[ale] iptables TOS (was: b'bye)

[jimpop at yahoo.com (Jim Popovitch)]

On Tue, 2005-05-24 at 12:29 -0400, Christopher Fowler wrote:
> On Tue, 2005-05-24 at 11:40, James Sumners wrote:
> > I am interested in controlling the bandwith of specific protocols
> > across a whole network.
> 
> What I want to do too.  I want to be sure that all traffic leaving my
> network with a destination of port 25 has extremely low priority.  And
> at most can consume no more than 10% of the total bandwidth.  I also
> want my VOIP Packet8 device to have very high priority.  My firewall is
> a 2.4.X machine so I'm sure things are different in 2.6.X vs 2.4.X. 

Iptables works on 2.4.x, I'm using it on several Redhat 7.3 boxes
(kernel 2.4.20) and 2.6.11 boxes

The problem w/ 10% is not something that (afaik) iptables can address.
That is a more advanced routing feature.

Here's some examples of what you can do with iptables, modify
accordingly:

#Slow down GoogleBot
iptables -A INPUT -i eth* -p tcp -s 64.68.82.0/24 -m tos --tos
 Minimize-Cost
iptables -A OUTPUT -o eth* -p tcp -d 64.68.82.0/24 -m tos --tos
 Minimize-Cost

#give high priority (Maximize-Reliability) status to SSH
iptables -A INPUT -i eth* -p tcp --dport 22 -m tos --tos
 Maximize-Reliability
iptables -A OUTPUT -o eth* -p tcp --sport 22 -m tos --tos
 Maximize-Reliability

#give high priority (Minimize-Delay) to http traffic
iptables -A INPUT -i eth* -p tcp --dport 80 -m tos --tos Minimize-Delay
iptables -A OUTPUT -o eth* -p tcp --sport 80 -m tos --tos Minimize-Delay

#give low priority (Minimize-Cost) status to in/out smtp traffic
iptables -A INPUT -i eth* -p tcp --dport 25 -m tos --tos Minimize-Cost
iptables -A OUTPUT -o eth* -p tcp --dport 25 -m tos --tos Minimize-Cost


see "iptables -m tos -h' for other TOS values.

-Jim P.