1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[help] Handling 2 WAN IPs, QoS and MAN network on top... how?

Discussion in 'Tomato Firmware' started by kulmegil, Jan 16, 2009.

  1. kulmegil

    kulmegil Network Guru Member

    I have 2 IPs assigned from my ISP each with own 3/3Mbps bandwidth.
    On top of that there is no special restrictions (up to 100Mbps) between users from the same ISP (MAN network).
    I would like to utilize connection most efficiently, however ... I may not be a total n00b but 'm not much of a network_administrator_geek either.

    My current setup is based on WRT54GL + tomato 1.23 vpn. It utilizes first IP (connection) by sharing it (QoS disabled) among all machines and second WAN IP is assigned exclusively to one of internal IPs - 24h server/HTPC* using following config I found:

    ifconfig vlan1:1 [extIP2] netmask [extIP2_netmask]
    iptables -t nat -I POSTROUTING -s [intIP] -j SNAT --to [extIP2]
    iptables -t nat -I PREROUTING -d [extIP2] -j DNAT --to [intIP2]
    iptables -I FORWARD -s [extIP2] -j ACCEPT
    iptables -I FORWARD -d [intIP] -j ACCEPT
    iptables -I INPUT -d [extIP2] -j ACCEPT
    * generates 97% traffic, runs all P2P's thus it's using both connections

    And I'm quite happy with this simple setup.
    However it's far from perfection - I would like to enable QoS (VoIP/P2P/WWW are mixed up on shared connection) but I just don't know how to. If I enable it with tomato GUI it limits bandwidth on both connections to summary 3/3Mbps and it also affects very fast connections inside MAN network.

    I would appreciate some advices, and appreciate even more some advices with config examples.
  2. azeari

    azeari LI Guru Member

    in theory, you could do something like this

    inbound/outbound max limit, 100mbps
    disable strict rule ordering

    Class E - 100%
    rule : Destination IP (include your ISP's entire IP range here)

    Class Highest - 3% (3mbps.. lol)
    DNS and stuff

    and vice versa.. not vv efficient in terms of granularity though. you might want to try some cli qos scripts

Share This Page