Opened 7 years ago
Last modified 4 years ago
#8495 new defect
icmp is blocked when using qos (qos-scripts)
Reported by: | ddxx0n | Owned by: | developers |
---|---|---|---|
Priority: | normal | Milestone: | Barrier Breaker 14.07 |
Component: | packages | Version: | Trunk |
Keywords: | qos-scripts qos iptables firewall | Cc: |
Description
When enabling qos, icmp (e.g. ping) is blocked on my router (OUTPUT as well as FORWARD). I am using latest trunk w/ Kernel 2.6.36.2 on a WNDR3700 (ar71xx). The culprit ist the rule that marks the icmp protocol, no idea what's the problem, but I am rather sure this did work not too long ago in older trunk versions.
A workaround is to delete just this specific rule (iptables -t mangle -D Default -p icmp -j MARK --set-xmark 0x1/0xffffffff), but of course it defeats the purpose of prioritizing icmp.
Attachments (0)
Change History (3)
comment:1 Changed 7 years ago by ddxx0n
comment:2 Changed 7 years ago by ddxx0n
Sorry, after some more testing with custom 'Classification Rules' I discovered that the problem is not the icmp part of the mentioned rule, but rather the target 'Priority'.
Whatever is set to 'Priority' is blocked, I tried icmp, dns (port 53), http/s (port 80,443), ftp (port 20/21), ...
Maybe I mis-condifured some other part of the qos, but I don't see how since I only filled in the up- and download speed.
comment:3 Changed 4 years ago by jow
- Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07
Milestone Attitude Adjustment 12.09 deleted
In /etc/config/qos, it's this option that creates the mentioned rule and breaks things:
config 'reclassify'
option 'target' 'Priority'
option 'proto' 'icmp'