Puzzled why my scripts don't give me the desired result

[Terry Tse <terry@xxxxxxxxxxxxxxxx>]

I am wondering if someone can examine why my set up does not give me the 
desired result. What I aim to achieve is to make DNS, ICMP, POP3, HTTP, 
SSH, SMTP traffic at a higher priority than FTP serving and Kazza traffic.

However, when the FTP server is busy servicing FTP traffic, web browsing 
traffic has dragged to almost unusable.


Abstract of my iptables script follows:-

# Mark traffic on the firewall machine itself
$IPTABLES -t mangle -A MANGLE_OUTPUT -p 1 -j MARK --set-mark 1
$IPTABLES -t mangle -A MANGLE_OUTPUT -p 6 -m multiport --sport 22,53 -j 
MARK --set-mark 2
$IPTABLES -t mangle -A MANGLE_OUTPUT -p 17 --sport 53 -j MARK --set-mark 2
$IPTABLES -t mangle -A MANGLE_OUTPUT -p 6 -m length --length :64 -j MARK 
--set-mark 1
$IPTABLES -t mangle -A MANGLE_OUTPUT -m mark --mark 0 -j MARK --set-mark 3

# Mark traffic on LAN outgoing traffic through the firewall machine
$IPTABLES -t mangle -A MANGLE_PREROUTING -p 6 -m multiport --sport 22,80 -j 
MARK --set-mark 1
$IPTABLES -t mangle -A MANGLE_PREROUTING -p 6 -m multiport --sport 
25,110,21 -j MARK --set-mark 2
$IPTABLES -t mangle -A MANGLE_PREROUTING -p 6 -m multiport --dport 22,80 -j 
MARK --set-mark 1
$IPTABLES -t mangle -A MANGLE_PREROUTING -p 6 --sport 1214 -j MARK --set-mark 4
$IPTABLES -t mangle -A MANGLE_PREROUTING -p 6 --dport 1214 -j MARK --set-mark 4
$IPTABLES -t mangle -A MANGLE_PREROUTING -p 17 --sport 1214 -j MARK 
--set-mark 4
$IPTABLES -t mangle -A MANGLE_PREROUTING -p 17 --dport 1214 -j MARK 
--set-mark 4
$IPTABLES -t mangle -A MANGLE_PREROUTING -p 6 -m length --length :64 -j 
MARK --set-mark 1
$IPTABLES -t mangle -A MANGLE_PREROUTING -m mark --mark 0 -j MARK --set-mark 3



Abstract of my TC script:-

tc qdisc add $DEV root handle 1: htb default 40

# shape everything at $UPLINK speed - this prevents huge queues in the DSL 
modem that destroy latency
tc class add $DEV parent 1: classid 1:1 htb rate ${UPLINK}kbit ceil 
${UPLINK}kbit burst 12k

# divide traffic into 4 classes with high prio class 1:10:
tc class add $DEV parent 1:1 classid 1:10 htb rate $[UPLINK/2]kbit ceil 
${UPLINK}kbit burst 12k prio 0
tc class add $DEV parent 1:1 classid 1:20 htb rate $[UPLINK/4]kbit ceil 
${UPLINK}kbit burst 12k prio 1
tc class add $DEV parent 1:1 classid 1:30 htb rate $[UPLINK/6]kbit ceil 
${UPLINK}kbit burst 12k prio 2
tc class add $DEV parent 1:1 classid 1:40 htb rate $[UPLINK/12]kbit ceil 
${UPLINK}kbit burst 12k prio 3

# both get Stochastic Fairness
tc qdisc add $DEV parent 1:10 handle 10: sfq perturb 10
tc qdisc add $DEV parent 1:20 handle 20: sfq perturb 10
tc qdisc add $DEV parent 1:30 handle 30: sfq perturb 10
tc qdisc add $DEV parent 1:40 handle 40: sfq perturb 10

tc filter add $DEV parent 1:0 prio 0 protocol ip handle 1 fw flowid 1:10
tc filter add $DEV parent 1:0 prio 0 protocol ip handle 2 fw flowid 1:20
tc filter add $DEV parent 1:0 prio 0 protocol ip handle 3 fw flowid 1:30
tc filter add $DEV parent 1:0 prio 0 protocol ip handle 4 fw flowid 1:40


_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/