[ale] I need some help with iptables and cbq

[James Sumners]

HTB doesn't do sharing. Each class will only use the amount of
bandwidth alloted to it. I want classes to give up bandwidth to other
classes when they have bandwidth to spare and the others need it. So,
I know HTB is "easier" but it doesn't fit the job.

I also know of wondershaper. Indeed, the wondershaper script is in the
same directory as those two scripts. But I have a problem with third
party tools/scripts -- I don't like them. I find them difficult to use
because they are not crafted for my exact situation or tastes.

After doing some more testing, I have come to the conclusion that I
need to add rules for eth2 (wireless). I really hadn't thought about
it until I was composing the email. Since I was already half done with
the email I decided to go ahead and get ALE's opinion.

I still don't know why the two lines that are supposed to classify
"other" traffic are not working. And I would still like suggestions on
trimming the ruleset (if possible).

For those curious, my work in these two scripts is based on my
readings of the following articles:
http://www.sigsegv.cx/qos.html
http://iptables-tutorial.frozentux.net/chunkyhtml/index.html
http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO.html
http://www.netfilter.org/documentation/HOWTO//NAT-HOWTO.html
http://lartc.org/howto/lartc.qdisc.classful.html
http://home.regit.org/?page_id=7

On 9/10/06, JK <jknapka at kneuro.net> wrote:
> James Sumners wrote:
>
> > As I wrote last month
> > (http://article.gmane.org/gmane.org.user-groups.ale/46036), I've
> > switched from DSL to cable so that I can drop Bellsouth in favor of
> > Vonage. Yesterday, I finally got my cable connection hooked up and
> > spent the day writing a new firewall for it. My goal is to use class
> > based queueing to give the VoIP connection all the bandwidth it needs
> > for a G.711 encoded phone conversation. So far I have been
> > unsuccessful in this endeavor. I've managed to write the iptables
> > rules to mark all the packets (minus a couple) and masquerade all my
> > LAN connections. I'll be DNATing a couple of ports later.
> >
> > I have a couple questions for those of you on the list who are more
> > knowledgeable about this stuff.
> >
> > 1) Why don't the rules in firewall.sh on lines 73 and 75 mark packets?
> > 2) The machine running this firewall has a wireless card that acts as
> > the WAP for my apartment. Do I need to classify the packets on that
> > interface as well? If I've been trying to test my bandwidth over
> > wireless, would that be why it isn't working as it should be?
> > 3) Do you have any suggestions for improving my rules?
>
> Use HTB instead of CBQ.  HTB is considerably easier to configure
> and almost as capable IIRC (though it's been a while since I've
> messed with my lartc rules).
>
> I started rolling my own tc script, but ended up just using
> Wondershaper http://lartc.org/wondershaper/ and hacking it for my
> configuration, which is this:
>
> eth0: broadband internet link
> eth1: wired LAN
> eth2: wifi net
>
> Basically, Wondershaper lets you simply specify the max upstream
> and downstream bandwidth for each link, and takes care of
> prioritizing interactive traffic and putting bulk data in
> lower-priority queues.  I also hacked mine to allow higher
> bandwidth to specific machines on the wifi segment, so that
> the kids' downloading pr0n doesn't make it impossible for
> me to get work done.
>
> My iptables script is the one from Devil Linux
> http://www.devil-linux.org, hacked up to let SSH through
> to specific machines on the wired LAN. The wifi segment
> is treated as a DMZ. Plus there's the whole World Beard
> and Mustache Championships experience for unrecognized
> MACs on the wifi segment, but that's just a side issue.
>
> -- JK
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>


-- 
James Sumners
http://james.roomfullofmirrors.com/

"All governments suffer a recurring problem: Power attracts
pathological personalities. It is not that power corrupts but that it
is magnetic to the corruptible. Such people have a tendency to become
drunk on violence, a condition to which they are quickly addicted."

Missionaria Protectiva, Text QIV (decto)
CH:D 59