From DD-WRT Wiki
Aug 24, 2006. Be using a build NO OLDER than r32170 before proceeding! Quality of Service (QoS) is a method to guarantee a bandwidth relationship between individual applications or protocols.This is very handy when you max out your connection so that you can allow for each application to have some bandwidth and so that no single application can take down the internet connection.
Jump to: navigation, search
You are here: DD-WRT wiki mainpage / Web-GUI / NAT/QoS / QoS
English • Deutsch • Español • Français • Italiano • 日本語 • Polski • Português • Русский • Svenska • 中文(中国大陆) • 中文(台灣) • |
|
[edit]Introduction
Be using a build NO OLDER than r32170 before proceeding!
Quality of Service (QoS) is a method to guarantee a bandwidth relationship between individual applications or protocols. This is very handy when you max out your connection so that you can allow for each application to have some bandwidth and so that no single application can take down the internet connection. This allows, for example, a full speed download via FTP without causing jittering on a VOIP chat. The FTP will slow down slightly as bandwidth is needed for the VOIP, provided VOIP was given greater priority.
Please note, as of 336XX, if QoS is enabled, SFE (Shortcut Forwarding Engine) is disabled, even if it shows up as enabled in the GUI, it is disabled.
If you plan on using QoS, please read Priorities explained and Precedence before going any farther.
[edit]Priorities explained
- Maximum - This class offers maximum priority and should be used sparingly.
- Premium - Second highest bandwidth class, by default handshaking and ICMP packets fall into this class. Most VoIP and video services will function good in this class if Express is insufficient.
- Express - The Express class is for interactive applications that require bandwidth above standard services so that interactive apps run smoothly.
- Standard - All services that are not specifically classed will fall under standard class.
- Bulk - The bulk class is only allocated remaining bandwidth when the remaining classes are idle. If the line is full of traffic from other classes, Bulk will only be allocated 1% of total set limit. Use this class for P2P and downloading services like FTP.
Bandwidth is allocated based on the following 'minimum to maximum' percentages of downlink and uplink values for each class as of current builds:
- Maximum: 75% - 100%
- Premium: 50% - 100%
- Express: 25% - 100%
- Standard: 15% - 100%
- Bulk: 5% - 100%
What this means is that if you have 10,000kbit of uplink traffic, 'Standard' class traffic can be reduced and de-prioritized to 15% or 1,500kbit when a concurrent express or higher priority service requires the down/uplink pipe at the same time.
Check which priorities are used with the command below:
Then scroll down to the Chain SVQOS_SVCS section.
[edit]TCP Packet Priority
Builds before r21061 will not have this option. Update your build if you dont have it, stay up to date.
Prioritize small TCP-packets with the following flags: ACK/SYN/FIN/RST
For detailed info on what these packets do see: http://en.wikipedia.org/wiki/Transmission_Control_Protocol#TCP_segment_structure
It is highly recommended to have at least, SYN, FIN & RST checked, OR, none at all. ACK can go both ways as P2P intensive applications such as uTorrent etc involve a lot of ACKs, so theoretically prioritizing ACKs means you 'prioritized P2P' though that is not entirely' accurate. Read up & do your own testing to find out whats best for your network. If you do not do large amounts of P2P activity on your network or none at all, then enable ACK prioritization.
[edit]Precedence
With all these ways of marking traffic its easy to get confused about how seemingly contradictory requirements are resolved. For example, what happens if you have an IP rule setting IP 192.168.1.2 to priority 'maximum' and have a MAC rule setting AA:BB:CC:DD:EE:FF to priority 'bulk'?
The order the precedence is as follows:
![Dd Wrt Iptv For Mac Dd Wrt Iptv For Mac](https://cdn.comparitech.com/wp-content/uploads/2018/06/torrenting.jpg)
- (1st) MAC Priority
- (2nd) Netmask Priority
- (3rd) Interface Priority
- (4th) Services Priority
- (5th) Ethernet Port Priority
NOTE: Ethernet Port Priority only works on old 802.11g only models with ADMtek switch chips. If you don't have ethernet port priority listed, your router does not support it. Ethernet port priority is different than interface priority.
NOTE: Services can be used at the same time as netmask or MAC, such as limiting 192.168.1.2 to 6 Mbps down & 512 Kbps up while having http set to express, that device will have http packets prioritized within it's allocated bandwidth limit. This only applies to builds r21061 & newer
For netmask, the IP address entries are applied in the order that they appear in your netmask table. Only the first match applies. Example, if you have an entry marking 192.168.1.10/32 as bulk, followed by an entry ABOVE IT, marking 192.168.1.0/24 (all 192.168.1.X) as premium, the traffic from 192.168.1.10 would be marked bulk because it was the first match.
For services, The services entries are applied in the order that they appear in your services tables going from bottom to top. Again, only the first match will apply.
[edit]Initial Setup
- Log into the Web Interface
- Select the NAT/QoS tab and then the QoS sub-tab.
- Click 'Enable'
- Set Port to 'WAN'. This works for all QoS setups EXCEPT, when using QoS by interface on a BRIDGED interface under 'interface priority', UNBRIDGED interfaces work fine with WAN port setting. If you want to use QoS on a BRIDGED interface you must select port as 'LAN & WLAN', which also works for all other QoS setups, but with slightly more CPU usage.
- Select HTB as your packet scheduler if you have 'queuing discipline' listed below it, if not then use HFSC.
Dd Wrt Iptv For Mac Free
![Mac Mac](https://cdn.comparitech.com/wp-content/uploads/2018/06/Virtual-Farm.jpg)
- Select FQ_CODEL as your queuing discipline.
- Set your download and upload speeds. You can use a speed test like Speedtest.net or dslreports.com/speedtest to check your actual connection speed. Some ISPs also provide their own bandwidth testing service, which may be more reliable than the links provided. Enter no higher than 95% of the values you measured into the proper fields. After you have everything set run the speed test again. If you get near 90% of your previous measurement in each direction then things are cool. If you get results which are way off then chances are that you have reversed these values. You must enter a value for the uplink field but if you want you can enter 0 for the downlink field in which case no QoS will occur in that direction, setting your downlink field to 0 isn't recommended.
It probably bugs you to set less than 100% of your available bandwidth in these fields but this is required. There will be a bottleneck somewhere in the system and QoS can only work if the bottleneck is in your router where it has control. The goal is to force the bottleneck to be in your router as opposed to some random location out on the wire over which you have no control. Some ISP's even have bursting ('powerboost') which will temporarily give you extra bandwidth when you first start using your connection but will later throttle down to a sustained rate. Fortunately there is usually a minimum level that you receive on a consistent basis and you must set your QoS limits below this minimum. The problem is finding this minimum and you may have to repeat speed tests many times before determining it. For this reason start with 80% of your measured speed and try things for a couple of days. If the performance is acceptable you can start to inch your levels up. If you go even 2% higher than you should be, your QoS will totally stop working (just too high) or randomly stop working (when your ISP node/DSLAM is slow aka saturated). This can lead to a lot of confusion on your part so get it working first by conservatively setting these speeds and then optimize later.
[edit]Prioritizing by Application (Skype, Http) or Port Range (P2P)
- Choose an available Service or Port Range from the list or create one, and then press 'Add' next to it.
- For P2P Applications, due to evolving protocols, encryption and obfuscation, it can be much better to define a port range [such as TCP/UDP, 60000-61000]. Set your P2P applications to operate within this range. This can significantly reduce the load on the router, avoid mis-identifying packets, and more efficiently shape your network traffic.
- Add all your other selected Services and Port Ranges here
- Choosing a Layer7 service based entry can work better than choosing a port range; though the router works harder as it has to dig into the packets beyond the header, to look at the data they contain.
If you wish to add more than one priority then use the 'Add' button to create more entries.
[edit]Prioritizing by Interface
Select your preferred interference, click add, then select the speed or priority you want. You can also limit ethernet ports this way as well (ethX or vlanX). Any limits or priorities set are shared for that interface regardless how many clients are connected to it. Excellent for running a guest network/hotspot on eg, ath1.1, applying QoS on the entire interface makes it impossible for a greedy user to bypass it by MAC cloning, changing IPs etc, short of connecting to a different interface. The same interface can also be entered multiple times with different speed limits or priorities for different services, example, ath0 512/512 with ssl & ath0 0/1024 with http would mean ssl traffic on ath0 is limited to 512kbps down & up, http is unlimited on down (up to global limits is used) & limited to 1024 (1mbps) on up, remaining entered services are not limited (up to global limits for both directions).
[edit]Prioritizing by Netmask (IP address)
These are entered in CIDR notation including the network prefix.
For example, to specify a single IP address enter xxx.xxx.xxx.xxx/32. Be careful to enter netmask as /32 because leaving it /0 means ALL IPs!.
The netmask is the number of bits of the IP address to match. For example, the entry 192.168.1.0/24 matches 192.168.1.x addresses. An entry of 192.168.0.0/16 matches 192.168.x.x addresses. If you're unsure of how to create CIDR subnet masks and what they mean, then use a subnet calculator.
After you have filled it out, press 'add' next to it. If you want to add multiple entries (make sure to have order correct!) click 'save' before entering in another so any previous changes don't get deleted, only click 'apply' when you want to start testing your current changes displayed.
[edit]Prioritizing by MAC Address
In the case you want to prioritize traffic from a particular device without a static IP address on your LAN, you can prioritize by MAC Address. Enter the MAC Address of the device and press 'Add' next to it.
[edit]How Do You Check What QoS Priorities Were Applied
The DDWRT web UI doesn't display any live traffic. Short of doing a practical test, you can get your hands dirty by checking the conntrack entries via telnet or ssh access in the router. When you're logged in run:
Then scroll down to the Chain SVQOS_SVCS section.
Dd Wrt Iptv For Mac Pro
With the above iptables mangle command you can see the inbound/outbound chains, entered IPs/MACs/services & whats being matched where.
It will list out all currently open connection and protocol that is currently being routed by the router. This is what it would look like:
What you'll be interested to look at will be the first set of source and destination IP, including the port numbers. Next the presence of l7proto and the 'mark' field. The entries indicate the current live connection QoS priority applied on them based on the 'mark' field. The 'mark' values corresponds to the following:
- Maximum: 100
- Premium: 10
- Express: 20
- Standard: 30
- Bulk: 40
- (no QoS matched): 0
You may see 'mark=0' for some l7proto service even though they are in configured in the list of QoS rules. This may mean that the layer 7 pattern matching system didn't match a new or changed header for that protocol. Custom service on port matches will usually take care of these.
[edit]Time Based QoS
As described in this thread you can use CRON jobs to enable/disable QoS. This is just a simplistic approach but more complex things could be done if you put your mind to it. These commands will enable HTB QoS on the WAN port from 5PM to 1AM but you will still need to configure everything else in the GUI. If you want to use LAN&WLAN then change '`get_wanface`' to 'imq1'. To change the times, see the CRON page for information.
If you use HFSC then you would do something like this instead.
As described in this thread you can also set different rates at different times by doing something like this which changes the HTB rates.
Edit: This will cause trouble on current firmware releases greater than r21061. Use the predefined service handler to stop/start QoS instead. Even if needed, use imq1 instead of br0 for internal traffic shaping.
If you need to alter down/up rates edit the nvram variables before restarting wshaper
Retrieved from 'http://wiki.dd-wrt.com/wiki/index.php/Quality_of_Service'
Here is a simple guide that will help you setup your DVR (Security System) and Router for remote web access, using a DD-WRT router and a free DDNS service. This guide is intended for personal and home use. Corporate or industrial setups are far more complex to setup than this. I will not discuss about complex firewall and RADIUS setup here, since this guide is primarily intended for simple and basic home use setup. You could setup your own advance CCTV system once you understand and learn the basics of simple networking.
If you follow this guide, I’d like to warn you first that this requires a DD-WRT flashed router. I don’t have any other routers at hand right now, that is why this is the thing that I’m gonna use with the guide. The idea would be the same even when you use another router, you may still follow this guide. I’ll discuss with you about Port Forwarding, this feature is almost available in all modern-day routers in the market. I will not dig into technical details and will not explain every terminology used in this guide, but I will walk you through to setup the necessary things so you could access your DVR or CCTV system remotely via the Internet.
Follow this guide step by step and you will surely learn how to access DVR remotely even without a public static IP address.
You need the basic stuffs enumerated below for this guide. Read on.
Preparation
Before following this guide make sure your Internet and CCTV/DVR are working as they should and that you already have a working home-network setup. When all is running fine, go ahead and start with this guide. Check the stuffs below and make sure it comes handy.
Things You Need:
- DD-WRT Flashed Router, or any other Router w/ DDNS support
- Router already configured to use PPoE
- ISP issued modem already in bridge-mode
- Network Switch/Hub, if you don’t have extra port from your router
- DDNS Service Account from No-IP.com
Steps To Take:
- Assign static IP and port number for your DVR or IP-Cam
- Setup port-forwarding
- Signup for Dynamic DNS service & setup DDNS in your DD-WRT Router
- Testing
Terms You Need To Get Familiar With (in case you’re not)
- Private IP – means the IP address assigned and usable within your internal network or LAN.
- Public IP – means the IP address assigned to you by your ISP, most are dynamic IPs and changes all the time.
- Static IP – means an IP Address assigned manually and not by a DHCP server.
- Dynamic IP – means an IP address assigned dynamically by a DHCP server, like the ones issued by your ISP or by your router within your LAN.
- Port Forwarding – means the technique to re-route or redirect a packet bound to a specific UDP/TCP port and machine, to another specified port or machine.
- Dynamic DNS (DDNS) – is a method that keeps a Name Server constantly updated with a host’s IP address.Note: You don’t need a STATIC IP subscription from your ISP, just to get your CCTV remote viewing setup working or to setup your DVR for remote access. The reason why I’m telling you this is that, I came across a forum site where some of it’s veteran member suggests that you need to get a Static IP from your ISP to get the setup working. Not really a mandatory thing to get, with the power of Port Forwarding technique and DDNS, static Public IP will not be a requirement. What is required, is a static IP address assigned to your DVR or IP-Cam.
Let’s Get Started, Whenever You’re Ready
Dd Wrt Iptv For Mac Download
Before proceeding with the following steps below, make sure that you’ve already assigned a subnet for your private or internal home network. But in case not, do the first step below.
- Assign static IP and port number for your DVR or IP-Cam.. There are ways to accomplish this; assign a static lease from your router or assign a static IP address from your DVR/IP-Cam Admin Panel. But I suggest that you assign the IP address using the admin panel. What you’ll be assigning is a Class C addressing, which are used only for internal network (ie: 192.xxx.xxx.xxx/255.255.255.0). Most routers are pre-configured to use
192.xxx.xxx.xxx
as the router’s IP address and255.255.255.0
as it’s subnet mask. I suggest that you follow this scheme and assign one to your DVR or IPCam.Advancing further with this guide, assign a static IP address to your DVR or IP-Cam using its Admin Panel. You may press the buttonMenu
either from the DVR itself or remote control. Generally you should see the settings fromNetwork Setup
orNetworking
screen or other similar words. If you don’t see it from the main screen, explore the sub-menus.When you found the setting, assign an IP using 192.xxx.xxx.xxx (ie 192.168.100.101) and also assign a port. There are two ports to fill-up, port for administration and port for viewing. So go ahead and fill those up, you may enter a port number like9001
and9002
. Most DVRs comes pre-configured with IPs and Ports, if your device comes with pre-configured network settings, I suggest that you just adapt and use it with this guide. You may adjust your router settings to match your DVR or IP-Cam’s network setting. The purpose of the port assignment is to specify a port dedicated for administration and another port for viewing only. To illustrate this further, take a look below.Note: Only choose port range above 1024. Higher port range would be nice, but keep it below 65535.When you access the Admin Panel via network, you typically type this in your browser’s address bar;To just view or monitor a camera via Web, you would type like this in your browser’s address bar;Take a look at the images below. That is how I’ve setup my IP address settings in my DD-WRT router. DD-WRT Port Forward Page
This is a Screenshot of DD-WRT Port Forward Page. You can see that I've already added a port forward settings. Screenshot by Chubbable
Some DVRs or IP-Cams are configured differently, so it depends how its web server are configured. So you might need to consult your manual on how to reach your Admin Panel via web browser. With some model you have to type in like this (yours may be different);
Alright, if your done with the IP address assignment, you can now test your settings and open up your DVR or IP-Cam’s admin panel using any browser you like (some old models have incompatibility issues with Internet Explorer 7 and below). Use the IP address and port combo that you had set in the previous steps mentioned above. You need a computer hooked to the same network and configured to use the same IP/subnet as your DVR configured with. So if your DVR is configured to use
192.168.100.101
your computer should be configured to use 192.168.100.xxx
(ex. 192.168.100.100)This is how it should look like in your DVR network setting:
- Your DVR network setting Gcc expert 24 drivers for mac.
This is how it should look like in your computer network setting:
- Your computer network setting
You don’t have to follow exactly the way I put the IP, you can make your IP addressing like
192.168.xxx.xxx
with a subnet mask of 255.255.255.0
. The Gateway IP should be the IP of your router.If you successfully accessed your DVR using your network config, then you may now proceed to the next step.
Setup the router and configure Port Forwarding. In this step I will discuss how to port forward in DD-WRT flashed routers, so I suggest that you have this router handy before proceeding with this step. But if you don’t have it, you may still follow, since port forwarding is generally the same with most routers. You’ll always find these fields; port range (port from and port to), application name, IP address and protocol The only difference are the location of menus and arrangement and placement of input fields.
Aztech DSL5001EL Port Forward Setup Page
This is screencap image of Aztech DSL5001EL Router's port forward setup page.
I’m gonna be using my
Linksys WRT54G2 v1
model, flashed with DD-WRT v24-sp2 (10/10/09) micro
. If you have a different router it’s alright, you can still follow this guide, since most routers has similar port forwarding menus.Alright let’s start. Login to your DD-WRT router using your login credentials. Upon logging in navigate to
NAT / QoS
>>Port Forward
.DD-WRT Port Forward Page
This is a Screenshot of DD-WRT Port Forward Page. You can see that I've already added a port forward settings. Screenshot by Chubbable