Configuring a Firewall to prefer certain traffic...

[der.hans]

Am 29. Apr, 2001 schwäzte Jiva DeVoe so:

> Is it possible to configure a linux firewall to prefer traffic from a
> certain host?  In other words, if you have 2 hosts on a network, and
> one is doing a download, if the second one starts something up, it
> will *NOT* be affected by the download on the first box, but the first
> box's traffic will slow down to allow the second one through?

# Speed up telnet and ssh connects
# ipchains -A ext-in -p TCP -s 0/0 23 -t 0x01 0x10
# ipchains -A ext-out -p TCP -d 0/0 23 -t 0x01 0x10
ipchains -A ext-in -p TCP -s 0/0 22 -t 0x01 0x10
ipchains -A ext-out -p TCP -d 0/0 22 -t 0x01 0x10


# Make pop, ftp, nntp low priority
ipchains -A ext-out -p TCP -d 0/0 ftp-data -t 0x01 0x02
ipchains -A ext-out -p TCP -d 0/0 pop3 -t 0x01 0x02
ipchains -A ext-out -p TCP -d 0/0 nntp -t 0x01 0x02
#ipchains -A ext-out -p TCP -y -d 0/0 www -t 0x01 0x02
#ipchains -A ext-out -p TCP -d 0/0 4000 -t 0x01 0x02

That's supposed to work for services. I'd suppose you could get it to
prefer certain IPs. Never checked to see if it really works.

Then again, I get fairly decent ssh performance connecting to a host on
speed choice one way from a ricochet.

ciao,

der.hans
-- 
# der.hans@LuftHans.com home.pages.de/~lufthans/ www.YourCompanyHere.net ;-)
#  A t-shirt a day keeps the noose (tie) away. - der.hans