Forums

Resolved
0 votes
Hi,

I was trying out the QoS option, but then when I enabled the engine the Firewall simply failed to start (working in Restricted mode).
After some search I looked at the output of
/usr/sbin/firewall-start -d

and I get as the last two lines
firewall: iptables -t mangle -A BWQOS_UP_eth0 -p tcp -m multiport --sports 80,443 --dports 80,443 -j MARK --set-mark 11
firewall v1.4.21: multiport: option "--source-ports" cannot be used together with "--destination-ports".


It seems like I cannot specify more than 1 port for each rule?
Here is how I tried to configure it:
https://i.imgur.com/NyUCHHE.png

Any advice is appreciated.
Thursday, August 01 2019, 01:05 AM
Share this post:
Responses (10)
  • Accepted Answer

    Thursday, August 01 2019, 08:53 AM - #Permalink
    Resolved
    0 votes
    I believe that is correct, but I am not sure of your rule anyway. When browsing, you normally access the web server from a random high port to port 80 or 443. The server then replies from 80 or 443 to your high port. It is relatively rare to have fixed source and destination ports at the same time. I know NTP can be symmetric and IPsec often is.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, August 01 2019, 01:39 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    I believe that is correct, but I am not sure of your rule anyway. When browsing, you normally access the web server from a random high port to port 80 or 443. The server then replies from 80 or 443 to your high port. It is relatively rare to have fixed source and destination ports at the same time. I know NTP can be symmetric and IPsec often is.


    Thanks Nick.

    I might be confused about how to setup the QoS after all. Here, I am trying to prioritize the traffic for a game, GTA Online, over other traffic in the network. From what I found, it uses the common ports 80,443, and also a range of ports listed above, 6672 and 61455-61458. In that case, what should I set to implement the priority?

    In my case, I have three other roommates who maybe streaming Netflix/doing bit torrent downloading when I game. This will hopefully help with latency and other bandwidth problem.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, August 01 2019, 01:48 PM - #Permalink
    Resolved
    0 votes
    It depends how friendly you are with your room mates. You could just prioritise your IP's!

    I don't know if upload or download is more important and you may need tcpdump to work out which are the source and destination ports. I suspect that upstreal you will want from any to tcp:80/443 and downstream from tcp:80/443 to any. The UDP ports may be the other way way round as they are the ports you need to keep open or forward in your router, so upstream to any from udp:your_list and downstream from any to udp:your_list.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, August 01 2019, 04:17 PM - #Permalink
    Resolved
    0 votes
    Nick Howitt wrote:

    It depends how friendly you are with your room mates. You could just prioritise your IP's!

    I don't know if upload or download is more important and you may need tcpdump to work out which are the source and destination ports. I suspect that upstreal you will want from any to tcp:80/443 and downstream from tcp:80/443 to any. The UDP ports may be the other way way round as they are the ports you need to keep open or forward in your router, so upstream to any from udp:your_list and downstream from any to udp:your_list.


    Thanks again for the idea, I will probably keep it the way it is for now as I don't want to just prioritize my own traffic after all lol.
    One thing I may try is just to modify in the command line the config file, it seems like it is easy to add lines of rule with single port instead.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, August 01 2019, 06:14 PM - #Permalink
    Resolved
    0 votes

    I might be confused about how to setup the QoS after all. Here, I am trying to prioritize the traffic for a game, GTA Online, over other traffic in the network. From what I found, it uses the common ports 80,443, and also a range of ports listed above, 6672 and 61455-61458. In that case, what should I set to implement the priority?

    In my case, I have three other roommates who maybe streaming Netflix/doing bit torrent downloading when I game. This will hopefully help with latency and other bandwidth problem.

    Hi Sandbo,

    My question is a little bit of topic, but may you can help me.
    My son plays GTA5 onlie, but I can get it working by opening the ports in the firewall.
    It is only working if I bypass the complete firewall for his IP.

    How did you setup GTA in COS ?
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, August 01 2019, 07:27 PM - #Permalink
    Resolved
    0 votes
    Patrick de Brabander wrote:


    I might be confused about how to setup the QoS after all. Here, I am trying to prioritize the traffic for a game, GTA Online, over other traffic in the network. From what I found, it uses the common ports 80,443, and also a range of ports listed above, 6672 and 61455-61458. In that case, what should I set to implement the priority?

    In my case, I have three other roommates who maybe streaming Netflix/doing bit torrent downloading when I game. This will hopefully help with latency and other bandwidth problem.

    Hi Sandbo,

    My question is a little bit of topic, but may you can help me.
    My son plays GTA5 onlie, but I can get it working by opening the ports in the firewall.
    It is only working if I bypass the complete firewall for his IP.

    How did you setup GTA in COS ?


    Hi Patrick,

    I am actually surprised to see that you need to open the ports for GTA V Online to work normally.
    With now running ClearOS 7.6, and also before I have switched to ClearOS (when I used off-the-shelf Netgear router), I did not have to open any ports, or do any port-forwarding for the online to function.
    Could it be something else? For example, could you have enabled DMZ and pointed it to another computer?
    Have you tried using other router and see if the same happens? If not it could be due to some routing configurations in ClearOS.

    Regarding port forwarding, the above ports were indeed mentioned on Rockstar's page:
    https://support.rockstargames.com/articles/200525767/GTA-Online-PC-Connection-Troubleshooting
    However I am using them just as a reference for setting up QoS. At the moment, QoS doesn't work for me because of the reasons discussed above. But I think I now have a solution and may try later.


    Update:
    I actually found this:
    https://support.rockstargames.com/articles/206210548/How-to-Resolve-Errors-in-GTA-Online-about-Strict-NAT-Type

    Apparently GTA Online has different "treatment" towards different situations. It looks like you can anyway play the game even if ports are totally blocked, that only means you need to connect through their server. Otherwise GTA Online employs a P2P mechanism where players are linked to another players by-passing the server. (And yes this is why modding/cheating is so hard to stop on GTA Online).
    I don't think I have ever saw this message, but it maybe worth to port forward and see if I can get faster connections (I don't feel it is slow now, though).
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, August 01 2019, 07:53 PM - #Permalink
    Resolved
    0 votes
    Hi Sandbo,

    Thanks for your reply.
    Strange that my server is blocking this game.
    It is the only game which is causing a problem and i've tried lot to get it working.

    The only thing that is working is to bypass the firewall to the pc.
    All others don't work. I've stop all other apps which can cause a block.
    There is no other router connected. The server is connected straight to the modem/internet

    Is there a way to can test or see in some log why it is block or where ?
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, August 01 2019, 08:06 PM - #Permalink
    Resolved
    0 votes
    Patrick de Brabander wrote:

    Hi Sandbo,

    Thanks for your reply.
    Strange that my server is blocking this game.
    It is the only game which is causing a problem and i've tried lot to get it working.

    The only thing that is working is to bypass the firewall to the pc.
    All others don't work. I've stop all other apps which can cause a block.
    There is no other router connected. The server is connected straight to the modem/internet

    Is there a way to can test or see in some log why it is block or where ?


    I see, unfortunately I am not an expert with networking and I don't know of a way to see the routing (it does seem like ClearOS has some apps for visualizing the connection). One software I tried in the past is called Wireshark, but I am not sure if I interpreted the results correctly.
    FYI, https://www.wireshark.org/

    I guess Nick will be able to provide more insight into the issue.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, August 01 2019, 09:05 PM - #Permalink
    Resolved
    0 votes
    I'm on holiday now so it will be harder to post and I'll have even more typos than normal if I use my phone.

    Tcpdump is the equivalent of wireshark.

    Does the miniupnpd app help?
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, August 15 2019, 11:37 AM - #Permalink
    Resolved
    0 votes
    I'm back from holidays, so i'll check if I can find something.
    The reply is currently minimized Show
Your Reply