Well so far I''ve used tc with htb with success, installed on a machine with two ethernet interfaces acting as a bridge. On eth0 I applied the ougoing policy and on eth1 the incomming. My users ussualy they use lot of protocols ( IRC, KAZAA and many more ) the IRC protocol by itself is from port 6667 up to 7000. So as you understand I have to write 300 and more lines for filtering the IRC traffic to feed it in a class that I''ve made up for the minimal bandwidth allocation. My problem is on how to make a filter to accept sport 6667-7000. I''ve searched but I didn''t found anything usefull in the list archives. Is there any way to do that or I have to make one filter per port ? Best regards Stamatis _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Mon, 30 Jun 2003 17:42:18 +0300 ÓôáìÜôçò ÊåêÝò <skekes@pylones.gr> wrote:> My problem is on how to make a filter to accept sport 6667-7000. I''ve > searched but I didn''t found anything usefull in the list archives. > Is there any way to do that or I have to make one filter per port ?You can use iptables (for example) to mark the packets in the range of ports you want and issue one filter for this mark Ethy H. Brito /"\ InterNexo Ltda. \ / CAMPANHA DA FITA ASCII - CONTRA MAIL HTML +55 (12) 3941-6860 X ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL S.J.Campos - Brasil / \ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Ethy H. Brito wrote:>On Mon, 30 Jun 2003 17:42:18 +0300 >ÓôáìÜôçò ÊåêÝò <skekes@pylones.gr> wrote: > > > >> My problem is on how to make a filter to accept sport 6667-7000. I''ve >>searched but I didn''t found anything usefull in the list archives. >> Is there any way to do that or I have to make one filter per port ? >> >> > >You can use iptables (for example) to mark the packets in the range of >ports you want and issue one filter for this mark > >Thanks for the answer. Well I thought that solution but I want to have all the filtering related with QoS in one machine. Otherwise I have to keep lot of docs up2date dor the firewall and the shaper too. Any other suggestion ? _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Mon, 30 Jun 2003 18:05:07 +0300 ???????? ????? <skekes@pylones.gr> wrote:> >You can use iptables (for example) to mark the packets in the range > >of ports you want and issue one filter for this mark > > > > > Thanks for the answer. > Well I thought that solution but I want to have all the filtering > related with QoS in one machine. > Otherwise I have to keep lot of docs up2date dor the firewall and the > shaper too.Didn''t got it! Why do you think you can''t have all in one machine? You can have your FW *and* traffic control in one machine or split it in two if you want. Its up to you to decide. Obviously you cannot pass marks between two machines if you choose the splitted solution. Marks and bwcontrol must reside in the same machine. -- Ethy H. Brito /"\ InterNexo Ltda. \ / CAMPANHA DA FITA ASCII - CONTRA MAIL HTML +55 (12) 3941-6860 X ASCII RIBBON CAMPAIGN - AGAINST HTML MAIL S.J.Campos - Brasil / \ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> > >Didn''t got it! Why do you think you can''t have all in one machine? >No I want them separate. The spaher is in one machine and the firewall is on the second machine. When I spoke about filtering I ment the classification rules and not the netfilter.>You can have your FW *and* traffic control in one machine or split it in >two if you want. >Its up to you to decide. Obviously you cannot pass marks between two >machines if you choose the splitted solution. Marks and bwcontrol must >reside in the same machine. > > >I want to classify the packets without the need of firewall. Thats what I ment. Anyway thanks for the advice Stamatis _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/