FreshJR
Very Senior Member
Oops i meant this command?
nvram get wan0_ifname
That was debugging users did when they noticed iptable rules were created on the wrong interface. Do not worry about that command
Oops i meant this command?
nvram get wan0_ifname
http://whatsyourrouter.com/mybb/showthread.php?tid=304Hello im see this in system log:
Jun 10 12:13:55 kernel: br0: received packet on vlan1 with own address as source address
Jun 10 12:13:55 kernel: br0: received packet on vlan1 with own address as source address
I have the alternative script because i receve net by vlan and i use a swith tl-link sg105E i have config vlan´s in the tp
/jffs/scripts/FreshJR_QOS -uninstall
--upload new script--
/jffs/scripts/FreshJR_QOS -install
Pushed an update to the ALTERNATE_WAN_INTERFACE version of the script.
The update was to fix the bug reports regarding improper interface detection.
The alternate version can be found here.
https://www.snbforums.com/threads/r...-and-inner-workings.36836/page-76#post-409166
--
v5 release uses a different firewall-start entry.
As a result, you will have to fully uninstall any previous version of the script, and fresh install this one.
Eg.
Code:/jffs/scripts/FreshJR_QOS -uninstall --upload new script-- /jffs/scripts/FreshJR_QOS -install
Once again, this is only intended for users with non-eth0 interfaces!
Thanks Fresh.
Will do this as i have a vlan fibre connection.
Fresh do you know anything about this?
https://www.isoc.org/inet97/proceedings/F3/F3_1.HTM
Thanks.my main concern is udp packet loss.
What about congested networks en route?
iptables -I POSTROUTING -o br0 -t mangle -p udp -d 192.168.2.100/32 -m limit --limit 1/s -j LOG
iptables -D POSTROUTING -o br0 -t mangle -p udp -d 192.168.2.100/32 -m limit --limit 1/s -j LOG
Download:
iptables -D POSTROUTING -t mangle -o br0 -d 192.168.2.100/32 -j MARK --set-xmark 0x80000000/0xC0000000 &> /dev/null
iptables -A POSTROUTING -t mangle -o br0 -d 192.168.2.100/32 -j MARK --set-xmark 0x80000000/0xC0000000
Upload:
iptables -D OUTPUT -t mangle -o $wan ! -s 192.168.2.1 -p udp --dport 25000 -j MARK --set-mark ${Downloads_mark_up} &> /dev/null
iptables -A OUTPUT -t mangle -o $wan ! -s 192.168.2.1 -p udp --dport 25000 -j MARK --set-mark ${Downloads_mark_up}
I get this when running the second iptables command at ssh prompt:Great news, thanks to @Martineau for providing a VPN server, I have been able to develop another QOS fix.
Some of you ** damn pirates ** are going to be happy with this one.
As you might of noticed, the tunneled VPN traffic when the router is acting as a VPN client does not appear on the upload/download portions of QOS.
You have to understand the difference between a router acting as a VPN Server or acting as a VPN Client before attempting to use this rule.
The router has the ability to act as a VPN Client on behalf of specific LAN devices.
This means that:The router also has the ability to act as a VPN Server
1) Local devices connect to the router as normal
2) A portion of these devices (depending on configuration) will have their entire communications forwarded to a private VPN Server **typically paid**
3) The VPN server will fetch/receive data from the destination/website that the local device wanted to communicate with
4) The VPN server will return the data, in encrypted form, to the local device.
This configuration is typically used when you dont want your ISP to snoop on the contents/destination of your traffic.
This is the reverse of the above situation:
1) You are on a work/public WiFi network and you dont want your work/public network admin to spy on you.
2) Instead of paying for a private VPN Server, you can have your router host one for you, and tunnel your traffic via your local ISP
3) Your traffic will remain private from whatever network you are connected too.
4) As an added bonus, when connecting to your own hosted VPN, you can access your LAN devices just as if you never left your network.
This configuration is typically used when you want to access LAN devices or maintain privacy on a network away from your own.
Custom Rules for when Router is acting as a VPN Client
These custom rules fix tunneled traffic from being zero-rated (whitelisted) on QOS.
**THESE RULE ARE NOT APPLICABLE WHEN THE ROUTER IS ACTING AS A VPN SERVER**
Code:Download: iptables -A POSTROUTING -t mangle -o br0 -d 192.168.2.100/32 -j MARK --set-xmark 0xC0000000/0x80000000
"Incoming/download" traffic is being whitelisted since Asus is marking "download" traffic with an "upload" mark.
The rule above switches the "upload" mark back into a "download" mark.
Since the original mark is preserved, download traffic will remain correctly identified by traffic type.
192.168.2.200/32 should be the iprange of your tunneled devices
Code:Upload: iptables -A POSTROUTING -t mangle -o eth0 ! -s 192.168.2.1 -p udp --dport 25000 -j MARK --set-mark ${Downloads_mark}
The upload mark assigned to upload traffic is completely lost after entering the VPN tunnel.
As a result, we have to lump ALL upload vpn traffic into a fixed user defined category.
192.168.2.1 should be changed to the IP of your router
-p udp --dport 25000 should be changed to the ports of your VPN host/provider.
Enjoy!
Custom Rules for when Router is acting as a VPN Server
No solution here
This might not be possible to fix because download traffic in this configuration is never forwarded to the br0 interface.
Traffic has to transverse the br0 interface to have its download limited via QOS.
You can read this post of mine for a detailed explanation.
https://www.snbforums.com/threads/just-a-quick-question-about-qos.47220/
If someone has ideas how to fix this via routing changes, please go right ahead!
That area is beyond my skill level.
iptables v1.4.15: unknown option "--set-mark"
I get this when running the second iptables command at ssh prompt:
Code:iptables v1.4.15: unknown option "--set-mark"
iptables -A OUTPUT -t mangle -o eth0 ! -s 192.168.2.1 -p udp --dport 25000 -j MARK --set-mark 0x40030001
The above command you mentioned to test and the other lines; can i change {Downloads_mark} to {Streaming_mark} ? For instance:You cant run the second iptables command directly via SSH since the variable ${Downloads_mark} is only defined when executed from the FreshJR_QOS script itself.
For testing feel free to use this command temporarily.
Code:iptables -A OUTPUT -t mangle -o eth0 ! -s 192.168.2.1 -p udp --dport 25000 -j MARK --set-mark 0x40030001
After testing, both rules should go within the upload/download portions of the script itself.
iptables -A POSTROUTING -t mangle -o br0 -d 192.168.14.67/32 -j MARK --set-xmark 0xC0000000/0x80000000
The above command you mentioned to test and the other lines; can i change {Downloads_mark} to {Streaming_mark} ? For instance:Code:iptables -A POSTROUTING -t mangle -o br0 -d 192.168.14.67/32 -j MARK --set-xmark 0xC0000000/0x80000000
iptables -A OUTPUT -t mangle -o eth0 ! -s 192.168.2.1 -p udp --dport 25000 -j MARK --set-mark 0x40030001
iptables -A OUTPUT -t mangle -o eth0 ! -s 192.168.2.1 -p udp --dport 25000 -j MARK --set-mark ${Downloads_mark}
Download:
iptables -A POSTROUTING -t mangle -o br0 -d 192.168.2.100/32 -j MARK --set-xmark 0xC0000000/0x80000000
Upload:
iptables -A POSTROUTING -t mangle -o eth0 ! -s 192.168.2.1 -p udp --dport 25000 -j MARK --set-mark ${Downloads_mark}
Asus Router 68U with version 384.5 firmware
Code:Download: iptables -A POSTROUTING -t mangle -o br0 -d 192.168.2.100/32 -j MARK --set-xmark 0xC0000000/0x80000000
I am getting this error :
iptables v1.4.15: unknown option "--set-xmark"
I am getting this error :Code:Upload: iptables -A POSTROUTING -t mangle -o eth0 ! -s 192.168.2.1 -p udp --dport 25000 -j MARK --set-mark ${Downloads_mark}
iptables v1.4.15: unknown option "--set-mark"
Do I need to install entware's iptables?
RMerlin v384.5??
Those commands should work out of the box. I am stumped!
I personally cannot upgrade past 384.4. There is no reason those commands stopped working on the v384.5 update
As for --set-mark, that has to be ran from the script itself. See @skeal same exact issue.
However This solution works awsome. The graphs in the RMerlin don't represent what is actually going on. but the actual qos is working splendidly!
Can I change this:Come again
This command
Code:iptables -A OUTPUT -t mangle -o eth0 ! -s 192.168.2.1 -p udp --dport 25000 -j MARK --set-mark 0x40030001
is equivalent to
Code:iptables -A OUTPUT -t mangle -o eth0 ! -s 192.168.2.1 -p udp --dport 25000 -j MARK --set-mark ${Downloads_mark}
I just manually expanded ${Downloads_mark} --> 0x40030001 so you would be able run in directly from SSH as you requested.
Yes you can change ${Downloads_mark} into whatever you perfer for your personal use.
All UPLOAD tunneled traffic will be counted against the category you define.
iptables -A OUTPUT -t mangle -o eth0 ! -s 192.168.2.1 -p udp --dport 25000 -j MARK --set-mark ${Downloads_mark}
iptables -A OUTPUT -t mangle -o eth0 ! -s 192.168.2.1 -p udp --dport 25000 -j MARK --set-mark ${Streaming_mark}
0x40030001
Then I am sorry to say the rules are not working in your case.
RMerlin's charts are always a true representation of the QOS system.
Both the upload & download charts are not showing activity?
Were you sure to set up the variables to match your configuration.
All is still showing as upload
In my opinion the graphs are nice to look at, but the functionality is what counts.
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!