Home Page › Forums › Network Management › ZeroShell › Debugging traffic on the default QOS rule
- This topic is empty.
-
AuthorPosts
-
February 27, 2008 at 5:06 pm #40926
prowebuk
ParticipantCan anybody tell me how to dump source, destination ip’s & ports of traffic using the QOS Default rule (similar to tcpdump output) as I’m struggling to find out which hosts are serving unclassified traffic.
It would also appear the rules are not processed in order eg.
25 * * MARK tcp opt — in * out * 86.17.6.20 -> 0.0.0.0/0 PHYSDEV match –physdev-is-bridged tcp spt:110 MARK set 0x21 PW_POP
26 * * MARK tcp opt — in * out * 0.0.0.0/0 -> 86.17.6.20 PHYSDEV match –physdev-is-bridged tcp dpt:110 MARK set 0x21 PW_POP56 * * MARK all opt — in * out * 86.17.6.20 -> 0.0.0.0/0 PHYSDEV match –physdev-is-bridged MARK set 0x39 PW_TEST no
57 * * MARK all opt — in * out * 0.0.0.0/0 -> 86.17.6.20 PHYSDEV match –physdev-is-bridged MARK set 0x39 PW_TEST noRule 56 & 57 take precedence over rules 25 & 26 which makes it cumbersome to added rules to catch non classified traffic on a per host basis and wondered if anybody can confirm this is the correct behaviour.
I’ve also knocked up QOS traffic logging to a MySql database using a remote host and ssh, php and ajax for real time (ish) graphs if anybody’s interested??
Thanks for a sweet product Fulvio 🙂
Richard
B8 on a pair of HP DL360g3 2.8 Xeon in spanning tree failover config
20meg EtherDIA connection
FW & QOS Rule mirroringFebruary 27, 2008 at 9:09 pm #46189grunties
MemberI’ve also knocked up QOS traffic logging to a MySql database using a remote host and ssh, php and ajax for real time (ish) graphs if anybody’s interested??
HELL YEA!!!
I was just asked this morning to work on extending historical graphing of top talkers/listeners, dates/times used bandwidth, etc…
Whatever you can/will share would be a HUGE benefit to my project here.
Per your question though, I’ve only seen the connection tracking lok (in the firewall section). I haven’t seen a piece that dumps the QOS logs (yet) in Zeroshell.
Regards,
GFebruary 28, 2008 at 1:22 am #46190prowebuk
ParticipantHi G
Here you go then:
http://www.proweb.net/zeroshell_stats_logging_howto.php
Be my guest, it’s a little rough around the edges but works for me. Let me know how you get on with it and please feed back any improvements.
Cheers
Rich
February 28, 2008 at 8:27 am #46191prowebuk
ParticipantIt would appear after further testing that the QOS rules are processed in reverse order eg.
1 * * MARK all opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 MARK set 0xc LOCAL
does not take precidence over:
26 * * MARK tcp opt — in * out * 86.17.6.20 -> 0.0.0.0/0 PHYSDEV match –physdev-is-bridged tcp spt:110 MARK set 0x21 PW_POP
27 * * MARK tcp opt — in * out * 0.0.0.0/0 -> 86.17.6.20 PHYSDEV match –physdev-is-bridged tcp dpt:110 MARK set 0x21 PW_POPFebruary 28, 2008 at 8:49 pm #46192grunties
MemberThanks a ton for the link; I will look it over and hook it up.
G
March 1, 2008 at 11:15 am #46193prowebuk
ParticipantHi G,
I’ve updated the real time graph to show the max rate over the last 24 hours against each rule name which saves clicking on each rule to check the historical graph, it’s in the zip if you want to grab a new copy.
Cheers
R
March 18, 2008 at 9:34 pm #46194grunties
MemberThat’s great. Thanks a bunch!
G
March 18, 2008 at 11:14 pm #46195imported_fulvio
ParticipantRichard, I have just linked your useful how-to from the documentation section.
Regards
Fulvio -
AuthorPosts
- You must be logged in to reply to this topic.