Re: Priotizing protocols

From: Pekka Savola (pekkas@netcore.fi)
Date: Wed Jul 11 2001 - 05:25:22 EST


On Wed, 11 Jul 2001, MONZ wrote:

> In my ipchains firewall I have
>
> ipchains -A output -p tcp -d 0/0 www -i ppp+ -t 0x01 0x10
> ipchains -A output -p tcp -d 0/0 https -i ppp+ -t 0x01 0x10
> ipchains -A output -p tcp -d 0/0 pop3 -i ppp+ -t 0x01 0x10
> ipchains -A output -p tcp -d 0/0 simap -i ppp+ -t 0x01 0x10
> ipchains -A output -p tcp -d 0/0 ssh -i ppp+ -t 0x01 0x10
> #ipchains -A output -p tcp -d 0/0 telnet -i ppp+ -t 0x01 0x10
>
> ipchains -A output -p tcp -d 0/0 ftp-data -i ppp+ -t 0x01 0x02
> #ipchains -A output -p tcp -d 0/0 pop3 -i ppp+ -t 0x01 0x02
> ipchains -A output -p tcp -d 0/0 nntp -i ppp+ -t 0x01 0x02
>
> but when downloading everything else is unresonable slow (isdn link).
> Where do I read about those 0x.. values, so I can fix the problem?
> Man ipchains doesn't seen to tell enough..

If only one could fix the problems of slow links by applying quality of
service rules, I would be a rich man by now ;-)

Seriously though, these are only applied for outbound traffic; most
traffic in your case is inbound, from Internet to you. You cannot help
the problem with modifying TOS bits significantly. And even if some
servers mirror the TOS bits when sending replies, very few routers
implement QoS policies using them.

-- 
Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords

- To unsubscribe from this list: send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org



This archive was generated by hypermail 2b29 : Sun Jul 15 2001 - 21:00:25 EST