Hi All, I am using iptables mangle table to set the TOS bit of several kinds of traffic in order to give for instance ssh priority above bulk or normal traffic. For using ssh sessions from my linux box to a machine on the internet I use: iptables -t mangle -A PREROUTING -i ppp0 -p tcp --sport ssh -j TOS --set-tos Minimize-Delay iptables -t mangle -A OUTPUT -o ppp0 -p tcp --dport ssh -j TOS --set-tos Minimize-Delay Now my question is if the opposite rules do make sense also? iptables -t mangle -A PREROUTING -i ppp0 -p tcp --dport ssh -j TOS --set-tos Minimize-Delay iptables -t mangle -A OUTPUT -o ppp0 -p tcp --sport ssh -j TOS --set-tos Minimize-Delay My intention is to give priority to incoming (from internet to my linux box) ssh sessions also. Best regards, -- Ronald Verlaan http://80.60.86.86 ronald.phannee@planet.nl -------------------------------------------------------------------------- Mickey Mouse wears a Spiro Agnew watch.
> For using ssh sessions from my linux box to a machine on the internet I use: > iptables -t mangle -A PREROUTING -i ppp0 -p tcp --sport ssh -j TOS --set-tos Minimize-Delay > iptables -t mangle -A OUTPUT -o ppp0 -p tcp --dport ssh -j TOS --set-tos Minimize-Delaybut this itself will not priorize anything .. depends on routers outside> Now my question is if the opposite rules do make sense also? > iptables -t mangle -A PREROUTING -i ppp0 -p tcp --dport ssh -j TOS --set-tos Minimize-Delay > iptables -t mangle -A OUTPUT -o ppp0 -p tcp --sport ssh -j TOS --set-tos Minimize-Delay > My intention is to give priority to incoming (from internet to my linux > box) ssh sessions also.It is nonsence .. Once packet is in your box all QoS decisions was already made. devik
On Sun, 20 Jan 2002, Martin Devera wrote: Hi Martin> > iptables -t mangle -A PREROUTING -i ppp0 -p tcp --sport ssh -j TOS --set-tos Minimize-Delay > > iptables -t mangle -A OUTPUT -o ppp0 -p tcp --dport ssh -j TOS --set-tos Minimize-Delay > > but this itself will not priorize anything .. depends on routers outsideI know so that is why I do use: tc qdisc add dev ppp0 root handle 1: prio # traffic put by kernel in band 0 based on TOS bit just set by iptables tc qdisc add dev ppp0 parent 1:1 handle 10: sfq # traffic put by kernel in band 1 based on TOS bit just set by iptable tc qdisc add dev ppp0 parent 1:2 handle 20: tbf rate 61kbit latency 50ms burst 1540 # traffic put by kernel in band 2 based on TOS bit just set by iptable tc qdisc add dev ppp0 parent 1:3 handle 30: sfq This DOES shape my traffic , or am I wrong?> > Now my question is if the opposite rules do make sense also? > > iptables -t mangle -A PREROUTING -i ppp0 -p tcp --dport ssh -j TOS --set-tos Minimize-Delay > > iptables -t mangle -A OUTPUT -o ppp0 -p tcp --sport ssh -j TOS --set-tos Minimize-Delay > > My intention is to give priority to incoming (from internet to my linux > > box) ssh sessions also. > > It is nonsence .. Once packet is in your box all QoS decisions was already > made.Ok I agree :) But my thinking was that I CAN influence the return traffic thus slowing down (tcp window mechanism) the BULK connections and not slowing down the interactive traffic.. Makes sense or totally not? :P Best regards, -- Ronald Verlaan http://80.60.86.86 ronald.phannee@planet.nl -------------------------------------------------------------------------- Mickey Mouse wears a Spiro Agnew watch.