[adsl-qos] Problems with dsl_qos_queue
Jesper S. Jensen
elector2k4 at elector.dk
Thu Nov 18 01:16:00 PST 2004
The last couple of months I've been using dsl_qos_queue without any
problems, but the other day it started working (or rather not working)
as if it wasn't even active.
Whenever I max out the outgoing bandwidth, eg. users downloading from my
FTP server, or myself uploading something to the outside world/internet.
I can't quite find out what might have gone wrong, I havn't really done
anything to the scripts, all I have done is some software updates
(running Debian's Testing/Sarge using apt-get upgrade).
I've tried changing the queue to a absolut minimum, but that didn't
help. I also tried to lower the "caprate" value, but nothing works there
either.
I've attached my script, and I hope that you guys have some good ideas,
about what might be wrong.
-------------- next part --------------
#!/bin/bash
EX_ETH=eth0 # External Interface
IN_ETH=eth1 # Local Interface
#stop forwarding while resetting
echo 0 > /proc/sys/net/ipv4/ip_forward
#Flush all rules before start
iptables -F INPUT
iptables -F FORWARD
iptables -t nat -F PREROUTING
iptables -t nat -F
#---------- QoS START ----------
# Reset everything to a known state (cleared)
iptables -t mangle -D POSTROUTING -o $EX_ETH -j MYSHAPER-OUT 2> /dev/null > /dev/null
iptables -t mangle -F MYSHAPER-OUT 2> /dev/null > /dev/null
iptables -t mangle -X MYSHAPER-OUT 2> /dev/null > /dev/null
iptables -t mangle -N MYSHAPER-OUT
iptables -t mangle -I POSTROUTING -o $EX_ETH -j MYSHAPER-OUT
# add fwmark entries to classify different types of traffic - Set fwmark from 20-26 according to desired class. 20 is highest prio.
iptables -t mangle -A MYSHAPER-OUT -p icmp -j MARK --set-mark 22 # ICMP (ping) - high prio, impress friends
iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 0:1024 -j MARK --set-mark 23 # Default for low port traffic
iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 0:1024 -j MARK --set-mark 23 # ""
iptables -t mangle -A MYSHAPER-OUT -p tcp --sport 8911:9000 -j MARK --set-mark 24 # ftp data
iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 5190 -j MARK --set-mark 22 # aol instant messenger
iptables -t mangle -A MYSHAPER-OUT -p udp --dport 123 -j MARK --set-mark 20 # NTP should be low-lag
iptables -t mangle -A MYSHAPER-OUT -p udp --dport 53 -j MARK --set-mark 21 # DNS name resolution (small packets)
iptables -t mangle -A MYSHAPER-OUT -p tcp --dport ssh -j MARK --set-mark 22 # secure shell
iptables -t mangle -A MYSHAPER-OUT -p tcp -m length --length :64 -j MARK --set-mark 23 # small packets (probably just ACKs)
iptables -t mangle -A MYSHAPER-OUT -m mark --mark 0 -j MARK --set-mark 26 # redundant- mark any unmarked packets as 26 (low priority)
#---------- QoS END ----------
#---------- Firewall permits START ----------
iptables -A INPUT -i $EX_ETH -p icmp -j ACCEPT
#ident lookup
iptables -A INPUT -i $EX_ETH -p tcp --dport 113 -j ACCEPT
#ftpd
iptables -A INPUT -i $EX_ETH -p tcp --dport 8910:9000 -j ACCEPT
# Any other packets must be dropped.
iptables -A INPUT -i $EX_ETH -m state --state NEW,INVALID -j LOG --log-prefix "iptables_drop "
iptables -A INPUT -i $EX_ETH -m state --state NEW,INVALID -j DROP
#---------- Firewall permits END ----------
iptables -t nat -A POSTROUTING -o $EX_ETH -j MASQUERADE
#dirty kill - dsl_qos_queue
killall dsl_qos_queue
/usr/sbin/dsl_qos_queue -d -r 67000
# Turn on IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward
More information about the adsl-qos
mailing list