[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] iptables TOS (was: b'bye)

Subject: [ale] iptables TOS (was: b'bye)
From: cfowler at outpostsentinel.com (Christopher Fowler)
Date: Tue May 24 15:00:08 2005
In-reply-to: <1116953545.7279.138.camel@localhost>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <1116948992.7279.99.camel@localhost> <[email protected]> <[email protected]> <1116953545.7279.138.camel@localhost>

Now you confused me.  

1.  What is TOS vs QoS?
2.  I've seen other commands used instead of iptables
    when doing QoS.
3.  Is it possible to limit bandwidth from a specific internal IP 
    address no matter the load.  Can I say that 192.168.1.5 can only 
    have up to 5% of the bandwidth period.  No bursting based on load?

People sending attachments on our network can use up almost all our
bandwidth so I want to protect it.


On Tue, 2005-05-24 at 12:52, Jim Popovitch wrote:
> On Tue, 2005-05-24 at 12:29 -0400, Christopher Fowler wrote:
> > On Tue, 2005-05-24 at 11:40, James Sumners wrote:
> > > I am interested in controlling the bandwith of specific protocols
> > > across a whole network.
> > 
> > What I want to do too.  I want to be sure that all traffic leaving my
> > network with a destination of port 25 has extremely low priority.  And
> > at most can consume no more than 10% of the total bandwidth.  I also
> > want my VOIP Packet8 device to have very high priority.  My firewall is
> > a 2.4.X machine so I'm sure things are different in 2.6.X vs 2.4.X. 
> 
> Iptables works on 2.4.x, I'm using it on several Redhat 7.3 boxes
> (kernel 2.4.20) and 2.6.11 boxes
> 
> The problem w/ 10% is not something that (afaik) iptables can address.
> That is a more advanced routing feature.
> 
> Here's some examples of what you can do with iptables, modify
> accordingly:
> 
> #Slow down GoogleBot
> iptables -A INPUT -i eth* -p tcp -s 64.68.82.0/24 -m tos --tos
>  Minimize-Cost
> iptables -A OUTPUT -o eth* -p tcp -d 64.68.82.0/24 -m tos --tos
>  Minimize-Cost
> 
> #give high priority (Maximize-Reliability) status to SSH
> iptables -A INPUT -i eth* -p tcp --dport 22 -m tos --tos
>  Maximize-Reliability
> iptables -A OUTPUT -o eth* -p tcp --sport 22 -m tos --tos
>  Maximize-Reliability
> 
> #give high priority (Minimize-Delay) to http traffic
> iptables -A INPUT -i eth* -p tcp --dport 80 -m tos --tos Minimize-Delay
> iptables -A OUTPUT -o eth* -p tcp --sport 80 -m tos --tos Minimize-Delay
> 
> #give low priority (Minimize-Cost) status to in/out smtp traffic
> iptables -A INPUT -i eth* -p tcp --dport 25 -m tos --tos Minimize-Cost
> iptables -A OUTPUT -o eth* -p tcp --dport 25 -m tos --tos Minimize-Cost
> 
> 
> see "iptables -m tos -h' for other TOS values.
> 
> -Jim P.
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale

Follow-Ups:
- [ale] iptables TOS (was: b'bye)
  - From: jimpop at yahoo.com (Jim Popovitch)
- [ale] iptables TOS (was: b'bye)
  - From: jrickman at gmail.com (Jonathan Rickman)
- [ale] iptables TOS
  - From: esoteric at 3times25.net (Geoffrey)

References:
- [ale] b'bye
  - From: jsheets at yahoo.com (Jerald Sheets)
- [ale] b'bye
  - From: jrickman at gmail.com (Jonathan Rickman)
- [ale] b'bye
  - From: cfowler at outpostsentinel.com (Christopher Fowler)
- [ale] b'bye
  - From: groups at ChangingLINKS.com (ChangingLINKS.com)
- [ale] b'bye
  - From: cfowler at outpostsentinel.com (Christopher Fowler)
- [ale] b'bye
  - From: jimpop at yahoo.com (Jim Popovitch)
- [ale] b'bye
  - From: james.sumners at gmail.com (James Sumners)
- [ale] b'bye
  - From: cfowler at outpostsentinel.com (Christopher Fowler)
- [ale] iptables TOS (was: b'bye)
  - From: jimpop at yahoo.com (Jim Popovitch)

Prev by Date: [ale] Installing j2se on RHEL 3?
Next by Date: [ale] b'bye
Previous by thread: [ale] iptables TOS (was: b'bye)
Next by thread: [ale] iptables TOS (was: b'bye)
Index(es):
- Date
- Thread