On 8/22/2014 7:50 AM, PGNd wrote:
>
>
> On Fri, Aug 22, 2014, at 07:42 AM, Tom Eastep wrote:
>> ... if you populate the mangle table in the tcstart script, then
>> iptables-restore will replace your rules.
>
> Noted. And avoided.
>
>> for what you are doing, 'start' is preferred.
>
> Noted. Moved.
>
>>> atm, moving the ENTIRE script to 'started' results in the mangle
>>> chain being preserved ... although the classification of traffic is
>>> NOT working as intended (yet).
>
> Found the problem -- a MARK collision in mangle.
>
> My QoS script's creating class numbering, starting with a "low latency" class
> at classid == 1:2
>
> /lib.private
>
> qos_control() {
> ...
> CLASS_LOW_LATENCY=2 # 1:2 Low latency (VoIP)
> ...
> ${TC_BIN} class add dev ${intfc} parent 1:1 classid
> 1:${CLASS_LOW_LATENCY} hfsc \
> sc m1 ${uplink}kbit d 200ms m2 $((10*$uplink/10))kbit
> \
> ul rate ${uplink}kbit
> ...
> }
>
> Checking the mangle table, this conflicts directly with my MultiISP config's
> 'prov2' "MARK set 0x2",I recommend setting PROVIDER_OFFSET=8 and using mark values 0x100, 0x200, ... for your provider marks. That way, TC will be using a different part of the mark from multi-ISP. See http://www.shorewall.org/PacketMarking.html#Values. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Slashdot TV. Video for Nerds. Stuff that matters. http://tv.slashdot.org/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
