Debugging traffic on the default QOS rule

Forums Network Management ZeroShell Debugging traffic on the default QOS rule

  • This topic is empty.
Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • February 27, 2008 at 5:06 pm #40926
    prowebuk
    Participant

    Can anybody tell me how to dump source, destination ip’s & ports of traffic using the QOS Default rule (similar to tcpdump output) as I’m struggling to find out which hosts are serving unclassified traffic.

    It would also appear the rules are not processed in order eg.

    25 * * MARK tcp opt — in * out * 86.17.6.20 -> 0.0.0.0/0 PHYSDEV match –physdev-is-bridged tcp spt:110 MARK set 0x21 PW_POP
    26 * * MARK tcp opt — in * out * 0.0.0.0/0 -> 86.17.6.20 PHYSDEV match –physdev-is-bridged tcp dpt:110 MARK set 0x21 PW_POP

    56 * * MARK all opt — in * out * 86.17.6.20 -> 0.0.0.0/0 PHYSDEV match –physdev-is-bridged MARK set 0x39 PW_TEST no
    57 * * MARK all opt — in * out * 0.0.0.0/0 -> 86.17.6.20 PHYSDEV match –physdev-is-bridged MARK set 0x39 PW_TEST no

    Rule 56 & 57 take precedence over rules 25 & 26 which makes it cumbersome to added rules to catch non classified traffic on a per host basis and wondered if anybody can confirm this is the correct behaviour.

    I’ve also knocked up QOS traffic logging to a MySql database using a remote host and ssh, php and ajax for real time (ish) graphs if anybody’s interested??

    Thanks for a sweet product Fulvio 🙂

    Richard

    B8 on a pair of HP DL360g3 2.8 Xeon in spanning tree failover config
    20meg EtherDIA connection
    FW & QOS Rule mirroring

    February 27, 2008 at 9:09 pm #46189
    grunties
    Member

    I’ve also knocked up QOS traffic logging to a MySql database using a remote host and ssh, php and ajax for real time (ish) graphs if anybody’s interested??

    HELL YEA!!!

    I was just asked this morning to work on extending historical graphing of top talkers/listeners, dates/times used bandwidth, etc…

    Whatever you can/will share would be a HUGE benefit to my project here.

    Per your question though, I’ve only seen the connection tracking lok (in the firewall section). I haven’t seen a piece that dumps the QOS logs (yet) in Zeroshell.

    Regards,
    G

    February 28, 2008 at 1:22 am #46190
    prowebuk
    Participant

    Hi G

    Here you go then:

    http://www.proweb.net/zeroshell_stats_logging_howto.php

    Be my guest, it’s a little rough around the edges but works for me. Let me know how you get on with it and please feed back any improvements.

    Cheers

    Rich

    February 28, 2008 at 8:27 am #46191
    prowebuk
    Participant

    It would appear after further testing that the QOS rules are processed in reverse order eg.

    1 * * MARK all opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 MARK set 0xc LOCAL

    does not take precidence over:

    26 * * MARK tcp opt — in * out * 86.17.6.20 -> 0.0.0.0/0 PHYSDEV match –physdev-is-bridged tcp spt:110 MARK set 0x21 PW_POP
    27 * * MARK tcp opt — in * out * 0.0.0.0/0 -> 86.17.6.20 PHYSDEV match –physdev-is-bridged tcp dpt:110 MARK set 0x21 PW_POP

    February 28, 2008 at 8:49 pm #46192
    grunties
    Member

    Thanks a ton for the link; I will look it over and hook it up.

    G

    March 1, 2008 at 11:15 am #46193
    prowebuk
    Participant

    Hi G,

    I’ve updated the real time graph to show the max rate over the last 24 hours against each rule name which saves clicking on each rule to check the historical graph, it’s in the zip if you want to grab a new copy.

    Cheers

    R

    March 18, 2008 at 9:34 pm #46194
    grunties
    Member

    That’s great. Thanks a bunch!

    G

    March 18, 2008 at 11:14 pm #46195
    imported_fulvio
    Participant

    Richard, I have just linked your useful how-to from the documentation section.

    Regards
    Fulvio

  • Author
    Posts
Viewing 8 posts - 1 through 8 (of 8 total)
  • You must be logged in to reply to this topic.