[ale] I need some help with iptables and cbq

James Sumners james.sumners at gmail.com
Sun Sep 10 12:18:35 EDT 2006


As I wrote last month
(http://article.gmane.org/gmane.org.user-groups.ale/46036), I've
switched from DSL to cable so that I can drop Bellsouth in favor of
Vonage. Yesterday, I finally got my cable connection hooked up and
spent the day writing a new firewall for it. My goal is to use class
based queueing to give the VoIP connection all the bandwidth it needs
for a G.711 encoded phone conversation. So far I have been
unsuccessful in this endeavor. I've managed to write the iptables
rules to mark all the packets (minus a couple) and masquerade all my
LAN connections. I'll be DNATing a couple of ports later.

I have a couple questions for those of you on the list who are more
knowledgeable about this stuff.

1) Why don't the rules in firewall.sh on lines 73 and 75 mark packets?
2) The machine running this firewall has a wireless card that acts as
the WAP for my apartment. Do I need to classify the packets on that
interface as well? If I've been trying to test my bandwidth over
wireless, would that be why it isn't working as it should be?
3) Do you have any suggestions for improving my rules?

I've attached my scripts. Thanks in advance.

-- 
James Sumners
http://james.roomfullofmirrors.com/

"All governments suffer a recurring problem: Power attracts
pathological personalities. It is not that power corrupts but that it
is magnetic to the corruptible. Such people have a tendency to become
drunk on violence, a condition to which they are quickly addicted."

Missionaria Protectiva, Text QIV (decto)
CH:D 59
-------------- next part --------------
A non-text attachment was scrubbed...
Name: classes.sh
Type: application/x-sh
Size: 5323 bytes
Desc: not available

-------------- next part --------------
A non-text attachment was scrubbed...
Name: firewall.sh
Type: application/x-sh
Size: 4820 bytes
Desc: not available




More information about the Ale mailing list