[ale] iptables TOS (was: b'bye)

Christopher Fowler cfowler at outpostsentinel.com
Tue May 24 15:00:08 EDT 2005


Now you confused me.  

1.  What is TOS vs QoS?
2.  I've seen other commands used instead of iptables
    when doing QoS.
3.  Is it possible to limit bandwidth from a specific internal IP 
    address no matter the load.  Can I say that 192.168.1.5 can only 
    have up to 5% of the bandwidth period.  No bursting based on load?

People sending attachments on our network can use up almost all our
bandwidth so I want to protect it.


On Tue, 2005-05-24 at 12:52, Jim Popovitch wrote:
> On Tue, 2005-05-24 at 12:29 -0400, Christopher Fowler wrote:
> > On Tue, 2005-05-24 at 11:40, James Sumners wrote:
> > > I am interested in controlling the bandwith of specific protocols
> > > across a whole network.
> > 
> > What I want to do too.  I want to be sure that all traffic leaving my
> > network with a destination of port 25 has extremely low priority.  And
> > at most can consume no more than 10% of the total bandwidth.  I also
> > want my VOIP Packet8 device to have very high priority.  My firewall is
> > a 2.4.X machine so I'm sure things are different in 2.6.X vs 2.4.X. 
> 
> Iptables works on 2.4.x, I'm using it on several Redhat 7.3 boxes
> (kernel 2.4.20) and 2.6.11 boxes
> 
> The problem w/ 10% is not something that (afaik) iptables can address.
> That is a more advanced routing feature.
> 
> Here's some examples of what you can do with iptables, modify
> accordingly:
> 
> #Slow down GoogleBot
> iptables -A INPUT -i eth* -p tcp -s 64.68.82.0/24 -m tos --tos
>  Minimize-Cost
> iptables -A OUTPUT -o eth* -p tcp -d 64.68.82.0/24 -m tos --tos
>  Minimize-Cost
> 
> #give high priority (Maximize-Reliability) status to SSH
> iptables -A INPUT -i eth* -p tcp --dport 22 -m tos --tos
>  Maximize-Reliability
> iptables -A OUTPUT -o eth* -p tcp --sport 22 -m tos --tos
>  Maximize-Reliability
> 
> #give high priority (Minimize-Delay) to http traffic
> iptables -A INPUT -i eth* -p tcp --dport 80 -m tos --tos Minimize-Delay
> iptables -A OUTPUT -o eth* -p tcp --sport 80 -m tos --tos Minimize-Delay
> 
> #give low priority (Minimize-Cost) status to in/out smtp traffic
> iptables -A INPUT -i eth* -p tcp --dport 25 -m tos --tos Minimize-Cost
> iptables -A OUTPUT -o eth* -p tcp --dport 25 -m tos --tos Minimize-Cost
> 
> 
> see "iptables -m tos -h' for other TOS values.
> 
> -Jim P.
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale



More information about the Ale mailing list