www.zeroshell.org

[amandler]

ETH00 is WAN interface with public IPs and net balancing.
ETH01 is LAN with local subnet
Want to very simply throttle upload and download speeds with QOS for a single IP address on the LAN side, 192.168.1.1

Created two rules in Classifier
MARK all opt -- in * out ETH01 0.0.0.0/0 -> 192.168.1.1 MARK set 0xf
to put 192.168.1.1 traffic going out LAN port in the slow queue
and
ETH00 MARK all opt -- in * out ETH00 192.168.1.1 -> 0.0.0.0/0 MARK set 0x10
to put 192.168.1.1 traffic going out WAN port in its slow queue.

Whichever rule I put as Seq 1 works (traffic starts flowing down queue), while the other doesn't (no traffic in that queue).

Is this due to the issue wth net balance vs. qos that I have seen referenced in this forum?

Thanks.

[ppalias]

I think your second rule is wrong. When packets go out of the WAN interface NAT has been applied so the source address no longer is 192.168.1.1. Better match incoming interface and source IP only. If you want to shape something you will have to do it when traffic goes from the high speed interface to the slow. There is no point shaping from the WAN to LAN.

[amandler]

Are you suggesting that if I have a symmetric WAN connection, say 3 Mbps up and down, and I want to place some users in a queue that limits their upload speed to 512K, that I cannot do it with a rule on the WAN port?

[ppalias]

I'm saying the opposite. You can shape the upload. What there is no point in doing is shaping the download, cause the packets have already arrived to you and there is no point dropping them and forcing your peer to retransmit them.

[amandler]

I understand what you're saying, now, but in terms of the end user experience, there is a point in queuing some incoming packets on the router. In this case, there are many users at a camp, and the office and admin needs have to be prioritized over the campers' Facebook browsing. By putting all the campers in a 1 Mbps. incoming queue, the 3 Mbps. pipe does not get bogged down for other users. At least, that's how it appears to work. Obviously, putting all traffic in a throttled queue would be pointless.

[ppalias]

Then you need to shape all these to the uplink and allow them a fragment of bandwdth that will be enough according to you. Also instead of shaping you can simply police and thus limit the bandwidth.

[amandler]

If you have a moment, I would love to hear more specifically what you mean by "police" and how that would be done.

Thanks.

[AtroposX]

I got a simple QoS bridge setup.

ETH02: WAN
ETH03: LAN

Make your bridge

Make your classes as needed, say 1meg, 768k, etc. in the class manager.

In the QoS interface manager, add the "upload" speed, say the 768k, to the ETH02, and the "download" of 1meg, to the ETH03 interface, save and activate at the top.

Go to the QoS classifier, new, add a "Download" rule that is src=blank, and dest= the host ip, or subnet, then choose the target class of the 1meg.

Then make a new rule, in reverse, for the "upload". src=the host ip/subnet, and dest=blank, and choose the 768k target class.

Then choose save at the top.

Or you can create just one class called, say 5meg, and add it to both the ETH02 and ETH03, then create the same rules, but point towards the same 5meg class on both rules. If using a subnet, then this entire subnet will share an symmetric 5meg service. Fun stuff.

I don't have net balancing though, just a basic bridge, not sure if that matters.

[amandler]

Thanks AtroposX, I have several zeroshell routers with similar setups and all works great. This is the only one using net balancing, and it seems to interfere with the QOS functionality.

[AtroposX]

you could try Atheling's patch:
http://www.zeroshell.net/eng/forum/viewtopic.php?t=2214

http://www.zeroshell.net/eng/forum/viewtopic.php?t=2125

or perhaps when the next release, comes out, it should/may have the patch already applied?