Hello Devik!
and set classid directly in iptables like:
iptables -t mangle -A to-dsl -p tcp --dport 80 -j MARK --set-mark 0x10010
iptables -t mangle -A to-dsl -p tcp --sport 24 -j MARK --set-mark 0x10020
Oh an and I forgot to ask: Is there any other improvement exept for having a
We are using Ipchains. I guess that makes no difference. At the moment we do the
following:
For Example (all rules for the same device):
1. filter ACKs by using u32
2. filter a specific IP by using ipchains -m (because we masquarade) with its
own tc fw
3. filter ToS by using u32
4.
and set classid directly in iptables like:
iptables -t mangle -A to-dsl -p tcp --dport 80 -j MARK --set-mark 0x10010
iptables -t mangle -A to-dsl -p tcp --sport 24 -j MARK --set-mark 0x10020
Oh an and I forgot to ask: Is there any other improvement exept for having a
shorter script?
It
Hi,
I'm happy that HTB gained so much popularity ;) Only
one hint for you - you can completely avoid all these
tc filter add fw ...
You can use only one
tc filter add dev ppp0 parent 1: protocol ip prio 1 handle 1 fw
and set classid directly in iptables like:
iptables -t mangle -A to-dsl -p
Martin Devera said:
Hi,
I'm happy that HTB gained so much popularity ;) Only
one hint for you - you can completely avoid all these
tc filter add fw ...
You can use only one
tc filter add dev ppp0 parent 1: protocol ip prio 1 handle 1 fw
and set classid directly in iptables like:
The other thing that is current sub-optimal is the division of long uploads
vs short uploads. I've attempted to ensure that normal webpages are
downloaded as fast as possible with the burst parameter but if someone is
downloading a large file from my website all other web users suffer. I've
- Original Message -
From: alex [EMAIL PROTECTED]
# For outgoing packets we need to mark stuff
/sbin/iptables -t mangle -A to-dsl -p tcp --dport 22 -j MARK
--set-mark 1
/sbin/iptables -t mangle -A to-dsl -p tcp --dport 80 -j MARK
--set-mark 2
I'd also do like this:
Hello there!
I'd also do like this:
iptables -t mangle -A to-dsl -p tcp --dport 22 -j MARK --set-mark 1
iptables -t mangle -A to-dsl -p tcp --dport 22 -j RETURN
iptables -t mangle -A to-dsl -p tcp --dport 80 -j MARK --set-mark 2
iptables -t mangle -A to-dsl -p tcp --dport 80 -j RETURN
Otherwise iptables will do the whole to-dsl list for every packet. In
your case ot wouldn't matter except for some extra CPU usage. But if you
would like to mark port 80 as bulk-traffic and ACK's as interactive
traffic, then those port 80 ACK's could be marked as bulk which you
wouldn't
Hi there!
I'm happy that HTB gained so much popularity ;)
Oh yes, its realy popular already, not only among people who now a lot about
linux, they just don't know they are using it. - www.fli4l.de
Only one hint for you - you can completely avoid all these
tc filter add fw ...
You can
Hello again!
Only one hint for you - you can completely avoid all these
tc filter add fw ...
You can use only one
tc filter add dev ppp0 parent 1: protocol ip prio 1 handle 1 fw
and set classid directly in iptables like:
iptables -t mangle -A to-dsl -p tcp --dport 80 -j MARK
Hi,
Firstly I appologise for the cross-posting but as I got help from all
over the place I thought I had better feed back the results now I have
this working.
The Problem:
I run a Speedtouch ADSL modem on my router and host a number of services
behind my link (web server mainly) so people
12 matches
Mail list logo
