For me it works perfectly the upload, I took the same values for the download doing prerouting but it doesn’t work correctly.the problem comes when I download a file. Instead of appearing in the less important queue, it appears in the main queue.I am sure that it is neccesary to change the packet size and connection bytes, but what I don’t know is the value I should consider for it.
Another question, is it Ok to do the prerouting for the down load? Is it necessary to create a mark connection and then a mark packet with chain prerouting again?
Well there are a couple of problems that you are running into because you aren’t thinking about download properly in your mangle rules. We’ll get to that in a bit.
First of all, it is best to identify things in the forward chain. This is so that the router knows where a packet is going, and still knows where it came from. While it is possible to do so in prerouting, if you have any dst-nat rules that change packet headers, that can cause a problem for the rules to work correctly.
Second, the reason why you are not identifying traffic like you think you should, is because you are trying to match the wrong side of the connection. With download traffic you have to think about it from the side of the connection. The return traffic is coming back to the client from the server with a port of either 80 or 443 in your rules. The way your rule is currently written it is looking for the client to be receiving traffic on port 80 or 443, something that isn’t likely to happen at all.
To answer your last question, no it is not necessary to mark a connection and then mark packets, you can mark packets directly like you are currently doing. It’s just that marking connections makes your life easier as it will catch both sides of a connection, upload and download, so that you only need one packet mark rule for that kind of traffic. Also less rules generally means less CPU time. Also if you are marking packets directly, you need to make sure you have rules that will catch both sides, upload and download, with appropriate rules. Sometimes marking a connection is not always possible however depending upon your setup, like if you are doing PCC for load balancing.
Thank for your reply. I created the rules for the download with chain forward. What values of connection bytes and packet size should I change to give the navegation of files priority rather than to the download of them?
Arnet is the interface ppoe client. The connection is adsl. 3072kbps down/ 256kbps up
And you will need to change dst-port to src-port for a lot of those rules to be able to properly identify them for download as stated above. You can keep the connection-bytes values the same, that will count both upload and download for the connection just like the upload rule, so you will likely want the same values for both. As for packet sizes, that’s up to you, and playing around with what settings work for you. You can likely leave them as they are and be fine. I generally don’t get that granular with my marks, I just identify things based off of ports and connection-bytes when I do QoS, as it will catch what I want if they transfer a lot of data with that session.
Thanks for your reply. It was really very helpful but I still have problems.
The thing is that the traffic of web browsing goes to QoS_2_Down and I think that it should go to QoS_1_Down so that it has more priority. The other problem is that the traffic of streaming video, like youtube for example, goes to QoS_4_Down which is used for downloading files. This way, it brings me trouble when someone is downloading a file and some others are using Youtube for example. I’d like the streaming video going to QoS_1_Down or to QoS_2_Down. What values do I have to change so that it works as I want?
This is the way I want to appear.
Web browsing, Streaming video-------QOS1_DOWN
Download-----QOS4_DOWN
You need to change the connection bytes to match your needs. Right now it is set to set any HTTP or HTTPS traffic that is bellow 500 kb to QoS2 and anything above 500 kb to QoS4. If you want different values then you need to adjust the connection bytes firewall matcher. What do you determine is a video stream and just a pure download? If you want to get more granular with what you want to match, you need to define very specifically what you want and how you want to define it, then research how to do it. It will require more rules and make things much more complex.
This is an inherent limitation of matching kinds of traffic just based off of connection information. As far as a router is concerned there is no difference between someone downloading a website, downloading a file, or streaming a video over HTTP. They all use the same protocol and are the same to the router. What you are doing right now is just breaking the connection into two defined parts, any connection under 500kb and any connection over 500kb, you can add in more levels if you want. In other words there is no convenient way to qualify what is web traffic, what is streaming traffic, and what is just download traffic using layer3 or connection information. You save a lot of CPU cycles, setup time, maintenance, and complexity by keeping it to this kind of information, but loose the ability to get very granular in your approach.
So how can it be done a better way ?
I want to priorize some ports for FirstPersonShooter and have big problems with Frames dropping ( bad ping latency ),..
You’ll need to run torch or some kind of packet capture and see if there are any specific things that you can identify that it always uses. Like if it always uses the same UDP port, or is always going to the same IP(s), and then use that layer3 information to identify the traffic and apply QoS to it.