Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
FairNAT and iptables errors
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Akaihiryuu
l33t
l33t


Joined: 08 May 2003
Posts: 794
Location: Columbus, OH

PostPosted: Sat Jun 16, 2012 10:29 pm    Post subject: FairNAT and iptables errors Reply with quote

Ok, I am trying to set up the FairNAT script on my Linux router. (https://github.com/frostschutz/FairNAT)

I had previously been using Wondershaper which caused me nothing but issues, so I decided to try this. It seems to work (as far as creating classes and such), but I'm getting an odd string of iptables errors when I launch it, and I have no clue what it's trying to tell me:

Code:
triforce ~ # ./fairnat.sh
iptables v1.4.13: host/network `.2' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.2' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.3' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.3' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.4' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.4' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.5' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.5' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.6' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.6' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.7' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.7' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.8' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.8' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.11' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.11' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.12' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.13: host/network `.12' not found
Try `iptables -h' or 'iptables --help' for more information.


Has anyone used this before, or have any idea how I can make it tell me which line in the script is causing it so I can look and see what it's trying to do that's failing?


Last edited by Akaihiryuu on Sat Jun 16, 2012 11:02 pm; edited 1 time in total
Back to top
View user's profile Send private message
Akaihiryuu
l33t
l33t


Joined: 08 May 2003
Posts: 794
Location: Columbus, OH

PostPosted: Sat Jun 16, 2012 10:46 pm    Post subject: Reply with quote

Well, I discovered that I had to put in "br0" as my LAN interface for a lot of the stuff to work, so everything fixed but ONE error now:

Code:
triforce ~ # ./fairnat.sh
iptables v1.4.13: Symbolic name "!" is unknown
Try `iptables -h' or 'iptables --help' for more information.


I found the line that's causing the error and commented it out for now (and everything seems to be working). But I'd like to know what to do to fix it:

BIN_IPT -t mangle -A $FN_ACK_TOS -m tos --tos ! Normal-Service -j RETURN
Back to top
View user's profile Send private message
Akaihiryuu
l33t
l33t


Joined: 08 May 2003
Posts: 794
Location: Columbus, OH

PostPosted: Mon Jun 18, 2012 2:43 am    Post subject: Reply with quote

I THINK I found the problem

$BIN_IPT -t mangle -A $FN_ACK_TOS -m tos --tos ! Normal-Service -j RETURN

I took the ! out, and no more error. Perhaps it was a typo?
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Mon Jun 18, 2012 6:38 am    Post subject: Reply with quote

Akaihiryuu wrote:
I took the ! out, and no more error. Perhaps it was a typo?

The "!" denotes a "not" ... however, it seem like this should be prior to the --tos (so: 'not tos Normal-Service'), can't be certain though ... anyhow, see:

Code:
iptables -m tos -h

HTH & best ...

khay
Back to top
View user's profile Send private message
Akaihiryuu
l33t
l33t


Joined: 08 May 2003
Posts: 794
Location: Columbus, OH

PostPosted: Mon Jun 18, 2012 12:38 pm    Post subject: Reply with quote

khayyam wrote:
Akaihiryuu wrote:
I took the ! out, and no more error. Perhaps it was a typo?

The "!" denotes a "not" ... however, it seem like this should be prior to the --tos (so: 'not tos Normal-Service'), can't be certain though ... anyhow, see:

Code:
iptables -m tos -h

HTH & best ...

khay


Ok, I moved the ! to before the --tos and that is working without an error also.
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Mon Jun 18, 2012 12:57 pm    Post subject: Reply with quote

Akaihiryuu wrote:
Ok, I moved the ! to before the --tos and that is working without an error also.

well, that may work but is it the intention of this particular script, and if it is the intention why was the 'not' after the --tos. The question being, how did it get released with such a syntax. So can you trace what its intent is, and does it work in that regard? I can't say because I have no idea of the scripts intention (or what "Normal-Service" is exactly), but I would be suspicious that it was released without that syntax error being noticed, and that would make me somewhat hesitent to trust in its shaping cababilities.

best ... khay
Back to top
View user's profile Send private message
Akaihiryuu
l33t
l33t


Joined: 08 May 2003
Posts: 794
Location: Columbus, OH

PostPosted: Mon Jun 18, 2012 2:21 pm    Post subject: Reply with quote

khayyam wrote:
Akaihiryuu wrote:
Ok, I moved the ! to before the --tos and that is working without an error also.

well, that may work but is it the intention of this particular script, and if it is the intention why was the 'not' after the --tos. The question being, how did it get released with such a syntax. So can you trace what its intent is, and does it work in that regard? I can't say because I have no idea of the scripts intention (or what "Normal-Service" is exactly), but I would be suspicious that it was released without that syntax error being noticed, and that would make me somewhat hesitent to trust in its shaping cababilities.

best ... khay


Well, that script was made several years ago. I'm thinking that what probably happened is the syntax in iptables may have changed slightly since then. All those iptables commands in there do is set type of service flags, which all the stuff in tc uses to prioritize packets. Reading the line, it is setting stuff in the mangle table, and it looks like the rest of the stuff in that particular table is stuff regarding normal service, so having it return if it is NOT normal service seems logical, from what I can see. It is pretty complicated, but I know iptables has changed since 2002, so that's probably all it is.
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Mon Jun 18, 2012 3:13 pm    Post subject: Reply with quote

Akaihiryuu wrote:
Well, that script was made several years ago. [...] It is pretty complicated, but I know iptables has changed since 2002, so that's probably all it is.

I see ... well, that's probably the case. Really, my question was: does it work as expected. The only way to find out if the 'not' is needed or ... ummm ... not, is try one and run some services with the mind to the specific shape you expect, then reverse the rule and repeat.

I would say that your probably correct in your assumptions about 'Normal-Service', and that 'not tos normal-service' would indeed seem correct, but without running some traffic accross the wire and mesuring your expectations against the results then its kind of a guess.

Anyhow ... I'm sure thats what you have in mind so I'm being superfluious :)

best ... khay
Back to top
View user's profile Send private message
Akaihiryuu
l33t
l33t


Joined: 08 May 2003
Posts: 794
Location: Columbus, OH

PostPosted: Mon Jun 18, 2012 5:06 pm    Post subject: Reply with quote

Unfortunately, I don't know how to test that *specific* rule...this is basically just a fair NAT setup for multiple users, to keep one user from hogging all the bandwidth, but at the same time keeping all the bandwidth available (ie, letting users borrow bandwidth from others when they are not using it). I guess all I can do is...let it run and test it. The tc rules will all work and be the same regardless of that setting...all that does is set optional type of service flags on different packets. The TOS stuff is not required for it to work, but it is supposed to make it work better.

I have seen the author of this script post in here before, but the last time I saw was in 2008. So I guess...I'll just let it run for awhile and see what happens.
Back to top
View user's profile Send private message
frostschutz
Advocate
Advocate


Joined: 22 Feb 2005
Posts: 2977
Location: Germany

PostPosted: Thu Nov 08, 2012 1:50 pm    Post subject: Reply with quote

Akaihiryuu wrote:
Well, that script was made several years ago.


And I'm amazed that people still use it :lol:

! before --tos seems to be the correct solution - it may be that old iptables just understood it the same way the other way around. I think I'd have noticed if it raised a syntax error instead at the time...

And it's unmaintained, I'm sorry to say - I'm not using it myself anymore but the more down-to-earth fairnat_wrt.sh which is more of a template to write your own script, than a script of its own standing...

I'm still using the same shaping idea (one class per user), although I switched from HTB to HFSC some years back.
Back to top
View user's profile Send private message
Akaihiryuu
l33t
l33t


Joined: 08 May 2003
Posts: 794
Location: Columbus, OH

PostPosted: Tue Dec 04, 2012 1:42 am    Post subject: Reply with quote

Sadly, with a recent kernel and iptables update, it seems to have broken again. This time there are so many errors that I don't even know where to begin.

Code:
TC HTB version 3.3
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
Illegal "quantum"

TC HTB version 3.3
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
RTNETLINK answers: No such file or directory
iptables v1.4.16.3: host/network `.7' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.16.3: host/network `.7' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.16.3: host/network `.8' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.16.3: host/network `.8' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.16.3: host/network `.9' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.16.3: host/network `.9' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.16.3: host/network `.10' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.4.16.3: host/network `.10' not found
Try `iptables -h' or 'iptables --help' for more information.


Repeated about 5 times.
Back to top
View user's profile Send private message
frostschutz
Advocate
Advocate


Joined: 22 Feb 2005
Posts: 2977
Location: Germany

PostPosted: Tue Dec 04, 2012 10:50 pm    Post subject: Reply with quote

Change the shebang to read "#!/bin/bash -x" so it will show the actual commands that are causing those errors.
Back to top
View user's profile Send private message
Akaihiryuu
l33t
l33t


Joined: 08 May 2003
Posts: 794
Location: Columbus, OH

PostPosted: Wed Dec 05, 2012 2:06 am    Post subject: Reply with quote

frostschutz wrote:
Change the shebang to read "#!/bin/bash -x" so it will show the actual commands that are causing those errors.


Here goes...it's pretty big.

Code:
+ FAIRNAT_CONFIG=/root/fairnat.config
+ LC_ALL=C
+ LANG=C
+ CONFIG_CALLED=0
+ '[' 0 == 0 ']'
+ configure /root/fairnat.config
+ C_CONFIG_FILE=/root/fairnat.config
++ which tc
+ BIN_TC=/sbin/tc
++ which iptables
+ BIN_IPT=/sbin/iptables
++ which ifconfig
+ BIN_IFC=/bin/ifconfig
++ which grep
+ BIN_GREP=/bin/grep
++ which sed
+ BIN_SED=/bin/sed
++ which echo
+ BIN_ECHO=/bin/echo
++ which modprobe
+ BIN_MODPROBE=/sbin/modprobe
+ FEATURES='PROC MODULES IPT_RESET IPT_NAT IPT_FORWARD QOS_DOWN QOS_UP'
+ DEV_LAN=eth0
+ RATE_LAN=5000
+ USERS='1 2 3'
+ PORTS=
+ CLASS_MODE=default
+ BORROW=1
+ CEIL_USER_UP=0
+ CEIL_USER_DOWN=0
+ DEV_NET=ppp0
+ RATE_UP=128
+ RATE_DOWN=768
+ RATE_SUB_PERCENT=5
+ RATE_LOCAL_PERCENT=5
+ IPP2P_ENABLE=0
+ IPP2P_DROP_ALL=0
+ IPP2P_DROP_MARKED=0
+ IPP2P_OPTIONS='--ipp2p --apple --bit'
+ IPP2P_UDP=0
+ MSS_CLAMPING=0
+ TTL_SET=0
+ HTB_MPU=0
+ HTB_OVERHEAD=0
+ FAIRNAT_PREFIX=FAIRNAT
+ '[' -f /root/fairnat.config ']'
+ source /root/fairnat.config
++ FEATURES='PROC MODULES QOS_DOWN QOS_UP TOS'
++ DEV_LAN=br0
++ RATE_LAN=1000mbit
++ DEV_NET=eth1
++ RATE_UP=1mbit
++ RATE_DOWN=24mbit
++ RATE_SUB_PERCENT=5
++ RATE_LOCAL_PERCENT=5
++ USERS='2:3:4:5:6 7:8:9:10'
++ CLASS_MODE=default
++ BORROW=1
++ MSS_CLAMPING=0
++ TTL_SET=0
++ HTB_MPU=0
++ HTB_OVERHEAD=0
++ FAIRNAT_PREFIX=FAIRNAT
+ for f in '$FEATURES'
+ eval FEATURE_PROC=1
++ FEATURE_PROC=1
+ for f in '$FEATURES'
+ eval FEATURE_MODULES=1
++ FEATURE_MODULES=1
+ for f in '$FEATURES'
+ eval FEATURE_QOS_DOWN=1
++ FEATURE_QOS_DOWN=1
+ for f in '$FEATURES'
+ eval FEATURE_QOS_UP=1
++ FEATURE_QOS_UP=1
+ for f in '$FEATURES'
+ eval FEATURE_TOS=1
++ FEATURE_TOS=1
+ NUM_USERS=($USERS)
+ NUM_USERS=2
+ NUM_PORTS=($PORTS)
+ NUM_PORTS=0
++ /bin/grep 'inet addr'
++ /bin/sed -e 's/^.*inet addr://g' -e 's/ .*$//g'
++ /bin/ifconfig br0
+ DEV_LAN_IP=
++ /bin/echo
++ /bin/sed -e 's/.[0-9]*$//g'
+ DEV_LAN_SUBNET=
++ /bin/grep 'inet addr:'
++ /bin/sed -e 's/^.*inet addr://g' -e 's/ .*$//g'
++ /bin/ifconfig eth1
+ DEV_NET_IP=
++ /bin/ifconfig eth1
++ /bin/grep MTU:
++ /bin/sed -e 's/^.*MTU://g' -e 's/ .*$//g'
+ DEV_NET_MTU=
+ rate 1mbit
+ RATE=0
+ R_RATE=1mbit
++ /bin/echo 1mbit
++ /bin/sed -e 's/[^0-9]//g'
+ R_NUMBER=1
++ /bin/echo 1mbit
++ /bin/sed -e 's/[0-9]//g'
+ R_UNIT=mbit
+ '[' mbit == '' ']'
+ '[' mbit == kbps ']'
+ '[' mbit == mbps ']'
+ '[' mbit == mbit ']'
+ R_RATE=131072
+ RATE=131072
+ RATE_UP=131072
+ RATE_UP=124518
+ rate 24mbit
+ RATE=0
+ R_RATE=24mbit
++ /bin/echo 24mbit
++ /bin/sed -e 's/[^0-9]//g'
+ R_NUMBER=24
++ /bin/echo 24mbit
++ /bin/sed -e 's/[0-9]//g'
+ R_UNIT=mbit
+ '[' mbit == '' ']'
+ '[' mbit == kbps ']'
+ '[' mbit == mbps ']'
+ '[' mbit == mbit ']'
+ R_RATE=3145728
+ RATE=3145728
+ RATE_DOWN=3145728
+ RATE_DOWN=2988441
+ rate 1000mbit
+ RATE=0
+ R_RATE=1000mbit
++ /bin/echo 1000mbit
++ /bin/sed -e 's/[^0-9]//g'
+ R_NUMBER=1000
++ /bin/echo 1000mbit
++ /bin/sed -e 's/[0-9]//g'
+ R_UNIT=mbit
+ '[' mbit == '' ']'
+ '[' mbit == kbps ']'
+ '[' mbit == mbps ']'
+ '[' mbit == mbit ']'
+ R_RATE=131072000
+ RATE=131072000
+ RATE_LAN=131072000
+ RATE_USER_DOWN=1494220
+ RATE_USER_UP=59146
+ RATE_LOCAL_UP=6225
+ '[' 0 == 0 ']'
+ CEIL_USER_UP=124518
+ '[' 0 == 0 ']'
+ CEIL_USER_DOWN=2988441
+ '[' 124518 -lt 59146 ']'
+ '[' 2988441 -lt 1494220 ']'
+ MARK_OFFSET=10
+ '[' 0 '!=' 0 ']'
+ '[' 0 '!=' 0 ']'
+ FN_FORWARD=FAIRNAT_FORWARD
+ FN_PREROUTING=FAIRNAT_PREROUTING
+ FN_POSTROUTING=FAIRNAT_POSTROUTING
+ FN_CHK_TOS=FAIRNAT_CHK_TOS
+ FN_ACK_TOS=FAIRNAT_ACK_TOS
+ FN_IPP2PMARK=FAIRNAT_IPP2PMARK
+ FN_ALL='FAIRNAT_FORWARD FAIRNAT_PREROUTING FAIRNAT_POSTROUTING FAIRNAT_CHK_TOS FAIRNAT_ACK_TOS FAIRNAT_IPP2PMARK'
+ start_fairnat
+ stop_fairnat
+ '[' 1 == 1 ']'
+ /sbin/tc qdisc del dev eth1 root
+ /sbin/tc qdisc del dev eth1 ingress
+ '[' 1 == 1 ']'
+ /sbin/tc qdisc del dev br0 root
+ /sbin/tc qdisc del dev br0 ingress
+ '[' '' == 1 ']'
+ for table in '""' '"-t nat"' '"-t mangle"'
+ for chain in '$FN_ALL'
+ /sbin/iptables -N FAIRNAT_FORWARD
+ /sbin/iptables -F FAIRNAT_FORWARD
+ for chain in '$FN_ALL'
+ /sbin/iptables -N FAIRNAT_PREROUTING
+ /sbin/iptables -F FAIRNAT_PREROUTING
+ for chain in '$FN_ALL'
+ /sbin/iptables -N FAIRNAT_POSTROUTING
+ /sbin/iptables -F FAIRNAT_POSTROUTING
+ for chain in '$FN_ALL'
+ /sbin/iptables -N FAIRNAT_CHK_TOS
+ /sbin/iptables -F FAIRNAT_CHK_TOS
+ for chain in '$FN_ALL'
+ /sbin/iptables -N FAIRNAT_ACK_TOS
+ /sbin/iptables -F FAIRNAT_ACK_TOS
+ for chain in '$FN_ALL'
+ /sbin/iptables -N FAIRNAT_IPP2PMARK
+ /sbin/iptables -F FAIRNAT_IPP2PMARK
+ for table in '""' '"-t nat"' '"-t mangle"'
+ for chain in '$FN_ALL'
+ /sbin/iptables -t nat -N FAIRNAT_FORWARD
+ /sbin/iptables -t nat -F FAIRNAT_FORWARD
+ for chain in '$FN_ALL'
+ /sbin/iptables -t nat -N FAIRNAT_PREROUTING
+ /sbin/iptables -t nat -F FAIRNAT_PREROUTING
+ for chain in '$FN_ALL'
+ /sbin/iptables -t nat -N FAIRNAT_POSTROUTING
+ /sbin/iptables -t nat -F FAIRNAT_POSTROUTING
+ for chain in '$FN_ALL'
+ /sbin/iptables -t nat -N FAIRNAT_CHK_TOS
+ /sbin/iptables -t nat -F FAIRNAT_CHK_TOS
+ for chain in '$FN_ALL'
+ /sbin/iptables -t nat -N FAIRNAT_ACK_TOS
+ /sbin/iptables -t nat -F FAIRNAT_ACK_TOS
+ for chain in '$FN_ALL'
+ /sbin/iptables -t nat -N FAIRNAT_IPP2PMARK
+ /sbin/iptables -t nat -F FAIRNAT_IPP2PMARK
+ for table in '""' '"-t nat"' '"-t mangle"'
+ for chain in '$FN_ALL'
+ /sbin/iptables -t mangle -N FAIRNAT_FORWARD
+ /sbin/iptables -t mangle -F FAIRNAT_FORWARD
+ for chain in '$FN_ALL'
+ /sbin/iptables -t mangle -N FAIRNAT_PREROUTING
+ /sbin/iptables -t mangle -F FAIRNAT_PREROUTING
+ for chain in '$FN_ALL'
+ /sbin/iptables -t mangle -N FAIRNAT_POSTROUTING
+ /sbin/iptables -t mangle -F FAIRNAT_POSTROUTING
+ for chain in '$FN_ALL'
+ /sbin/iptables -t mangle -N FAIRNAT_CHK_TOS
+ /sbin/iptables -t mangle -F FAIRNAT_CHK_TOS
+ for chain in '$FN_ALL'
+ /sbin/iptables -t mangle -N FAIRNAT_ACK_TOS
+ /sbin/iptables -t mangle -F FAIRNAT_ACK_TOS
+ for chain in '$FN_ALL'
+ /sbin/iptables -t mangle -N FAIRNAT_IPP2PMARK
+ /sbin/iptables -t mangle -F FAIRNAT_IPP2PMARK
+ '[' '' == 1 ']'
+ '[' 1 == 1 ']'
+ modules
+ /sbin/modprobe ip_tables
+ /sbin/modprobe ip_conntrack
+ /sbin/modprobe iptable_nat
+ /sbin/modprobe ipt_MASQUERADE
+ /sbin/modprobe iptable_filter
+ /sbin/modprobe ipt_state
+ /sbin/modprobe ipt_limit
+ /sbin/modprobe ip_conntrack_ftp
+ /sbin/modprobe ip_conntrack_irc
+ /sbin/modprobe ip_nat_ftp
+ /sbin/modprobe ip_nat_irc
+ /sbin/modprobe ip_queue
+ /sbin/modprobe sch_api
+ /sbin/modprobe sch_atm
+ /sbin/modprobe sch_cbq
+ /sbin/modprobe sch_csz
+ /sbin/modprobe sch_dsmark
+ /sbin/modprobe sch_fifo
+ /sbin/modprobe sch_generic
+ /sbin/modprobe sch_gred
+ /sbin/modprobe sch_htb
+ /sbin/modprobe sch_ingress
+ /sbin/modprobe sch_sfq
+ /sbin/modprobe sch_red
+ /sbin/modprobe sch_sfq
+ /sbin/modprobe sch_tbf
+ /sbin/modprobe sch_teql
+ '[' 0 == 1 ']'
+ '[' 1 == 1 ']'
+ echo 1
+ iptables
+ '[' 1 == 1 ']'
+ /sbin/iptables -t mangle -A FAIRNAT_PREROUTING -p icmp -j TOS --set-tos Minimize-Delay
+ /sbin/iptables -t mangle -A FAIRNAT_PREROUTING -p tcp --sport telnet -j TOS --set-tos Minimize-Delay
+ /sbin/iptables -t mangle -A FAIRNAT_PREROUTING -p tcp --sport ssh -j TOS --set-tos Minimize-Delay
+ /sbin/iptables -t mangle -A FAIRNAT_PREROUTING -p tcp --sport ftp -j TOS --set-tos Minimize-Delay
+ /sbin/iptables -t mangle -A FAIRNAT_PREROUTING -p tcp --sport ftp-data -j TOS --set-tos Maximize-Throughput
+ /sbin/iptables -t mangle -A FAIRNAT_PREROUTING -p tcp --dport telnet -j TOS --set-tos Minimize-Delay
+ /sbin/iptables -t mangle -A FAIRNAT_PREROUTING -p tcp --dport ssh -j TOS --set-tos Minimize-Delay
+ /sbin/iptables -t mangle -A FAIRNAT_PREROUTING -p tcp --dport ftp -j TOS --set-tos Minimize-Delay
+ /sbin/iptables -t mangle -A FAIRNAT_PREROUTING -p tcp --dport ftp-data -j TOS --set-tos Maximize-Throughput
+ /sbin/iptables -t mangle -A FAIRNAT_CHK_TOS -p tcp -m length --length 0:512 -j RETURN
+ /sbin/iptables -t mangle -A FAIRNAT_CHK_TOS -p udp -m length --length 0:1024 -j RETURN
+ /sbin/iptables -t mangle -A FAIRNAT_CHK_TOS -j TOS --set-tos Maximize-Throughput
+ /sbin/iptables -t mangle -A FAIRNAT_CHK_TOS -j RETURN
+ /sbin/iptables -t mangle -A FAIRNAT_PREROUTING -m tos --tos Minimize-Delay -j FAIRNAT_CHK_TOS
+ /sbin/iptables -t mangle -A FAIRNAT_ACK_TOS -m tos --tos '!' Normal-Service -j RETURN
iptables v1.4.16.3: Symbolic name "!" is unknown
Try `iptables -h' or 'iptables --help' for more information.
+ /sbin/iptables -t mangle -A FAIRNAT_ACK_TOS -p tcp -m length --length 0:256 -j TOS --set-tos Minimize-Delay
+ /sbin/iptables -t mangle -A FAIRNAT_ACK_TOS -p tcp -m length --length 256: -j TOS --set-tos Maximize-Throughput
+ /sbin/iptables -t mangle -A FAIRNAT_ACK_TOS -j RETURN
+ /sbin/iptables -t mangle -A FAIRNAT_PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK ACK -j FAIRNAT_ACK_TOS
+ '[' 0 '!=' 0 ']'
+ '[' 0 '!=' 0 ']'
+ '[' 0 == 1 ']'
+ '[' 1 == 1 ']'
+ parent_class_default eth1 124518 118292 124518 6225 124518
+ PC_DEV=eth1
+ PC_RATE=124518
+ PC_USER_RATE=118292
+ PC_CEIL_USER=124518
+ PC_LOCAL_RATE=6225
+ PC_LOCAL_CEIL=124518
+ /sbin/tc qdisc add dev eth1 root handle 1: htb default 3
+ /sbin/tc class add dev eth1 parent 1: classid 1:2 htb rate 124518bps ceil 124518bps quantum
Command line is not complete. Try option "help"
+ /sbin/tc class add dev eth1 parent 1:2 classid 1:3 htb rate 6225bps ceil 124518bps quantum prio 5
Illegal "quantum"
Usage: ... qdisc add ... htb [default N] [r2q N]
 default  minor id of class to which unclassified packets are sent {0}
 r2q      DRR quantums are computed as rate in Bps/r2q {10}
 debug    string of 16 numbers each 0-3 {0}

... class add ... htb rate R1 [burst B1] [mpu B] [overhead O]
                      [prio P] [slot S] [pslot PS]
                      [ceil R2] [cburst B2] [mtu MTU] [quantum Q]
 rate     rate allocated to this class (class can still borrow)
 burst    max bytes burst which can be accumulated during idle period {computed}
 mpu      minimum packet
 size used in rate computations
 overhead per-packet size overhead used in rate computations
 linklay  adapting to a linklayer e.g. atm
 ceil     definite upper class rate (no borrows) {rate}
 cburst   burst but for ceil {computed}
 mtu      max packet size we create rate map for {1600}
 prio     priority of leaf; lower are served first {0}
 quantum  how much bytes to serve from leaf at once {use r2q}

TC HTB version 3.3
+ /sbin/tc qdisc add dev eth1 parent 1:3 handle 2: prio
RTNETLINK answers: No such file or directory
+ /sbin/tc qdisc add dev eth1 parent 2:1 handle 3: sfq perturb 9
RTNETLINK answers: No such file or directory
+ /sbin/tc qdisc add dev eth1 parent 2:2 handle 4: sfq perturb 10
RTNETLINK answers: No such file or directory
+ /sbin/tc qdisc add dev eth1 parent 2:3 handle 5: sfq perturb 11
RTNETLINK answers: No such file or directory
+ /sbin/tc class add dev eth1 parent 1:2 classid 1:1 htb rate 118292bps ceil 124518bps quantum
Command line is not complete. Try option "help"
+ '[' 1 == 1 ']'
+ parent_class_default br0 131072000 2988440 2988441 128083560 131072000
+ PC_DEV=br0
+ PC_RATE=131072000
+ PC_USER_RATE=2988440
+ PC_CEIL_USER=2988441
+ PC_LOCAL_RATE=128083560
+ PC_LOCAL_CEIL=131072000
+ /sbin/tc qdisc add dev br0 root handle 1: htb default 3
+ /sbin/tc class add dev br0 parent 1: classid 1:2 htb rate 131072000bps ceil 131072000bps quantum
Command line is not complete. Try option "help"
+ /sbin/tc class add dev br0 parent 1:2 classid 1:3 htb rate 128083560bps ceil 131072000bps quantum prio 5
Illegal "quantum"
Usage: ... qdisc add ... htb [default N] [r2q N]
 default  minor id of class to which unclassified packets are sent {0}
 r2q      DRR quantums are computed as rate in Bps/r2q {10}
 debug    string of 16 numbers each 0-3 {0}

... class add ... htb rate R1 [burst B1] [mpu B] [overhead O]
                      [prio P] [slot S] [pslot PS]
                      [ceil R2] [cburst B2] [mtu MTU] [quantum Q]
 rate     rate allocated to this class (class can still borrow)
 burst    max bytes burst which can be accumulated during idle period {computed}
 mpu      minimum packet size used in rate computations
 overhead per-packet size overhead used in rate computations
 linklay  adapting to a linklayer e.g. atm
 ceil     definite upper class rate (no borrows) {rate}
 cburst   burst but for ceil {computed}
 mtu      max packet size we create rate map for {1600}
 prio     priority of leaf; lower are served first {0}
 quantum  how much bytes to serve from leaf at once {use r2q}

TC HTB version 3.3
+ /sbin/tc qdisc add dev br0 parent 1:3 handle 2: prio
RTNETLINK answers: No such file or directory
+ /sbin/tc qdisc add dev br0 parent 2:1 handle 3: sfq perturb 9
RTNETLINK answers: No such file or directory
+ /sbin/tc qdisc add dev br0 parent 2:2 handle 4: sfq perturb 10
RTNETLINK answers: No such file or directory
+ /sbin/tc qdisc add dev br0 parent 2:3 handle 5: sfq perturb 11
RTNETLINK answers: No such file or directory
+ /sbin/tc class add dev br0 parent 1:2 classid 1:1 htb rate 2988440bps ceil 2988441bps quantum
Command line is not complete. Try option "help"
+ MARK=0
+ for user in '$USERS'
++ /bin/echo 2:3:4:5:6
++ /bin/sed -e 's/[^0-9].*//g'
+ MARK=2
+ MARK=20
+ CUSTOM_USER_DOWN=2988441
+ CUSTOM_USER_UP=124518
++ /bin/echo 2:3:4:5:6
++ /bin/sed -e 's/[^@]//g'
+ CUSTOM_TEST=
+ '[' '' '!=' '' ']'
+ '[' 1 == 1 ']'
+ '[' 1 == 1 ']'
+ user_class_default eth1 20 59146 124518
+ UC_DEV=eth1
+ UC_MARK=20
+ UC_RATE=59146
+ UC_CEIL=124518
+ /sbin/tc filter add dev eth1 parent 1: protocol ip handle 20 fw flowid 1:20
+ /sbin/tc class add dev eth1 parent 1:1 classid 1:20 htb rate 59146bps ceil 124518bps quantum
Command line is not complete. Try option "help"
+ '[' 0 == 0 -o 0 == 1 ']'
+ /sbin/tc qdisc add dev eth1 parent 1:20 handle 20: prio
RTNETLINK answers: No such file or directory
+ /sbin/tc qdisc add dev eth1 parent 20:1 handle 21: sfq perturb 9
RTNETLINK answers: No such file or directory
+ /sbin/tc qdisc add dev eth1 parent 20:2 handle 22: sfq perturb 10
RTNETLINK answers: No such file or directory
+ /sbin/tc qdisc add dev eth1 parent 20:3 handle 23: sfq perturb 11
RTNETLINK answers: No such file or directory
+ '[' 1 == 1 ']'
+ user_class_default br0 20 1494220 2988441
+ UC_DEV=br0
+ UC_MARK=20
+ UC_RATE=1494220
+ UC_CEIL=2988441
+ /sbin/tc filter add dev br0 parent 1: protocol ip handle 20 fw flowid 1:20
+ /sbin/tc class add dev br0 parent 1:1 classid 1:20 htb rate 1494220bps ceil 2988441bps quantum
Command line is not complete. Try option "help"
+ '[' 0 == 0 -o 0 == 1 ']'
+ /sbin/tc qdisc add dev br0 parent 1:20 handle 20: prio
RTNETLINK answers: No such file or directory
+ /sbin/tc qdisc add dev br0 parent 20:1 handle 21: sfq perturb 9
RTNETLINK answers: No such file or directory
+ /sbin/tc qdisc add dev br0 parent 20:2 handle 22: sfq perturb 10
RTNETLINK answers: No such file or directory
+ /sbin/tc qdisc add dev br0 parent 20:3 handle 23: sfq perturb 11
RTNETLINK answers: No such file or directory
++ /bin/echo 2:3:4:5:6
++ /bin/sed -e 's/:/ /g' -e 's/[^0-9 ].*//'
+ IP_LIST='2 3 4 5 6'
+ for ip in '$IP_LIST'
+ ip=.2
+ fair_nat .2 20
+ FN_IP=.2
+ '[' '' == 1 ']'
+ '[' 0 == 0 -o 0 == 1 ']'
+ '[' 1 == 1 ']'
+ /sbin/iptables -t mangle -A FAIRNAT_FORWARD -i br0 -o eth1 -s .2 -j MARK --set-mark 20
iptables v1.4.16.3: host/network `.2' not found
Try `iptables -h' or 'iptables --help' for more information.
+ '[' 1 == 1 ']'
+ /sbin/iptables -t mangle -A FAIRNAT_FORWARD -i eth1 -o br0 -d .2 -j MARK --set-mark 20
iptables v1.4.16.3: host/network `.2' not found
Try `iptables -h' or 'iptables --help' for more information.
+ for ip in '$IP_LIST'
+ ip=.3
+ fair_nat .3 20
+ FN_IP=.3
+ '[' '' == 1 ']'
+ '[' 0 == 0 -o 0 == 1 ']'
+ '[' 1 == 1 ']'
+ /sbin/iptables -t mangle -A FAIRNAT_FORWARD -i br0 -o eth1 -s .3 -j MARK --set-mark 20
iptables v1.4.16.3: host/network `.3' not found
Try `iptables -h' or 'iptables --help' for more information.
+ '[' 1 == 1 ']'
+ /sbin/iptables -t mangle -A FAIRNAT_FORWARD -i eth1 -o br0 -d .3 -j MARK --set-mark 20
iptables v1.4.16.3: host/network `.3' not found
Try `iptables -h' or 'iptables --help' for more information.
+ for ip in '$IP_LIST'
+ ip=.4
+ fair_nat .4 20
+ FN_IP=.4
+ '[' '' == 1 ']'
+ '[' 0 == 0 -o 0 == 1 ']'
+ '[' 1 == 1 ']'
+ /sbin/iptables -t mangle -A FAIRNAT_FORWARD -i br0 -o eth1 -s .4 -j MARK --set-mark 20
iptables v1.4.16.3: host/network `.4' not found
Try `iptables -h' or 'iptables --help' for more information.
+ '[' 1 == 1 ']'
+ /sbin/iptables -t mangle -A FAIRNAT_FORWARD -i eth1 -o br0 -d .4 -j MARK --set-mark 20
iptables v1.4.16.3: host/network `.4' not found
Try `iptables -h' or 'iptables --help' for more information.
+ for ip in '$IP_LIST'
+ ip=.5
+ fair_nat .5 20
+ FN_IP=.5
+ '[' '' == 1 ']'
+ '[' 0 == 0 -o 0 == 1 ']'
+ '[' 1 == 1 ']'
+ /sbin/iptables -t mangle -A FAIRNAT_FORWARD -i br0 -o eth1 -s .5 -j MARK --set-mark 20
iptables v1.4.16.3: host/network `.5' not found
Try `iptables -h' or 'iptables --help' for more information.
+ '[' 1 == 1 ']'
+ /sbin/iptables -t mangle -A FAIRNAT_FORWARD -i eth1 -o br0 -d .5 -j MARK --set-mark 20
iptables v1.4.16.3: host/network `.5' not found
Try `iptables -h' or 'iptables --help' for more information.
+ for ip in '$IP_LIST'
+ ip=.6
+ fair_nat .6 20
+ FN_IP=.6
+ '[' '' == 1 ']'
+ '[' 0 == 0 -o 0 == 1 ']'
+ '[' 1 == 1 ']'
+ /sbin/iptables -t mangle -A FAIRNAT_FORWARD -i br0 -o eth1 -s .6 -j MARK --set-mark 20
iptables v1.4.16.3: host/network `.6' not found
Try `iptables -h' or 'iptables --help' for more information.
+ '[' 1 == 1 ']'
+ /sbin/iptables -t mangle -A FAIRNAT_FORWARD -i eth1 -o br0 -d .6 -j MARK --set-mark 20
iptables v1.4.16.3: host/network `.6' not found
Try `iptables -h' or 'iptables --help' for more information.
+ for user in '$USERS'
++ /bin/echo 7:8:9:10
++ /bin/sed -e 's/[^0-9].*//g'
+ MARK=7
+ MARK=70
+ CUSTOM_USER_DOWN=2988441
+ CUSTOM_USER_UP=124518
++ /bin/echo 7:8:9:10
++ /bin/sed -e 's/[^@]//g'
+ CUSTOM_TEST=
+ '[' '' '!=' '' ']'
+ '[' 1 == 1 ']'
+ '[' 1 == 1 ']'
+ user_class_default eth1 70 59146 124518
+ UC_DEV=eth1
+ UC_MARK=70
+ UC_RATE=59146
+ UC_CEIL=124518
+ /sbin/tc filter add dev eth1 parent 1: protocol ip handle 70 fw flowid 1:70
+ /sbin/tc class add dev eth1 parent 1:1 classid 1:70 htb rate 59146bps ceil 124518bps quantum
Command line is not complete. Try option "help"
+ '[' 0 == 0 -o 0 == 1 ']'
+ /sbin/tc qdisc add dev eth1 parent 1:70 handle 70: prio
RTNETLINK answers: No such file or directory
+ /sbin/tc qdisc add dev eth1 parent 70:1 handle 71: sfq perturb 9
RTNETLINK answers: No such file or directory
+ /sbin/tc qdisc add dev eth1 parent 70:2 handle 72: sfq perturb 10
RTNETLINK answers: No such file or directory
+ /sbin/tc qdisc add dev eth1 parent 70:3 handle 73: sfq perturb 11
RTNETLINK answers: No such file or directory
+ '[' 1 == 1 ']'
+ user_class_default br0 70 1494220 2988441
+ UC_DEV=br0
+ UC_MARK=70
+ UC_RATE=1494220
+ UC_CEIL=2988441
+ /sbin/tc filter add dev br0 parent 1: protocol ip handle 70 fw flowid 1:70
+ /sbin/tc class add dev br0 parent 1:1 classid 1:70 htb rate 1494220bps ceil 2988441bps quantum
Command line is not complete. Try option "help"
+ '[' 0 == 0 -o 0 == 1 ']'
+ /sbin/tc qdisc add dev br0 parent 1:70 handle 70: prio
RTNETLINK answers: No such file or directory
+ /sbin/tc qdisc add dev br0 parent 70:1 handle 71: sfq perturb 9
RTNETLINK answers: No such file or directory
+ /sbin/tc qdisc add dev br0 parent 70:2 handle 72: sfq perturb 10
RTNETLINK answers: No such file or directory
+ /sbin/tc qdisc add dev br0 parent 70:3 handle 73: sfq perturb 11
RTNETLINK answers: No such file or directory
++ /bin/echo 7:8:9:10
++ /bin/sed -e 's/:/ /g' -e 's/[^0-9 ].*//'
+ IP_LIST='7 8 9 10'
+ for ip in '$IP_LIST'
+ ip=.7
+ fair_nat .7 70
+ FN_IP=.7
+ '[' '' == 1 ']'
+ '[' 0 == 0 -o 0 == 1 ']'
+ '[' 1 == 1 ']'
+ /sbin/iptables -t mangle -A FAIRNAT_FORWARD -i br0 -o eth1 -s .7 -j
 MARK --set-mark 70
iptables v1.4.16.3: host/network `.7' not found
Try `iptables -h' or 'iptables --help' for more information.
+ '[' 1 == 1 ']'
+ /sbin/iptables -t mangle -A FAIRNAT_FORWARD -i eth1 -o br0 -d .7 -j MARK --set-mark 70
iptables v1.4.16.3: host/network `.7' not found
Try `iptables -h' or 'iptables --help' for more information.
+ for ip in '$IP_LIST'
+ ip=.8
+ fair_nat .8 70
+ FN_IP=.8
+ '[' '' == 1 ']'
+ '[' 0 == 0 -o 0 == 1 ']'
+ '[' 1 == 1 ']'
+ /sbin/iptables -t mangle -A FAIRNAT_FORWARD -i br0 -o eth1 -s .8 -j MARK --set-mark 70
iptables v1.4.16.3: host/network `.8' not found
Try `iptables -h' or 'iptables --help' for more information.
+ '[' 1 == 1 ']'
+ /sbin/iptables -t mangle -A FAIRNAT_FORWARD -i eth1 -o br0 -d .8 -j MARK --set-mark 70
iptables v1.4.16.3: host/network `.8' not found
Try `iptables -h' or 'iptables --help' for more information.
+ for ip in '$IP_LIST'
+ ip=.9
+ fair_nat .9 70
+ FN_IP=.9
+ '[' '' == 1 ']'
+ '[' 0 == 0 -o 0 == 1 ']'
+ '[' 1 == 1 ']'
+ /sbin/iptables -t mangle -A FAIRNAT_FORWARD -i br0 -o eth1 -s .9 -j MARK --set-mark 70
iptables v1.4.16.3: host/network `.9' not found
Try `iptables -h' or 'iptables --help' for more information.
+ '[' 1 == 1 ']'
+ /sbin/iptables -t mangle -A FAIRNAT_FORWARD -i eth1 -o br0 -d .9 -j MARK --set-mark 70
iptables v1.4.16.3: host/network `.9' not found
Try `iptables -h' or 'iptables --help' for more information.
+ for ip in '$IP_LIST'
+ ip=.10
+ fair_nat .10 70
+ FN_IP=.10
+ '[' '' == 1 ']'
+ '[' 0 == 0 -o 0 == 1 ']'
+ '[' 1 == 1 ']'
+ /sbin/iptables -t mangle -A FAIRNAT_FORWARD -i br0 -o eth1 -s .10 -j MARK --set-mark 70
iptables v1.4.16.3: host/network `.10' not found
Try `iptables -h' or 'iptables --help' for more information.
+ '[' 1 == 1 ']'
+ /sbin/iptables -t mangle -A FAIRNAT_FORWARD -i eth1 -o br0 -d .10 -j MARK --set-mark 70
iptables v1.4.16.3: host/network `.10' not found
Try `iptables -h' or 'iptables --help' for more information.
+ '[' '' == 1 ']'
Back to top
View user's profile Send private message
Akaihiryuu
l33t
l33t


Joined: 08 May 2003
Posts: 794
Location: Columbus, OH

PostPosted: Wed Dec 05, 2012 2:11 am    Post subject: Reply with quote

I'm also contemplating replacing that with something much simpler but that still works for my purposes. The main issue I have is, I play online games (mainly WOW and Diablo 3 in that category) where latency is a huge issue. My roommate runs a small MUCK on my server also, and there are occasional torrents. We both try to rate limit upload (my ISP is kind of stupid, giving us almost 24mbit downstream but only 1mbit upstream), but sometimes there is still lag.

Anyway, this is the MUCH simpler thing I came up with. If it doesn't do the trick when there are torrents, I'm thinking about specifically classifying battle.net packets in the high priority queue.

Code:
#!/bin/bash
DEV="eth1"
MANGLE="/sbin/iptables -t mangle"
TC="/sbin/tc"
CEIL=960

${TC} qdisc del dev $DEV root 2> /dev/null > /dev/null
$MANGLE -F PREROUTING

if [ "$1" = "stop" ]
then
        exit
fi

${TC} qdisc add dev $DEV root handle 1: htb default 15
${TC} class add dev $DEV parent 1: classid 1:1 htb rate ${CEIL}kbit ceil ${CEIL}kbit
${TC} class add dev $DEV parent 1:1 classid 1:10 htb rate 320kbit ceil 320kbit prio 0
${TC} class add dev $DEV parent 1:1 classid 1:11 htb rate 320kbit ceil ${CEIL}kbit prio 1
${TC} class add dev $DEV parent 1:1 classid 1:12 htb rate 80kbit ceil ${CEIL}kbit prio 2
${TC} class add dev $DEV parent 1:1 classid 1:13 htb rate 80kbit ceil ${CEIL}kbit prio 2
${TC} class add dev $DEV parent 1:1 classid 1:14 htb rate 40kbit ceil ${CEIL}kbit prio 3
${TC} class add dev $DEV parent 1:1 classid 1:15 htb rate 120kbit ceil ${CEIL}kbit prio 3
${TC} qdisc add dev $DEV parent 1:12 handle 120: sfq perturb 10
${TC} qdisc add dev $DEV parent 1:13 handle 130: sfq perturb 10
${TC} qdisc add dev $DEV parent 1:14 handle 140: sfq perturb 10
${TC} qdisc add dev $DEV parent 1:15 handle 150: sfq perturb 10

${TC} filter add dev $DEV parent 1:0 protocol ip prio 1 handle 1 fw classid 1:10
${TC} filter add dev $DEV parent 1:0 protocol ip prio 2 handle 2 fw classid 1:11
${TC} filter add dev $DEV parent 1:0 protocol ip prio 3 handle 3 fw classid 1:12
${TC} filter add dev $DEV parent 1:0 protocol ip prio 4 handle 4 fw classid 1:13
${TC} filter add dev $DEV parent 1:0 protocol ip prio 5 handle 5 fw classid 1:14
${TC} filter add dev $DEV parent 1:0 protocol ip prio 6 handle 6 fw classid 1:15

${MANGLE} -A PREROUTING -p icmp -j MARK --set-mark 0x1
${MANGLE} -A PREROUTING -p icmp -j RETURN
${MANGLE} -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1
${MANGLE} -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
#${MANGLE} -A PREROUTING -p tcp --dport 1119 -j MARK --set-mark 0x1
#${MANGLE} -A PREROUTING -p tcp --dport 3724 -j MARK --set-mark 0x1
${MANGLE} -A PREROUTING -m tos --tos Minimize-Delay -j MARK --set-mark 0x1
${MANGLE} -A PREROUTING -m tos --tos Minimize-Delay -j RETURN
${MANGLE} -A PREROUTING -m tos --tos Minimize-Cost -j MARK --set-mark 0x5
${MANGLE} -A PREROUTING -m tos --tos Minimize-Cost -j RETURN
${MANGLE} -A PREROUTING -m tos --tos Maximize-Throughput -j MARK --set-mark 0x6
${MANGLE} -A PREROUTING -m tos --tos Maximize-Throughput -j RETURN
${MANGLE} -A PREROUTING -j MARK --set-mark 0x6


I don't have enough experience in QoS to know if this would be as effective as the Fair NAT script, which admittedly is pretty in-depth and a little out of my league. I am currently using this, and it seems to work so far, but I haven't had a chance to test it under extreme conditions.
Back to top
View user's profile Send private message
frostschutz
Advocate
Advocate


Joined: 22 Feb 2005
Posts: 2977
Location: Germany

PostPosted: Wed Dec 05, 2012 11:31 am    Post subject: Reply with quote

Well, there's the --option ! vs. ! --option thing again which you could just change.

The other problems are strange, it seems that the fairnat script fails to initialize some variables correctly for some reason (quantum is empty, and IPs end up with only the last digit). Hard to tell why that's happening. Unless bash changed in an odd way, I'd assume errors in the config file or changes you made to the script.

If you want to write your own script, but want to keep the fairnat idea, you could have a look at the fairnat_wrt.sh script. It's the manual approach where for each user you can write a function which creates qos/iptables rules for that user. It's what I am using on my openwrt router nowadays, or at least similar to it (I switched from htb to hsfc).
Back to top
View user's profile Send private message
Akaihiryuu
l33t
l33t


Joined: 08 May 2003
Posts: 794
Location: Columbus, OH

PostPosted: Wed Dec 05, 2012 2:01 pm    Post subject: Reply with quote

frostschutz wrote:
Well, there's the --option ! vs. ! --option thing again which you could just change.

The other problems are strange, it seems that the fairnat script fails to initialize some variables correctly for some reason (quantum is empty, and IPs end up with only the last digit). Hard to tell why that's happening. Unless bash changed in an odd way, I'd assume errors in the config file or changes you made to the script.

If you want to write your own script, but want to keep the fairnat idea, you could have a look at the fairnat_wrt.sh script. It's the manual approach where for each user you can write a function which creates qos/iptables rules for that user. It's what I am using on my openwrt router nowadays, or at least similar to it (I switched from htb to hsfc).


I actually completely restored the script to default before I did that. And the only change I made previously was the --option ! vs ! --option.
Back to top
View user's profile Send private message
Akaihiryuu
l33t
l33t


Joined: 08 May 2003
Posts: 794
Location: Columbus, OH

PostPosted: Thu Dec 13, 2012 12:51 am    Post subject: Reply with quote

This is what I've come up with (basically trying to roll my own solution and keep it relatively simple rather than have a bunch of complex rules). I decided completely against inbound policing. I have more than sufficient downstream bandwidth...the problem is my ISP gives me a REALLY tiny amount of upstream bandwidth in relation to my downstream. Plus I have really no desire or need to limit download speeds. My main concern is latency for online games, which this seems to be doing a really good job of.

Code:
#!/bin/bash
TC="/sbin/tc"
MGL="/sbin/iptables -t mangle"

DEV="eth1"
UP=960

${MGL} -F PREROUTING
tc qdisc del dev ${DEV} root 2> /dev/null > /dev/null

if [ "$1" = "stop" ]
then
        exit
fi

${TC} qdisc add dev ${DEV} root handle 1: htb default 13
${TC} class add dev ${DEV} parent 1: classid 1:1 htb rate ${UP}kbit ceil ${UP}kbit
${TC} class add dev ${DEV} parent 1:1 classid 1:10 htb rate $(($UP / 4))kbit ceil $(($UP / 4))kbit prio 0
${TC} class add dev ${DEV} parent 1:1 classid 1:11 htb rate $(($UP / 4))kbit ceil ${UP}kbit prio 0
${TC} class add dev ${DEV} parent 1:1 classid 1:12 htb rate $(($UP / 8))kbit ceil ${UP}kbit prio 1
${TC} class add dev ${DEV} parent 1:1 classid 1:13 htb rate $(($UP / 16))kbit ceil ${UP}kbit prio 2
${TC} qdisc add dev ${DEV} parent 1:10 handle 100: sfq perturb 10
${TC} qdisc add dev ${DEV} parent 1:11 handle 110: sfq perturb 10
${TC} qdisc add dev ${DEV} parent 1:12 handle 120: sfq perturb 10
${TC} qdisc add dev ${DEV} parent 1:13 handle 130: sfq perturb 10

${TC} filter add dev ${DEV} parent 1:0 protocol ip prio 1 handle 1 fw classid 1:10
${TC} filter add dev ${DEV} parent 1:0 protocol ip prio 2 handle 2 fw classid 1:11
${TC} filter add dev ${DEV} parent 1:0 protocol ip prio 3 handle 3 fw classid 1:12
${TC} filter add dev ${DEV} parent 1:0 protocol ip prio 4 handle 4 fw classid 1:13

${MGL} -A PREROUTING -p icmp -j MARK --set-mark 0x1
${MGL} -A PREROUTING -p icmp -j RETURN
${MGL} -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j MARK --set-mark 0x1
${MGL} -A PREROUTING -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -j RETURN
${MGL} -A PREROUTING -p tcp --dport 1119 -j MARK --set-mark 0x2
${MGL} -A PREROUTING -p tcp --dport 1119 -j RETURN
${MGL} -A PREROUTING -p tcp --dport 3724 -j MARK --set-mark 0x2
${MGL} -A PREROUTING -p tcp --dport 3724 -j RETURN
${MGL} -A PREROUTING -m tos --tos Minimize-Delay -j MARK --set-mark 0x1
${MGL} -A PREROUTING -m tos --tos Minimize-Delay -j RETURN
${MGL} -A PREROUTING -m tos --tos Minimize-Cost -j MARK --set-mark 0x4
${MGL} -A PREROUTING -m tos --tos Minimize-Cost -j RETURN
${MGL} -A PREROUTING -m tos --tos Maximize-Throughput -j MARK --set-mark 0x3
${MGL} -A PREROUTING -m tos --tos Maximize-Throughput -j RETURN
${MGL} -A PREROUTING -j MARK --set-mark 0x4


One class for SYN/RST/ACK prioritizing that is limited in the bandwidth it can use.
One class specifically for online games (equal in priority to the first class, only without a set bandwidth limit)
One class for max throughput but lower priority
A default class that can use very little upstream bandwidth (due to it being the default class torrents and things like Steam downloads should be placed here)

Any suggestions for improvement are of course welcome. This is my first foray into doing things myself rather than just using a canned script.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum