Re: [hlds_linux] iptables settings
--On Monday, April 04, 2005 10:56 PM +0200 Mariusz ZieliÅski
<[EMAIL PROTECTED]> wrote:
ScratchMonkey wrote:
So my rules:
iptables -t mangle -A PREROUTING -p udp -j TOS --set-tos Minimize-Delay
iptables -t mangle -A OUTPUT -p udp -j TOS --set-tos Minimize-Delay
iptables -t mangle -A POSTROUTING -p udp -j TOS --set-tos Minimize-Delay
Why setting same flag three times ? Setting it on OUTPUT table will be
enough because it has meaning only for _other_ routers which may or may
not honour it ("not" is more probable). I suspect that this flag is set
when server creates socket so setting it in iptables is pointless.
As I said, this is what I use on my gateway, as well as my game server. So
I don't need separate scripts for endpoints and routers. If you're not
configuring a gateway, you just need the OUTPUT entry. The other entries
just take up a little bit of memory. Packets don't traverse those chains
unless they're taking the FORWARD path, ie. neither source nor destination
address are this host.
Some game server software sets TOS. I requested in in BF1942 for Linux so I
know it's in there, but I don't know of srcds does this. For programs that
don't, the OUTPUT chain can do it before it hits the traffic control queues.
Playing with traffic control is usable only when you have other network
services. Then sheduling srcds udp packets with highest rank using PRIO
classful queue discipline may prove usefuluseful
Right. If you serve anything else off the box, then giving game packets
priority is useful. I have a single colocated host for my team that
provides several game servers, TeamSpeak, plus web forums, email, and a
file repository. Traffic control is important in this application.
BTW, you might also want to de-prioritize query reply packets, if you can
identify them. Some game software uses a separate port for queries.
Otherwise you'd need some kind of recognizer like the U32 match module. I
haven't tried this, though.
___
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] iptables settings
ScratchMonkey wrote:
So my rules:
iptables -t mangle -A PREROUTING -p udp -j TOS --set-tos Minimize-Delay
iptables -t mangle -A OUTPUT -p udp -j TOS --set-tos Minimize-Delay
iptables -t mangle -A POSTROUTING -p udp -j TOS --set-tos Minimize-Delay
Why setting same flag three times ? Setting it on OUTPUT table will be
enough because it has meaning only for _other_ routers which may or may
not honour it ("not" is more probable). I suspect that this flag is set
when server creates socket so setting it in iptables is pointless.
Playing with traffic control is usable only when you have other network
services. Then sheduling srcds udp packets with highest rank using PRIO
classful queue discipline may prove usefull.
--
Mariusz Zielinski
___
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] iptables settings
--On Monday, April 04, 2005 1:55 PM -0400 [EMAIL PROTECTED] wrote: I saw a website that suggested adding this to your iptables... Any comments? Would this be good? No, because the rules are conflicting and poorly optimized. You can't have more than one TOS value for the same protocol/port/direction. You want Minimize-Delay, not Maximize-Throughput. (The latter is good for bulk traffic like web and FTP, but not on a game server where it would compete with the game traffic.) You only need this on UDP ports, and only on output packets (unless you're on a router), because there's no queues on the inbound path to affect. So use "-A OUTPUT -p udp". You should use either a port range (eg. 27000:27025) or the multiport match module to list the ports in one rule, instead of listing one port per rule. I don't have any UDP traffic on my box that shouldn't benefit from this, so I leave out the port specifier. DNS and TeamSpeak can also benefit from this. So my rules: iptables -t mangle -A PREROUTING -p udp -j TOS --set-tos Minimize-Delay iptables -t mangle -A OUTPUT -p udp -j TOS --set-tos Minimize-Delay iptables -t mangle -A POSTROUTING -p udp -j TOS --set-tos Minimize-Delay (I include it in the forwarding tables because it doesn't cost anything and I can use the same script on all my routers.) You should combine this with "traffic shaping". See the Wondershaper at http://lartc.org/. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
[hlds_linux] iptables settings
I saw a website that suggested adding this to your iptables... Any comments? Would this be good? iptables -A PREROUTING -t mangle -p tcp --dport 27005 -j TOS --set-tos Maximize-Throughput iptables -A PREROUTING -t mangle -p tcp --dport 27010 -j TOS --set-tos Maximize-Throughput iptables -A PREROUTING -t mangle -p tcp --dport 27025 -j TOS --set-tos Maximize-Throughput iptables -A PREROUTING -t mangle -p tcp --sport 27015 -j TOS --set-tos Maximize-Throughput iptables -A PREROUTING -t mangle -p udp --dport 27005 -j TOS --set-tos Maximize-Throughput iptables -A PREROUTING -t mangle -p udp --dport 27010 -j TOS --set-tos Maximize-Throughput iptables -A PREROUTING -t mangle -p udp --dport 27025 -j TOS --set-tos Maximize-Throughput iptables -A PREROUTING -t mangle -p udp --sport 27015 -j TOS --set-tos Maximize-Throughput iptables -A PREROUTING -t mangle -p tcp --dport 27005 -j TOS --set-tos Maximize-Throughput iptables -A PREROUTING -t mangle -p tcp --dport 27010 -j TOS --set-tos Minimize-Delay iptables -A PREROUTING -t mangle -p tcp --dport 27025 -j TOS --set-tos Minimize-Delay iptables -A PREROUTING -t mangle -p tcp --sport 27015 -j TOS --set-tos Minimize-Delay iptables -A PREROUTING -t mangle -p udp --dport 27005 -j TOS --set-tos Minimize-Delay iptables -A PREROUTING -t mangle -p udp --dport 27010 -j TOS --set-tos Minimize-Delay iptables -A PREROUTING -t mangle -p udp --dport 27025 -j TOS --set-tos Minimize-Delay iptables -A PREROUTING -t mangle -p udp --sport 27015 -j TOS --set-tos Minimize-Delay iptables -A PREROUTING -t mangle -p tcp --sport 27005 -j TOS --set-tos Maximize-Throughput iptables -A PREROUTING -t mangle -p tcp --sport 27010 -j TOS --set-tos Maximize-Throughput iptables -A PREROUTING -t mangle -p tcp --sport 27025 -j TOS --set-tos Maximize-Throughput iptables -A PREROUTING -t mangle -p tcp --dport 27015 -j TOS --set-tos Maximize-Throughput iptables -A PREROUTING -t mangle -p udp --sport 27005 -j TOS --set-tos Maximize-Throughput iptables -A PREROUTING -t mangle -p udp --sport 27010 -j TOS --set-tos Maximize-Throughput iptables -A PREROUTING -t mangle -p udp --sport 27025 -j TOS --set-tos Maximize-Throughput iptables -A PREROUTING -t mangle -p udp --dport 27015 -j TOS --set-tos Maximize-Throughput iptables -A PREROUTING -t mangle -p tcp --sport 27005 -j TOS --set-tos Maximize-Throughput iptables -A PREROUTING -t mangle -p tcp --sport 27010 -j TOS --set-tos Minimize-Delay iptables -A PREROUTING -t mangle -p tcp --sport 27025 -j TOS --set-tos Minimize-Delay iptables -A PREROUTING -t mangle -p tcp --dport 27015 -j TOS --set-tos Minimize-Delay iptables -A PREROUTING -t mangle -p udp --sport 27005 -j TOS --set-tos Minimize-Delay iptables -A PREROUTING -t mangle -p udp --sport 27010 -j TOS --set-tos Minimize-Delay iptables -A PREROUTING -t mangle -p udp --sport 27025 -j TOS --set-tos Minimize-Delay iptables -A PREROUTING -t mangle -p udp --dport 27015 -j TOS --set-tos Minimize-Delay ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
