Configuring a Firewall to prefer certain traffic...

David A. Sinck plug-discuss@lists.PLUG.phoenix.az.us
Mon, 30 Apr 2001 08:21:08 -0700


\_ SMTP quoth der.hans on 4/30/2001 00:39 as having spake thusly:
\_
\_ > Is it possible to configure a linux firewall to prefer traffic from a
\_ > certain host?  In other words, if you have 2 hosts on a network, and
\_ > one is doing a download, if the second one starts something up, it
\_ > will *NOT* be affected by the download on the first box, but the first
\_ > box's traffic will slow down to allow the second one through?
\_
\_ # Speed up telnet and ssh connects
\_ # ipchains -A ext-in -p TCP -s 0/0 23 -t 0x01 0x10
\_ # ipchains -A ext-out -p TCP -d 0/0 23 -t 0x01 0x10
\_ ipchains -A ext-in -p TCP -s 0/0 22 -t 0x01 0x10
\_ ipchains -A ext-out -p TCP -d 0/0 22 -t 0x01 0x10

Golly, telnet isn't sped up?  Why not?  :-)

In addition to these fun fun rules, you can also tweak ftp to send
packets as large as possible (IIRC).

Also, there's a 'shaper' module that I've seen go buy on various
kernel installs/builds.  YMMV.

David