Linux Gateway Qos_2 interfaces (1 lan and 1 internet) problem

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Title: Linux Gateway Qos_2 interfaces (1 lan and 1 internet) problem

Hello...I have a Slackware based machine doing routing & QoS for my internal LAN users...
It has two interfaces: eth1(100mbps) that connects to the aDSL modem(USR 9105) and eth0(100mbps) that connects to my local LAN...
I'am using shorewall as a firewall...i think it's configured well as it's working as i want and i pass all the online firewall tests... :D

All lan users can use the masqueraded internet connection...
Now,i made a Qos script using htb and sfq and created 5 classes: 1 for interactive traffic,1 for bulk and p2p traffic and 3 that have equal bandwidth for my 3 lan users...

Now my problem is that the traffic from 10.0.0.25 doesn't go to class 1:11 as i want..the same happens with 10.0.0.21 and 10.0.0.20
When i see tc statistics for the classes,traffic flows to 1:10,1:14 except the users classes (1:11,1:12,1:13) beeing idle all the time
Happily ssh goes into interactive class but icmp doesn't go into interactive class...those things i've managed to test for now....

This is the first major problem...i don't know now if ipp2p works...

misc information
-----------------
Slackware 10.2
tc utility, iproute2-ss050330
kernel 2.6.15 vanilla
iptables v1.3.3
aDSL 1024/256

What am i doing wrong?

Here is the script i use:
--------------------------------------------------------------------
#!/bin/bash
# clean existing down- and uplink qdiscs, hide errors
tc qdisc del dev eth1 root    2> /dev/null > /dev/null
tc qdisc del dev eth1 ingress 2> /dev/null > /dev/null

#Create a mangle array
iptables -t mangle -F

#MSS Clamping discovery
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS  --clamp-mss-to-pmtu

#------------------------------------ Klasseis -----------------------------------------------#
#Create classes
# root class
tc qdisc add dev eth1 root handle 1: htb default 14

tc class add dev eth1 parent 1: classid 1:1 htb rate 250kbps ceil 250kbps

#interactive class
tc class add dev eth1 parent 1:1 classid 1:10 htb rate 50kbps ceil 250kbps prio 1

#users classes
tc class add dev eth1 parent 1:1 classid 1:11 htb rate 60kbps ceil 250kbps prio 2
tc class add dev eth1 parent 1:1 classid 1:12 htb rate 60kbps ceil 250kbps prio 2
tc class add dev eth1 parent 1:1 classid 1:13 htb rate 60kbps ceil 250kbps prio 2

#p2p class
tc class add dev eth1 parent 1:1 classid 1:14 htb rate 20kbps ceil 250kbps prio 6

#attach sfq on every class
tc qdisc add dev eth1 parent 1:10 handle 20: sfq perturb 10
tc qdisc add dev eth1 parent 1:11 handle 30: sfq perturb 10
tc qdisc add dev eth1 parent 1:12 handle 40: sfq perturb 10
tc qdisc add dev eth1 parent 1:13 handle 50: sfq perturb 10
tc qdisc add dev eth1 parent 1:14 handle 60: sfq perturb 10

#who goes to which class
tc filter add dev eth1 protocol ip parent 1:0 prio 2 u32 match ip src 10.0.0.25 flowid 1:11
tc filter add dev eth1 protocol ip parent 1:0 prio 2 u32 match ip src 10.0.0.20 flowid 1:12
tc filter add dev eth1 protocol ip parent 1:0 prio 2 u32 match ip src 10.0.0.21 flowid 1:13
tc filter add dev eth1 parent 1: protocol ip prio 1 handle 1 fw flowid 1:10 #we want interactive traffic here
tc filter add dev eth1 parent 1: protocol ip prio 6 handle 2 fw flowid 1:14 #we want p2p traffic here

#Sending the TOS-bits to the appropriate classes
iptables -t mangle -A PREROUTING -m tos --tos Minimize-Delay -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -m tos --tos Minimize-Delay -j RETURN
iptables -t mangle -A PREROUTING -m tos --tos Minimize-Cost -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -m tos --tos Minimize-Cost -j RETURN
iptables -t mangle -A PREROUTING -m tos --tos Maximize-Throughput -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -m tos --tos Maximize-Throughput -j RETURN

#Setting TOS-bit
iptables -t mangle -A PREROUTING -p icmp -j TOS --set-tos Minimize-Delay
iptables -t mangle -A PREROUTING -p icmp -j RETURN
iptables -t mangle -A PREROUTING -p tcp --sport telnet -j TOS --set-tos Minimize-Delay
iptables -t mangle -A PREROUTING -p tcp --dport telnet -j TOS --set-tos Minimize-Delay
iptables -t mangle -A PREROUTING -p tcp --sport telnet -j RETURN
iptables -t mangle -A PREROUTING -p tcp --dport telnet -j RETURN
iptables -t mangle -A PREROUTING -p tcp --sport ssh -j TOS --set-tos Minimize-Delay
iptables -t mangle -A PREROUTING -p tcp --dport ssh -j TOS --set-tos Minimize-Delay
iptables -t mangle -A PREROUTING -p tcp --sport ssh -j RETURN
iptables -t mangle -A PREROUTING -p tcp --dport ssh -j RETURN
iptables -t mangle -A PREROUTING -p tcp --sport ftp -j TOS --set-tos Minimize-Delay
iptables -t mangle -A PREROUTING -p tcp --dport ftp -j TOS --set-tos Maximize-Throughput
iptables -t mangle -A PREROUTING -p tcp --dport ftp -j RETURN
iptables -t mangle -A PREROUTING -p tcp --dport ftp-data -j TOS --set-tos Maximize-Throughput
iptables -t mangle -A PREROUTING -p tcp --sport ftp-data -j TOS --set-tos Maximize-Throughput
iptables -t mangle -A PREROUTING -p tcp --dport ftp-data -j RETURN

# Prioritize packets to begin tcp connections, those with SYN flag set
iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 1
iptables -t mangle -I PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
# ----------------------------------------------------------------------------------------------------------------------------------------------------------#

#ipp2p for marking p2p traffic
#Letting ipp2p control tcp connections
iptables -t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -p tcp -m mark ! --mark 0 -j ACCEPT
iptables -t mangle -A PREROUTING -p tcp -m ipp2p --debug --edk --kazaa --gnu --dc --bit --apple --winmx --soul --ares -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -p tcp -m mark --mark 2 -j CONNMARK --save-mark

#Letting ippp2 controling udp connections
iptables -t mangle -A PREROUTING -p udp -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -p udp -m mark ! --mark 0 -j ACCEPT
iptables -t mangle -A PREROUTING -p udp -m ipp2p --debug --edk --kazaa --gnu --dc --bit --apple --winmx --soul --ares -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -p udp -m mark --mark 2 -j CONNMARK --save-mark

#mark p2p traffic
iptables -t mangle -N MARKED
iptables -t mangle -A POSTROUTING  -m mark --mark 2 -j MARKED
iptables -t mangle -A MARKED -m physdev --physdev-out eth1 -j CLASSIFY --set-class 1:14
------------------------------------------------------------------------------------------------

 

_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux