Configuring a Firewall to prefer certain traffic...
Jiva DeVoe
plug-discuss@lists.PLUG.phoenix.az.us
Mon, 30 Apr 2001 10:43:38 -0700
Cool, thanks Hans, where'd you pick these up? Is there some HOWTO on
this or something?
On Mon, Apr 30, 2001 at 12:39:16AM -0700, der.hans wrote:
> Am 29. Apr, 2001 schwäzte Jiva DeVoe so:
>
> > Is it possible to configure a linux firewall to prefer traffic from a
> > certain host? In other words, if you have 2 hosts on a network, and
> > one is doing a download, if the second one starts something up, it
> > will *NOT* be affected by the download on the first box, but the first
> > box's traffic will slow down to allow the second one through?
>
> H Speed up telnet and ssh connects
> H ipchains -A ext-in -p TCP -s 0/0 23 -t 0x01 0x10
> H ipchains -A ext-out -p TCP -d 0/0 23 -t 0x01 0x10
> ipchains -A ext-in -p TCP -s 0/0 22 -t 0x01 0x10
> ipchains -A ext-out -p TCP -d 0/0 22 -t 0x01 0x10
>
>
> H Make pop, ftp, nntp low priority
> ipchains -A ext-out -p TCP -d 0/0 ftp-data -t 0x01 0x02
> ipchains -A ext-out -p TCP -d 0/0 pop3 -t 0x01 0x02
> ipchains -A ext-out -p TCP -d 0/0 nntp -t 0x01 0x02
> Hipchains -A ext-out -p TCP -y -d 0/0 www -t 0x01 0x02
> Hipchains -A ext-out -p TCP -d 0/0 4000 -t 0x01 0x02
>
> That's supposed to work for services. I'd suppose you could get it to
> prefer certain IPs. Never checked to see if it really works.
>
> Then again, I get fairly decent ssh performance connecting to a host on
> speed choice one way from a ricochet.
>
> ciao,
>
> der.hans
--
Jiva DeVoe
VP Of Software Development
Opnix, Inc. - Simply shagadelic bandwidth.
GPG Fingerprint: 0A17 DF84 516A 1DC4 B837 FE6D 3128 41CD 97CB 4AA7