1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Help with DSCP or TOS via iptables

Discussion in 'Tomato Firmware' started by Adam S, Nov 25, 2013.

  1. Adam S

    Adam S Reformed Router Member

    I have a WRT54GL running Tomato 1.28 acting as my gateway and it works great, but I want to set up outgoing QoS in a method my ISP supports (TOS or DSCP):

    I can use DSCP (26) or TOS (0x68, or 10).

    In order to add these, I've logged in via SSH and I'm trying to use iptables to add a rule to the POSTROUTING chain. I first tried:

    Code:
    iptables -t mangle -A POSTROUTING -p udp --sport 5060 -j DSCP --set-dscp 26
    The result is

    Code:
    "No chain/target/match by that name"
    I then tried:

    Code:
    iptables -t mangle -A POSTROUTING -p udp --sport 5060 -j TOS --set-tos 0x10
    Same result. I tried various other tos values, such as just '10' and I get:

    Code:
    iptables v1.3.7: Bad TOS value `10'
    When I drop the DSCP/TOS specifications I can make a rule, but it doesn't help me since it doesn't have the needed spec. Example:

    Code:
    iptables -t mangle -A POSTROUTING --proto udp --sport 5060
    This works, I can see a rule in the POSTROUTING chain, but it doesn't do anything.

    What am I missing? What can I change to get TOS or DSCP into my rule?
     
  2. gutsman7

    gutsman7 Networkin' Nut Member

    Perhaps try loading the TOS module first with insmod ipt_TOS and insmod ipt_tos.
     
  3. koitsu

    koitsu Network Guru Member

    The command you want is: modprobe xt_DSCP

    ...followed by execution of your iptables commands using -j DSCP as a target.

    Please note the module name is case-sensitive, and the loading of that module should only be done once per router reboot. You can verify the module loaded using lsmod.

    Other iptables modules can be loaded dynamically using -m foo. This one cannot.

    As I described in another thread, iptables is quite stupid/idiocy when it comes to giving people sane/useful error messages when using modules.

    Good luck.
     
  4. Porter

    Porter LI Guru Member

    You can easily create some filters using DSCP from the QoS/Classification-page. No shell-hacking required.
     
  5. Adam S

    Adam S Reformed Router Member

    @Porter - I don't see how to specify DSCP or TOS classifications in the web interface, I only see generic "A,B,C,D,E, or Lowest, Low, Medium, High, Highest". Is one of those TOS or DSCP?

    [​IMG]
     
    Last edited: Nov 26, 2013
  6. Adam S

    Adam S Reformed Router Member

    Thanks @gutsman7 but I get "insmod: can't insert 'ipt_TOS': Operation not permitted" when I try, with or without caps on tos... do i need to be in a specific directory? I tried su and sudo but it didn't accept those terms.
     
  7. Adam S

    Adam S Reformed Router Member

    Thank you @koitsu but no go, I got:
    [​IMG]
     
  8. Porter

    Porter LI Guru Member

    You are using a completely outdated version of Tomato. Please upgrade to the most recent Toastman version, 1.28.7634 Toastman-IPT-ND ND Std.

    You are looking on the Basic settings page, I'm talking about the classification page.
     
  9. Adam S

    Adam S Reformed Router Member

    Wow @Porter this Toastman stuff is (exciting) news to me. I've only downloaded from Polarcloud, which has been stuck on 1.28.1816 forever. I'm reading up on all of this. You mention 1.28.7634 which is the 2.4 kernel. Is that better than the 2.6 kernel for some reason? Stability? Thanks for helping me find this, I think I'm on the right track.
     
  10. Adam S

    Adam S Reformed Router Member

    Guys thanks for all your help. @Porter may have solved this by opening my eyes to the Toastman builds. I went to 1.28.7635 and I was able to make my DSCP rules in the web interface, then verify them in iptables on the QOSO chain. Thanks all!!!
     
  11. Porter

    Porter LI Guru Member

    Just to wrap this up: on an old WRT54GL kernel 2.4 is recommended.

    Great you figured it out!
     
  12. jay joffe

    jay joffe Reformed Router Member

    does this enable one to set the dscp field on outgoing packets? Or only on packets going into our own network?
     

Share This Page