[ale] iptables TOS (was: b'bye)
Jim Popovitch
jimpop at yahoo.com
Tue May 24 13:02:36 EDT 2005
On Tue, 2005-05-24 at 12:29 -0400, Christopher Fowler wrote:
> On Tue, 2005-05-24 at 11:40, James Sumners wrote:
> > I am interested in controlling the bandwith of specific protocols
> > across a whole network.
>
> What I want to do too. I want to be sure that all traffic leaving my
> network with a destination of port 25 has extremely low priority. And
> at most can consume no more than 10% of the total bandwidth. I also
> want my VOIP Packet8 device to have very high priority. My firewall is
> a 2.4.X machine so I'm sure things are different in 2.6.X vs 2.4.X.
Iptables works on 2.4.x, I'm using it on several Redhat 7.3 boxes
(kernel 2.4.20) and 2.6.11 boxes
The problem w/ 10% is not something that (afaik) iptables can address.
That is a more advanced routing feature.
Here's some examples of what you can do with iptables, modify
accordingly:
#Slow down GoogleBot
iptables -A INPUT -i eth* -p tcp -s 64.68.82.0/24 -m tos --tos
Minimize-Cost
iptables -A OUTPUT -o eth* -p tcp -d 64.68.82.0/24 -m tos --tos
Minimize-Cost
#give high priority (Maximize-Reliability) status to SSH
iptables -A INPUT -i eth* -p tcp --dport 22 -m tos --tos
Maximize-Reliability
iptables -A OUTPUT -o eth* -p tcp --sport 22 -m tos --tos
Maximize-Reliability
#give high priority (Minimize-Delay) to http traffic
iptables -A INPUT -i eth* -p tcp --dport 80 -m tos --tos Minimize-Delay
iptables -A OUTPUT -o eth* -p tcp --sport 80 -m tos --tos Minimize-Delay
#give low priority (Minimize-Cost) status to in/out smtp traffic
iptables -A INPUT -i eth* -p tcp --dport 25 -m tos --tos Minimize-Cost
iptables -A OUTPUT -o eth* -p tcp --dport 25 -m tos --tos Minimize-Cost
see "iptables -m tos -h' for other TOS values.
-Jim P.
More information about the Ale
mailing list