In every QoS script i found the way was always:
find the bulk traffic and try to mark it as bulk so that it could be filtered.
I tested that way:
First mark everything as bulk traffic, than mark the common ports (http(s), smtp(s), pop3(s), imap(s), nntp, ntp, dns) as normal traffic and finaly mark ssh/vpn/telnet(if needed) high and the ACK packages as very high.
OK, my script is based on a script from german computermagazin c't, the original files can be downloaded here: http://www.heise.de/ct/ftp/02/24/224/
You need the tc-htb package available here: http://www.katastrophos.net/wrt54g/packages and the iptables-extra package.
(i just found out, that the sched package which is installed with tc-htb is for 2.4.20 (RC4) and not for 2.4.30 (RC5), so the Modules can't be inserted and the script won't run. Anyway, here is my script, it's for a ADSL Line with 2000kbit down and 192kbit up.
#!/bin/sh
#
# Shell-Skript fuer Quality of Service mit HTB
#
/sbin/insmod /lib/modules/2.4.30/kernel/sched/sch_htb.o
/sbin/insmod /lib/modules/2.4.30/kernel/sched/sch_sfq.o
/sbin/insmod /lib/modules/2.4.30/kernel/sched/sch_cbq.o
/sbin/insmod /lib/modules/2.4.30/kernel/sched/sch_ingress.o
/sbin/insmod /lib/modules/2.4.30/kernel/sched/cls_u32.o
/sbin/insmod /lib/modules/2.4.30/kernel/sched/cls_fw.o
/sbin/insmod /lib/modules/2.4.30/kernel/sched/ipt_length.o
. /etc/functions.sh
EXTIF=$(nvram get wan_ifname)
export EXTIF
INTIF=$(nvram get lan_ifname)
export INTIF
############
# Outgoing
############
## Root, set default to bulk (13)
/usr/sbin/tc qdisc add dev $EXTIF root handle 1:0 htb default 13
## Mainclass
/usr/sbin/tc class add dev $EXTIF parent 1:0 classid 1:1 htb rate 189kbit ceil 189kbit
## class for ACK
/usr/sbin/tc class add dev $EXTIF parent 1:1 classid 1:10 htb rate 12kbit ceil 189kbit prio 0
## class for VPN/SSH
/usr/sbin/tc class add dev $EXTIF parent 1:1 classid 1:11 htb rate 35kbit ceil 189kbit prio 1
## class for normal Traffic
/usr/sbin/tc class add dev $EXTIF parent 1:1 classid 1:12 htb rate 126kbit ceil 189kbit prio 2
## class for Bulk
/usr/sbin/tc class add dev $EXTIF parent 1:1 classid 1:13 htb rate 16kbit ceil 165kbit prio 3
# ACKs
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp -m length --length :64 -j MARK --set-mark 10
# DNS
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 53 -j MARK --set-mark 10
iptables -A POSTROUTING -t mangle -o $EXTIF -p udp --dport 53 -j MARK --set-mark 10
# VPN/IPsec
iptables -A POSTROUTING -t mangle -o $EXTIF -p 50 -j MARK --set-mark 11
# SSH
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 22 -j MARK --set-mark 11
# ntp
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 37 -j MARK --set-mark 11
# Normaler traffic
# smtp und message submission
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 25 -j MARK --set-mark 12
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 465 -j MARK --set-mark 12
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 587 -j MARK --set-mark 12
# http https
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 80 -j MARK --set-mark 12
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 443 -j MARK --set-mark 12
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 8080 -j MARK --set-mark 12
#pop3 pop3s
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 110 -j MARK --set-mark 12
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 995 -j MARK --set-mark 12
#imap imaps
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 143 -j MARK --set-mark 12
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 993 -j MARK --set-mark 12
# news
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 119 -j MARK --set-mark 12
# ICQ u. AIM
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 5190 -j MARK --set-mark 12
iptables -A POSTROUTING -t mangle -o $EXTIF -p udp --dport 5190 -j MARK --set-mark 12
# Yahoo
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 5050 -j MARK --set-mark 12
iptables -A POSTROUTING -t mangle -o $EXTIF -p udp --dport 5050 -j MARK --set-mark 12
# MSN
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 1863 -j MARK --set-mark 12
iptables -A POSTROUTING -t mangle -o $EXTIF -p tcp --dport 1863 -j MARK --set-mark 12
/usr/sbin/tc filter add dev $EXTIF parent 1:0 prio 0 protocol ip handle 10 fw flowid 1:10
/usr/sbin/tc filter add dev $EXTIF parent 1:0 prio 0 protocol ip handle 11 fw flowid 1:11
/usr/sbin/tc filter add dev $EXTIF parent 1:0 prio 0 protocol ip handle 12 fw flowid 1:12
# default: 1:13, maybe the next line should be uncommented
/usr/sbin/tc filter add dev $EXTIF parent 1:0 prio 0 protocol ip handle 13 fw flowid 1:13
###########
# Incoming
###########
#/sbin/tc qdisc add dev $INTIF root handle 2:0 htb default 20
#/sbin/tc class add dev $INTIF parent 2:0 classid 2:2 htb rate 2000kbit ceil 2000kbit
#/sbin/tc class add dev $INTIF parent 2:2 classid 2:20 htb rate 1500kbit ceil 1850kbit prio 1
#/sbin/tc class add dev $INTIF parent 2:2 classid 2:21 htb rate 300kbit ceil 2000kbit prio 0
#/sbin/tc class add dev $INTIF parent 2:2 classid 2:22 htb rate 200kbit ceil 1750kbit prio 3
# ACKs
#iptables -A POSTROUTING -t mangle -o $INTIF -m length --length :200 -j MARK --set-mark 21
# SSH
#iptables -A POSTROUTING -t mangle -o $INTIF -p tcp --sport 22 -j MARK --set-mark 21
# eDonkey
#iptables -A POSTROUTING -t mangle -o $INTIF -p tcp --dport 4662 -j MARK --set-mark 22
#iptables -A POSTROUTING -t mangle -o $INTIF -p tcp --sport 4662 -j MARK --set-mark 22
# throtteling whole ip
#iptables -A POSTROUTING -t mangle -o $INTIF -d 192.168.111.1 -j MARK --set-mark 22
#tc filter add dev $INTIF parent 2:0 prio 0 protocol ip handle 21 fw flowid 2:21
#tc filter add dev $INTIF parent 2:0 prio 0 protocol ip handle 22 fw flowid 2:22
#########
# SFQ
#########
/usr/sbin/tc qdisc add dev $EXTIF parent 1:10 handle 10: sfq perturb 10
/usr/sbin/tc qdisc add dev $EXTIF parent 1:11 handle 11: sfq perturb 10
/usr/sbin/tc qdisc add dev $EXTIF parent 1:12 handle 12: sfq perturb 10
/usr/sbin/tc qdisc add dev $EXTIF parent 1:13 handle 13: sfq perturb 10
# this is for incoming
#tc qdisc add dev $INTIF parent 2:20 handle 20: sfq perturb 10
#tc qdisc add dev $INTIF parent 2:21 handle 21: sfq perturb 10
#tc qdisc add dev $INTIF parent 2:22 handle 22: sfq perturb 10here's how to turn it off:
# /bin/sh
. /etc/functions.sh
WAN_IFACE=$(nvram get wan_ifname)
LAN_IFACE=$(nvram get lan_ifname)
iptables -F -t mangle
/usr/sbin/tc qdisc del dev $WAN_IFACE root 2> /dev/null > /dev/null
/usr/sbin/tc qdisc del dev $WAN_IFACE ingress 2> /dev/null > /dev/null
/usr/sbin/tc qdisc del dev $LAN_IFACE root 2> /dev/null > /dev/null
/usr/sbin/tc qdisc del dev lo root 2> /dev/null > /dev/nullFor those, who are still on RC4, you can test it. But i'm not sure if the scripts syntax is OK and i'm not sure if the settings are working at all.
(Last edited by carfal on 26 Apr 2006, 02:27)