[ale] Complex QoS rules on network reorg.

Chris Fowler cfowler at outpostsentinel.com
Sun May 22 19:05:27 EDT 2016


This is a bit odd though. I'm matching on the first 3 octets of a vendor so that when I boot these devices they only get a range. I've booted over 1000 on my network. I never have more than a few running at a time. Right now I have 3. 

The one thing about a web interface doing all that work is that I can look at its output (iptables-save, tc show, etc) to learn. 

class "D300" { 
#match if binary-to-ascii(16,8,":",substring(hardware,0,3)) = "00:E0:C5"; 
match if substring(hardware,1,3) = 00:E0:C5; 
} 

pool { 
range 192.168.1.60 192.168.1.70; 
option domain-name-servers 4.2.2.1, 192.168.1.254; 
option routers 192.168.1.254; 
option broadcast-address 192.168.1.255; 
default-lease-time 86400 ; 
max-lease-time 86400; 
allow members of "D300" ; 
} 

> From: "James Taylor" <james.taylor at eastcobbgroup.com>
> To: "Atlanta Linux Enthusiasts" <ale at ale.org>
> Sent: Sunday, May 22, 2016 6:45:54 PM
> Subject: Re: [ale] Complex QoS rules on network reorg.

> If you are not completely set up open source, the Sophos home license would
> cover that for free.
> Download the vm and boot into configuration.
> Very nice web interface with anything you would need to do for you network,
> including vlans and QoS and VPN.

> https://www.sophos.com/en-us/products/free-tools/sophos-utm-home-edition.aspx

> -jt

> > On May 22, 2016, at 6:29 PM, Chris Fowler <cfowler at outpostsentinel.com> wrote:

>> Wife ordered Xfinity business at 50/10. This is given me an opportunity to
>> rebuild my network. I have daughters 13 and 11. Every one, but me, complains
>> about "streaming movies". They are also out in a week and for my SSH sanity I
> > need to lock everyone down.

> > Here are my thoughts.

> > 1. DHCP provides address by MAC not much in a pool.

> > 2. 192.168.1.0/24 is subdivided into subnets.
> > 2.1. "Enterprise". Servers, my desktop, services, etc.
> > 2.2. Entertainment. XboxOne, WiiU, etc.
> > 2.3. Each daughter gets their own cut of the 192.168.1.0/24.

>> 3. SSH needs TOP BILLING. I type fast. Followed by OpenVPN and Vtun. All that
> > will happen within 2.1, but SSH needs to defeat all Netflix

>> I've just received a Ubiquiti AP. This Is just an AP. It will be the only AP.
>> I'll use my own cable modem and then Linux will route between the private and
> > the public.

>> Purpose of 2.3. is so that when punishment occurs we'll simply degrade service
>> (I'm evil) or block their sub. I'll have a web page the wife can log into to
> > dish it out.

> > I'm going to install squid to proxy for 2.3 and take the SSL as well.

> > When they are out of school my SSH sessions go downhill fast.

>> I can do much of this, but I don't have much experience with the complex QoS
> > rules. Should I start with a CentOS 7 install or a firewall distro?

> > Chris





> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://mail.ale.org/mailman/listinfo/ale
> > See JOBS, ANNOUNCE and SCHOOLS lists at
> > http://mail.ale.org/mailman/listinfo

> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20160522/b87f178f/attachment.html>


More information about the Ale mailing list