ISP configuration to use marks that are shifted to the >> left 8 bits. >> >> /etc/shorewall/shorewall.conf: >> >> PROVIDER_OFFSET=8 >> >> /etc/shorewall/providers: >> >> <name> 2 0x200 ... >> >> /etc/shorewall/tcrules: >> >> 0x200:P 192.168.0.11 - - tcp 25 >> >> Now you can mark in FORWARD/POSTROUTING for QOS using mark values 1-255. >> >> -Tom >> -- >> Tom Eastep \ When I die, I want to go like my Grandfather who >> Shoreline, \ died peacefully in his sleep. Not screaming like >> Washington, USA \ all of the passengers in his car >> http://shorewall.net \________________________________________________ >> >> >> >> ------------------------------------------------------------------------------ >> October Webinars: Code for Performance >> Free Intel webinars can help you accelerate application performance. >> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most >> from >> the latest Intel processors and coprocessors. See abstracts and register > >> >> http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk >> _______________________________________________ >> Shorewall-users mailing list >> Shorewall-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/shorewall-users >> >> >------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
Tom can you give me a hand here? Thanks On Fri, Oct 4, 2013 at 4:58 PM, Nico Pagliaro <nicopag@gmail.com> wrote:> My shorewall version is 4.5.0.2 and my kernel is 2.6.18 > > > On Fri, Oct 4, 2013 at 4:36 PM, Nico Pagliaro <nicopag@gmail.com> wrote: > >> Thanks Toms for your reply. >> >> Suppose this example: >> >> I have 2 ISP >> ISP1 >> ISP2 >> >> and my LAN >> I have traffic that goes through ISP1, like HTTP and streaming with UDP >> port 8000. >> So, I need to have both things here, in one hand a rule in tcrules that >> preroute all my internal traffic to Internet with tcp port 80 with ISP1 >> and in the hand, I need to have QoS in those packets with udp port 8000 >> that goes to that ISP1, for example reserve a minimum of 512 kbps upload >> >> So, how can I do this? >> >> providers: >> #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY >> OPTIONS COPY >> ISP1 1 1 main eth0 >> xxx.xxx..x.. >> ISP2 2 2 main eth5 >> xxx.xxx.x.x.x. >> >> >> tcrules >> #MARK SOURCE DEST PROTO DEST SOURCE USER >> TEST LENGTH TOS >> 1:P 192.168.0.0/24 0.0.0/0 tcp http,https >> 1:P 192.168.0.0/24 0.0.0.0/0 udp 8000 >> >> 2:P 192.168.0.0/24 0.0.0.0/0 tcp 20,21,22 >> >> I have eth0, eth1 (ISP1), eth2 (ISP2) >> >> >> I am a little confuse how I figure this. >> thanks >> >> >> >> >> >> On Thu, Oct 3, 2013 at 6:14 PM, Tom Eastep <teastep@shorewall.net> wrote: >> >>> On 10/3/2013 1:32 PM, Nico Pagliaro wrote: >>> > Hi, I want to configure QoS in my shorewall conf but I have a doubt. >>> > Now I am using tcrules with prerouting and with the file providers, >>> like >>> > this. >>> > >>> > 2:P 192.168.0.11 0.0.0.0/0 <http://0.0.0.0/0> tcp 25 >>> > >>> >>> Change your Multi-ISP configuration to use marks that are shifted to the >>> left 8 bits. >>> >>> /etc/shorewall/shorewall.conf: >>> >>> PROVIDER_OFFSET=8 >>> >>> /etc/shorewall/providers: >>> >>> <name> 2 0x200 ... >>> >>> /etc/shorewall/tcrules: >>> >>> 0x200:P 192.168.0.11 - - tcp 25 >>> >>> Now you can mark in FORWARD/POSTROUTING for QOS using mark values 1-255. >>> >>> -Tom >>> -- >>> Tom Eastep \ When I die, I want to go like my Grandfather who >>> Shoreline, \ died peacefully in his sleep. Not screaming like >>> Washington, USA \ all of the passengers in his car >>> http://shorewall.net \________________________________________________ >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> October Webinars: Code for Performance >>> Free Intel webinars can help you accelerate application performance. >>> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most >>> from >>> the latest Intel processors and coprocessors. See abstracts and register >>> > >>> >>> http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk >>> _______________________________________________ >>> Shorewall-users mailing list >>> Shorewall-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/shorewall-users >>> >>> >> >------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
On 10/7/2013 9:19 AM, Nico Pagliaro wrote:> Tom can you give me a hand here? > Thanks >Nico, If you have specific questions, I will try to answer them. But I''m not going to create the configuration for you. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
Tom that's the problem, I don't know how to solve this and I don't know if I can do it. Now in my configuration I have only prerouting working great, so the problems comes to my when I need to mix prerouting and forward with the same ISP like the example I wrote. Que question is how I can do this by using both, prerouting and QoS Thanks and sorry about my English. Enviado desde mi iPad> El 07/10/2013, a las 18:53, Tom Eastep <teastep@shorewall.net> escribió: > >> On 10/7/2013 9:19 AM, Nico Pagliaro wrote: >> Tom can you give me a hand here? >> Thanks > > Nico, > > If you have specific questions, I will try to answer them. But I'm not > going to create the configuration for you. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > ------------------------------------------------------------------------------ > October Webinars: Code for Performance > Free Intel webinars can help you accelerate application performance. > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from > the latest Intel processors and coprocessors. See abstracts and register > > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
On 10/7/2013 6:08 PM, Nico Pagliaro wrote:> Tom that''s the problem, I don''t know how to solve this and I don''t know if I can do it.If you don''t try, then it is certain that you will not do it. You *cannot* use PREROUTING marking rules for QOS if you have more than one provider. I recommend that you use POSTROUTING. One more time: Put this in shorewall.conf PROVIDER_OFFSET=8 In your providers file, put this: #NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY ISP1 1 0x100 main eth0 xxx.xxx..x.. ISP2 2 0x200 main eth5 xxx.xxx.x.x.x. Now, configure traffic shaping avoiding any rules in PREROUTING. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk