Versions Compared

Old Version 11

changes.mady.by.user jtel Support

Saved on

compared with

New Version 12

changes.mady.by.user jtel Support

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Content imported from a Scroll Translations translation file.
Sv translation
languageen

In order to setup DSCP rules for Quality of Service under linux, the firewall needs to be configured.

These commands are for firewalld (CentOS 7.x) but since the --direct syntax is used, they can easily be adapted to iptables (CentOS 6.x).

The following examples show how this can be done, for port 3306 (the MySQL server connection), this concept can be easily extended to other ports and protocols.

Translations Ignore


Code Block
titleEnable DSCP Class EF (46) for outgoing packets from TCP Port 3306
# DSCP Class EF is equal to DSCP 46 (Expidited)
firewall-cmd --permanent --direct --add-rule ipv4 mangle OUTPUT 0 -p tcp --sport 3306 -j DSCP --set-dscp-class EF
firewall-cmd --reload





Translations Ignore


Code Block
titleVerify DSCP is set on packets from port 3306 on interface ens192
# Output should show packets if connections are present to the MySQL Server
firewall-cmd --direct --get-all-rules
tcpdump -i ens192 -v ip[1]==184





Translations Ignore


Code Block
titleRemove DSCP rules for mangle table OUTPUT chain
firewall-cmd --permanent --direct --remove-rules ipv4 mangle OUTPUT
firewall-cmd --reload





Translations Ignore


Code Block
titleVerify DSCP is removed on packets from port 3306 on interface ens192
# Output should show no more packets even if connections are present to the MySQL Server
firewall-cmd --direct --get-all-rules
tcpdump -i ens192 -v ip[1]==184





Sv translation
languagede

Um DSCP-Regeln für Quality of Service unter Linux einzurichten, muss die Firewall konfiguriert werden.

Diese Befehle sind für Firewalld (CentOS 7.x), aber da die --direct- syntax verwendet wird, können sie leicht an iptables angepasst werden (CentOS 6.x).

Die folgenden Beispiele zeigen, wie dies gemacht werden kann, für Port 3306 (die MySQL-Server-Verbindung) kann dieses Konzept leicht auf andere Ports und Protokolle erweitert werden.

Translations Ignore


Code Block
titleEnable DSCP Class EF (46) for outgoing packets from TCP Port 3306
# DSCP Class EF is equal to DSCP 46 (Expidited)
firewall-cmd --permanent --direct --add-rule ipv4 mangle OUTPUT 0 -p tcp --sport 3306 -j DSCP --set-dscp-class EF
firewall-cmd --reload




Translations Ignore


Code Block
titleVerify DSCP is set on packets from port 3306 on interface ens192
# Output should show packets if connections are present to the MySQL Server
firewall-cmd --direct --get-all-rules
tcpdump -i ens192 -v ip[1]==184




Translations Ignore


Code Block
titleRemove DSCP rules for mangle table OUTPUT chain
firewall-cmd --permanent --direct --remove-rules ipv4 mangle OUTPUT
firewall-cmd --reload




Translations Ignore


Code Block
titleVerify DSCP is removed on packets from port 3306 on interface ens192
# Output should show no more packets even if connections are present to the MySQL Server
firewall-cmd --direct --get-all-rules
tcpdump -i ens192 -v ip[1]==184




Sv translation
languagefr

Afin de mettre en place les règles DSCP pour la qualité de service sous linux, le pare-feu doit être configuré.

Afin de mettre en place les règles DSCP pour la qualité de service sous linux, le pare-feu doit être configuré.

Les exemples suivants montrent comment cela peut être fait, pour le port 3306 (la connexion au serveur MySQL), ce concept peut être facilement étendu à d'autres ports et protocoles.

Translations Ignore


Code Block
titleActiver la classe DSCP EF (46) pour les paquets sortants du port TCP 3306
# DSCP Class EF is equal to DSCP 46 (Expidited) firewall-cmd --permanent --direct --add-rule ipv4 mangle OUTPUT 0 -p tcp --sport 3306 -j DSCP --set-dscp-class EF firewall-cmd --reload





Translations Ignore


Code Block
titleVérifiez que le DSCP est réglé sur les paquets provenant du port 3306 sur l'interface ens192
# Output should show packets if connections are present to the MySQL Server firewall-cmd --direct --get-all-rules tcpdump -i ens192 -v ip[1]==184





Translations Ignore


Code Block
titleSupprimer les règles du DSCP pour la chaîne OUTPUT de la table à mangle
firewall-cmd --permanent --direct --remove-rules ipv4 mangle OUTPUT firewall-cmd --reload





Translations Ignore


Code Block
titleVérifier que le DSCP est supprimé sur les paquets du port 3306 sur l'interface ens192
# Output should show no more packets even if connections are present to the MySQL Server firewall-cmd --direct --get-all-rules tcpdump -i ens192 -v ip[1]==184