I have some remakst to make.
You can''t use iptables on a linux bridge. (I think there is a patch
that you
can, but I''m not sure). And try to patch the kernel for htb
(it''s a
replacement for cbq). And maybe you can try to filter on mac-address so you
don''t need to know the ip-addresses.
Stef
On Thursday 01 August 2002 18:51, D. Stimits wrote:> I''m about to set up a Linux bridge (kernel 2.4.18.x from Redhat
7.3)
> between a (future) cable modem and several machines in the house. Some
> of those machines are windows, mine is Linux (but dual boots to
> windows). Basically:
>
> CABLE_MODEM (DHCP issues to each machine)
>
> |(eth0 -- outer)
>
> LINUX_BRIDGE (not proxy, but is firewall on some ports)
>
> |(eth1 -- inner)
>
> 8_PORT_SWITCH
>
> |-Machine1
> |-Machine2
>
> ...
>
> |-MachineN
>
> Except for my machine, the other machines will email and web browsing
> machines (I do cvs, ssh, remote web site editing, and write network game
> software in Linux, as well as play games under windows). My goal is
> similar to the cable modem "wonder shaper", but I''m not
positive if
> maybe I need to expand on that, and am currently not familiar with the
> more advanced QoS and shaping abilities (I know they are there, I now
> have some docs, and a machine I will be able to test on soon),
> especially with respect to bridges. I want my machine to have low
> latency, but the other machines do not care about latency; all machines
> care about having a fair bandwidth.
>
> A problem I am thinking about (until I get my bridge done I can only
> think about it, can''t test anything) is that each machine is
assigned
> address via DHCP, so perhaps the Linux bridge will have to find a way to
> know which DHCP address is assigned to which physical machine. If I were
> to simply assign qualities to the inside interface (eth1), then the same
> QoS and general characteristics would apply to all machines...which I do
> not want, so it seems I must deal on a per-IP-address basis, or a
> per-port basis. For port 80 web traffic, this seems just fine. I could
> even assign a quality for telnet and ssh ports. However, if I suddenly
> decide that one machine wants different characteristics for a port, or
> if it is an unknown port (such as some games work with...they may not
> always use the same port, or they can use more than one port at once),
> this breaks. So I am wanting to deal with latency on a per-machine
> basis, and simply assign low latency to my machine in general, and fair
> bandwidth for all machines; perhaps after that, I could override for
> particular ports, and for example, make all machines use port 80 web
> traffic with higher latency, even on my machine (which is otherwise low
> latency).
>
> Is this reasonable with current 2.4.x kernels? Are there particular
> things to watch out for or look for, especially for a bridge?
>
> Also, I have used ipchains in the past, but it seems iptables will be
> the future. What parts of this depend on iptables versus ipchains (if
> any)? The iproute2 package seems to provide most of the features
I''m
> looking at, but it is conceivable that the use of ipchains or iptables
> will interact.
>
> D. Stimits, stimits AT idcomm.com
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
--
stef.coene@docum.org
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.openprojects.net
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/