Since I installed the clearOS as my network's gateway, my son has been complaining about longer ping time he gets on his playstation console, which badly affects online games performance. I don't want his connection to bypass the clearOS server completely because I'm planning to control his access times to the Internet as being discussed here: https://www.clearos.com/clearfoundation/social/community/matching-time-in-iptables-and-clearos-7-3
I'm wondering if there is a way to let the playstation's traffic to bypass all gateway checking, such as filtering, antimalware and intrusion detection. Maybe some iptables rule(s) can be set to make a shortcut for the console's ip to let its packets to pass directly from internal to external cards and vice versa. Any thoughts or ideas?
Thank you.
I'm wondering if there is a way to let the playstation's traffic to bypass all gateway checking, such as filtering, antimalware and intrusion detection. Maybe some iptables rule(s) can be set to make a shortcut for the console's ip to let its packets to pass directly from internal to external cards and vice versa. Any thoughts or ideas?
Thank you.
Share this post:
Responses (5)
-
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Unfortunately those drivers are the optimum. The problem NIC is the RTL8111/8168 but you don't have that.
I don't know if you can bypass any internal processing of ClearOS except the proxy/content filter.
In your set up does your WAN get a public IP or is it NAT'd through another modem or router? I can't remember the details of your other posts. -
Accepted Answer
Here is the output (some old stuff here
) :
02:00.0 Ethernet controller [0200]: Broadcom Limited NetXtreme BCM5721 Gigabit Ethernet PCI Express [14e4:1659] (rev 11)
Subsystem: Hewlett-Packard Company Device [103c:3260]
Kernel driver in use: tg3
Kernel modules: tg3
03:02.0 Ethernet controller [0200]: Broadcom Limited NetXtreme BCM5703 Gigabit Ethernet [14e4:16c7] (rev 10)
Subsystem: Compaq Computer Corporation NC7771 Gigabit Server Adapter (PCI-X, 10,100,1000-T) [0e11:00ca]
Kernel driver in use: tg3
Kernel modules: tg3
I'll apply the iptables rules you suggested for both source and destination and report back with the result. -
Accepted Answer
Before you go down that rout, can you just check your NIC drivers. There is one in particular we can do something about. What is the output of:lspci -knn | grep Eth -A 3
For an iptables rule, try something like:
and perhaps the same with a "-d" instead of "-s". This may mess with any time rules you create as normally the first rule matched stops all further rule processing. You'd want to see the time blocks above this rule when you do an "iptables -nvL FORWARD"iptables -I FORWARD -s your_son's_IP_address -j ACCEPT
Also, with the above rule, if it works at the command line, change "iptables" to "$IPTABLES" for the custom firewall module.
I am not sure this rule will help too much, though.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »