I think it's better to keep default forward rule as reject and add specific forward rules to allow whatever you need. Like I tag things in my bridges using bridge netfilter, so I need a LAN to LAN forwarding allow rule.
The problem is when is i set General settings forward chain to reject, i got connection refused when i open a website !
I think i gotta take this with grain of salt tho. Latency is average because server is not very close to me. The bandwidth lines seem really stable and i see no evidence of bufferbloat on my continuous ping on my PC while doing this on wifi.
1 Like
look inside the details to get the RTT value.
now go to http://www.dslreports.com/speedtest and make a test on pc. then see how it will goes!
If i could find it under details, i dont see it. I have iOS version if it makes a difference.
Bufferbloat is A, but i think its because of fluctuating 4G connection, I should really try later at night when im usually gaming anyway and very little 4G traffic 
Edit: The bufferbloat also doesnt change much more if i further decrease my limits btw...
1 Like
oh, amazing results, you are fine to gaming.for now just keep settings like that!
try this test https://www.measurementlab.net/tests/ndt/ and look for the RTT in advanced tab after the test!
BTW: i'm downloading MWO to try it!
make this test several times per day then get some of those RTT and divide them by the number of RTT's to get avg after that take this avg and replace that 170ms with your's for eth1.2 and veth0 
Oh nice! lol. Just make sure to pick either EU or US server, and declick the Oceanic (AUS) because i dont have IP range for that, i dont really play on those anyway.
Try this in powershell:
New-NetQosPolicy -Name "MWO" -AppPathNameMatchCondition "MWOClient.exe" -PolicyStore HOSTNAME -NetworkProfile All -IPProtocolMatchCondition UDP -DSCPAction 46(change hostname to your PC name)
and enable QoS protocol on network adapter. (Not sure if restart is needed for all this)
Then u see when u run wireshark with filter ip.dsfield.dscp == 46
This gets your egress DSCP tags covered 
Results btw:
Your system: **-**
Plugin version: <b>- (-)</b>
TCP receive window: **318208** current, **341504** maximum
**0.59** % of packets lost during test
Round trip time: **27** msec (minimum), **121** msec (maximum), **47** msec (average)
Jitter: -
**0.00** seconds spend waiting following a timeout
TCP time-out counter: **250**
**0** selective acknowledgement packets received
No duplex mismatch condition was detected.
The test did not detect a cable fault.
No network congestion was detected.
**0.9474** % of the time was not spent in a receiver limited or sender limited state.
**0.0104** % of the time the connection is limited by the client machine's receive buffer.
Optimal receive buffer: **-** bytes
Bottleneck link: **-**
**1** duplicate ACKs set{
"c2sRate": 5792,
"s2cRate": 19811.858252806454,
"CurMSS": "1460",
"X_Rcvbuf": "87380",
"X_Sndbuf": "367080",
"AckPktsIn": "8611",
"AckPktsOut": "0",
"BytesRetrans": "0",
"CongAvoid": "8346",
"CongestionOverCount": "0",
"CongestionSignals": "102",
"CountRTT": "8613",
"CurCwnd": "134320",
"CurRTO": "250",
"CurRwinRcvd": "318208",
"CurRwinSent": "18176",
"CurSsthresh": "84680",
"DSACKDups": "0",
"DataBytesIn": "1003",
"DataBytesOut": "25612887",
"DataPktsIn": "2",
"DataPktsOut": "17313",
"DupAcksIn": "1",
"ECNEnabled": "0",
"FastRetran": "0",
"MaxCwnd": "170820",
"MaxMSS": "1460",
"MaxRTO": "289",
"MaxRTT": "121",
"MaxRwinRcvd": "341504",
"MaxRwinSent": "18176",
"MaxSsthresh": "84680",
"MinMSS": "1440",
"MinRTO": "233",
"MinRTT": "27",
"MinRwinRcvd": "64512",
"MinRwinSent": "14600",
"NagleEnabled": "1",
"OtherReductions": "0",
"PktsIn": "8613",
"PktsOut": "17313",
"PktsRetrans": "0",
"RcvWinScale": "7",
"SACKEnabled": "3",
"SACKsRcvd": "0",
"SendStall": "0",
"SlowStart": "89",
"SampleRTT": "44",
"SmoothedRTT": "50",
"SndWinScale": "8",
"SndLimTimeRwin": "108000",
"SndLimTimeCwnd": "9872382",
"SndLimTimeSender": "439868",
"SndLimTransRwin": "2",
"SndLimTransCwnd": "10",
"SndLimTransSender": "8",
"SndLimBytesRwin": "263440",
"SndLimBytesCwnd": "25281360",
"SndLimBytesSender": "68087",
"SubsequentTimeouts": "0",
"SumRTT": "402780",
"Timeouts": "0",
"TimestampsEnabled": "0",
"WinScaleRcvd": "8",
"WinScaleSent": "7",
"DupAcksOut": "1",
"StartTimeUsec": "604896",
"Duration": "10422212",
"c2sData": "4",
"c2sAck": "4",
"s2cData": "9",
"s2cAck": "8",
"half_duplex": "0",
"link": "0",
"congestion": "1",
"bad_cable": "0",
"mismatch": "0",
"spd": "19.66",
"bw": "3.10",
"loss": "0.005891527",
"avgrtt": "46.76",
"waitsec": "0.00",
"timesec": "10.00",
"order": "0.0001",
"rwintime": "0.0104",
"sendtime": "0.0422",
"cwndtime": "0.9474",
"rwin": "2.6055",
"swin": "2.8006",
"cwin": "1.3033",
"rttsec": "0.046764",
"Sndbuf": "367080",
"aspd": "0.00000",
"CWND-Limited": "0.00",
"minCWNDpeak": "68620",
"maxCWNDpeak": "170820",
"CWNDpeaks": "2",
"ServerToClientSpeed": 19.811858252806456,
"ClientToServerSpeed": 5.792,
"Jitter": 94
}
=== Results sent by the server ===
{
"c2sRate": 4568,
"s2cRate": 18725.49102319498,
"CurMSS": "1460",
"X_Rcvbuf": "87380",
"X_Sndbuf": "336168",
"AckPktsIn": "8167",
"AckPktsOut": "0",
"BytesRetrans": "0",
"CongAvoid": "7952",
"CongestionOverCount": "0",
"CongestionSignals": "87",
"CountRTT": "8169",
"CurCwnd": "124100",
"CurRTO": "245",
"CurRwinRcvd": "167680",
"CurRwinSent": "18176",
"CurSsthresh": "83220",
"DSACKDups": "0",
"DataBytesIn": "1003",
"DataBytesOut": "24277842",
"DataPktsIn": "2",
"DataPktsOut": "16418",
"DupAcksIn": "1",
"ECNEnabled": "0",
"FastRetran": "0",
"MaxCwnd": "166440",
"MaxMSS": "1460",
"MaxRTO": "270",
"MaxRTT": "92",
"MaxRwinRcvd": "169216",
"MaxRwinSent": "18176",
"MaxSsthresh": "83220",
"MinMSS": "1440",
"MinRTO": "231",
"MinRTT": "22",
"MinRwinRcvd": "64512",
"MinRwinSent": "14600",
"NagleEnabled": "1",
"OtherReductions": "0",
"PktsIn": "8169",
"PktsOut": "16418",
"PktsRetrans": "0",
"RcvWinScale": "7",
"SACKEnabled": "3",
"SACKsRcvd": "0",
"SendStall": "0",
"SlowStart": "61",
"SampleRTT": "47",
"SmoothedRTT": "45",
"SndWinScale": "8",
"SndLimTimeRwin": "78592",
"SndLimTimeCwnd": "9918746",
"SndLimTimeSender": "394768",
"SndLimTransRwin": "2",
"SndLimTransCwnd": "34",
"SndLimTransSender": "32",
"SndLimBytesRwin": "103600",
"SndLimBytesCwnd": "23875360",
"SndLimBytesSender": "298882",
"SubsequentTimeouts": "0",
"SumRTT": "371092",
"Timeouts": "0",
"TimestampsEnabled": "0",
"WinScaleRcvd": "8",
"WinScaleSent": "7",
"DupAcksOut": "1",
"StartTimeUsec": "371895",
"Duration": "10392671",
"c2sData": "4",
"c2sAck": "4",
"s2cData": "9",
"s2cAck": "8",
"half_duplex": "0",
"link": "0",
"congestion": "1",
"bad_cable": "0",
"mismatch": "0",
"spd": "18.69",
"bw": "3.37",
"loss": "0.005299062",
"avgrtt": "45.43",
"waitsec": "0.00",
"timesec": "10.00",
"order": "0.0001",
"rwintime": "0.0076",
"sendtime": "0.0380",
"cwndtime": "0.9545",
"rwin": "1.2910",
"swin": "2.5648",
"cwin": "1.2698",
"rttsec": "0.045427",
"Sndbuf": "336168",
"aspd": "0.00000",
"CWND-Limited": "0.00",
"minCWNDpeak": "45260",
"maxCWNDpeak": "166440",
"CWNDpeaks": "2",
"ServerToClientSpeed": 18.72549102319498,
"ClientToServerSpeed": 4.568,
"Jitter": 70
}
=== Results sent by the server ===Ill test again tonight when there is less congestion on network! (also i have unlimited data after 0:00am)
thanks for the info.
i already have dscp tags on my windows for idm,bittorrent,skype and League of legends.using gpedit.msc
you have a good knowledge about this stuff's
look inside advanced tab!
Not as much as you hehe. You sure the tags work tho through gpedit.msc? Because I think they apply to domain only as ive read. I can only get QoS rules working by doing it through powershell and use the parameter to dictate that the QoS rule should be applied to Private, Public and Domain i believe.
It could be differences in builds or configuration i guess. I'm using NTLite modified 1607 LTSB. 14393.2608
But with wireshark and the aforementioned filter its easy to see. Just change 46 to the number that corresponds with whatever DSCP you use for your packets.
That seems like it means you need a specific firewall rule. Something in traffic rules that allows forwarding from maybe veth0 to WAN or whatever. You definitely want the default to be reject forwarding.
Read here about enabling dscp on gpedit:
https://community.rti.com/kb/how-set-dscp-flag-your-system
i see the most is prefer powershell method!
you mean something like
iptables -A FORWARD -i veth0 -o pppoe-wan -j ACCEPT
iptables -A FORWARD -i pppoe-wan -o veth0 -j ACCEPT
ideally you allow in from wan only "related" traffic, that is traffic initiated by stuff on your LAN. This is already the case in the firewall, if you go to luci and look at Status > Firewall under
Table: Filter
Chain FORWARD
ACCEPT all * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED /* !fw3 */
So if you're having problems, it's probably because you're not establishing the connection properly. I suggest you create an interface in LUCI and make it have physical setting veth0 and assign it to the LAN firewall zone. That should be enough to allow anything received on veth0 to be treated as LAN traffic, (which would probably happen because the bridge broadcast it to all the bridge ports, including veth1). With that in place, it should be sufficient to not default to forwarding allowed. If not, I think you should debug more specifically what it is that is being blocked by the firewall (perhaps reading the logs would help).
That is kind of funny, this has been the culprit for all this time for me. Only here I once in a while actually had connectivity and sometimes not.
So we actualy had the same issue more or less? Ill try this fix too, i just put Global Settings Forward to Reject and i was back to square one! -_-
1 Like
lol, no problem man.
just make it now like what you see it.
also put veth0 into lan firewall zone then done!
Funny. This is not working for me at all! I did the same as u did!
are you sure, double check your settings!
sometimes a reboot is required like in my case.
Ok, I got it working now as well with the same firewall settings (Which are actually default/same from snapshot clean install)
I must say this QoS is amazing, was full speed torrenting and websites just open as fast as with unsaturated link!
Finally it all works great! Now I can just fool around with tagging as needed 
1 Like
Oh, that's nice new!, another happy customer 
enjoy your days!, let me know if you want to prioritize other traffic like browsing,or voip and videos!
*Note:
use this command to save a list of installed packages, so you can install them later after sysupgrade:
opkg list-installed | cut -f 1 -d ' ' > /etc/config/packages.list
then after sysupgrade use this:
opkg update
opkg install $(cat /etc/config/packages.list)
also copy /etc/config to a safe place on your pc!
BTW: when i set QOS policy in PS, i can see them in gpedit