- This topic is empty.
-
Posts
-
I have ZS 2.0RC3 installed on old asus notebook used as home router.
It has two ethernet interfaces: WAN and LAN.
I tried to setup QoS with l7-filter but unfortunatelly it does not work.Look at iptables mangle table – only original iptables rules (direct ip/port) works:
Chain QoS (1 references)
pkts bytes target prot opt in out source destination
957K 693M MARK all -- * * 0.0.0.0/0 0.0.0.0/0 MARK and 0x0
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto bittorrent MARK set 0xc
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto edonkey MARK set 0xc
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto fasttrack MARK set 0xc
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto gnutella MARK set 0xc
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto directconnect MARK set 0xc
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto sip MARK set 0xb
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto rtp MARK set 0xb
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto rtsp MARK set 0xb
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto skypetoskype MARK set 0xb
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto skypeout MARK set 0xb
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto h323 MARK set 0xb
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
201 50280 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:22 MARK set 0xd
201 50280 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
0 0 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 MARK set 0xd
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
0 0 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:23 MARK set 0xd
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
0 0 MARK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:23 MARK set 0xd
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto ftp MARK set 0xe
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
6 3536 MARK all -- * * 77.72.169.0/24 0.0.0.0/0 MARK set 0xb
6 3536 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
5 3557 MARK all -- * * 0.0.0.0/0 77.72.169.0/24 MARK set 0xb
5 3557 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
850 170K MARK all -- * * 77.72.168.0/24 0.0.0.0/0 MARK set 0xb
850 170K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
917 183K MARK all -- * * 0.0.0.0/0 77.72.168.0/24 MARK set 0xb
917 183K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 mark match ! 0x0
As a minimum at this moment I have high utorrent (bittorrent) and little voip (sip/rtp) traffic. But only voip traffic was caught by usual src/dst ip address rule.
LAYER7 rules does not work.I have the same problem.
When I worked at Zeroshell 1.16beta QoS+ L7 work perfect.
Properly recognize all the packages (SIP, RTP, HTTP).After installing 2.0RC2 and 2.0RC3 (2.0RC1 caused Kernell error) QoS does not work properly with the L7.
Zeroshell works as the main router.
WAN<
Zeroshell(NAT,DHCP,VLAN)
>LANThe Bug still exists on 3.0.0. See https://www.zeroshell.org/forum/viewtopic.php?t=4299.
None of the L7 filters I tested work in bridge and router mode. The other filters work fine.
I couldn’t try version 1.16 because it didn’t boot on my Zotac Nano.
QoS on 1.16beta works perfect.
ZS1.16beta – Kernel 2.6.25.20
ZS2.0RC2 – Kernel 3.4.19-ZS
ZS3.0 Kernel 3.4.75-ZSOfficialy last version l7-filter work with kernel 2.6.35
http://l7-filter.clearfoundation.com/#october_8_2013
Perhaps it is a problem?
- You must be logged in to reply to this topic.