Iosif Peterfi
2005-Jan-17 13:48 UTC
iproute2 + iptables - match the connection time or packets sent/recieved
Hello, I setup iproute2 and iptables on my box, is a P4 2000 Ghz / 1GB memory. I have setup squid and iptables to be a transparent proxy, with cache. I''ve read on lartc.org almost everything and i want to ask if there is a u32 match for the connection time or something like that, or an u32 match for the packet number in a connection. All i want to do is shape the web traffic for long conections wich are not HTML webpages, i want to slow down those connections. I know that can be overriden by stopin/resuming the transfer but i still want to do it since people start downloading from HTTP with many connections, during the day and leave the office, i have no time to hunt them, so i just want to classify those connections if is possible. If there is any patch for squid to classify URLS would be great, i`ll just put html/php/jsp/etc.. in the priority class. Toto -- This message was scanned for spam and viruses by BitDefender. For more information please visit http://linux.bitdefender.com/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Jason Boxman
2005-Jan-17 16:50 UTC
Re: iproute2 + iptables - match the connection time or packets sent/recieved
On Monday 17 January 2005 08:48, Iosif Peterfi wrote:> Hello, ><snip>> All i want to do is shape the web traffic for long conections wich are not > HTML webpages, i want to slow down those connections. > I know that can be overriden by stopin/resuming the transfer but i still > want to do it since people start downloading from HTTP with many > connections, during the day and leave the office, i have no time to hunt > them, so i just want to classify those connections if is possible.Sure, you can do that with the connbytes Netfilter module. After someone downloads some given amount of data you can reclassify that traffic from interactive-Web to bulk-Web or something similar. I''ve been meaning to do this myself, but haven''t gotten to it. -- Jason Boxman Perl Programmer / *NIX Systems Administrator Shimberg Center for Affordable Housing | University of Florida http://edseek.com/ - Linux and FOSS stuff _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Iosif Peterfi
2005-Jan-18 08:32 UTC
Re: iproute2 + iptables - match the connection time or packets sent/recieved
----- Original Message ----- From: "Jason Boxman" <jasonb@edseek.com> To: <lartc@mailman.ds9a.nl> Sent: Monday, January 17, 2005 6:50 PM Subject: Re: [LARTC] iproute2 + iptables - match the connection time or packets sent/recieved> On Monday 17 January 2005 08:48, Iosif Peterfi wrote: > > Hello, > > > <snip> > > All i want to do is shape the web traffic for long conections wich arenot> > HTML webpages, i want to slow down those connections. > > I know that can be overriden by stopin/resuming the transfer but i still > > want to do it since people start downloading from HTTP with many > > connections, during the day and leave the office, i have no time to hunt > > them, so i just want to classify those connections if is possible. > > Sure, you can do that with the connbytes Netfilter module. After someone > downloads some given amount of data you can reclassify that traffic from > interactive-Web to bulk-Web or something similar. I''ve been meaning to do > this myself, but haven''t gotten to it.Thanks a lot ! That was very usefull. I had some problems patching the kernel (I had to do it manually) since my gentoo kernel is already patched with a lot of other patches, but i managed to do it and works like a charm.> > -- > > Jason Boxman > Perl Programmer / *NIX Systems Administrator > Shimberg Center for Affordable Housing | University of Florida > http://edseek.com/ - Linux and FOSS stuff > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > > -- > This message was scanned for spam and viruses by BitDefender. > For more information please visit http://linux.bitdefender.com/ > >-- This message was scanned for spam and viruses by BitDefender. For more information please visit http://linux.bitdefender.com/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Iosif Peterfi
2005-Jan-18 08:32 UTC
Re: iproute2 + iptables - match the connection time or packets sent/recieved
----- Original Message ----- From: "Jason Boxman" <jasonb@edseek.com> To: <lartc@mailman.ds9a.nl> Sent: Monday, January 17, 2005 6:50 PM Subject: Re: [LARTC] iproute2 + iptables - match the connection time or packets sent/recieved> On Monday 17 January 2005 08:48, Iosif Peterfi wrote: > > Hello, > > > <snip> > > All i want to do is shape the web traffic for long conections wich arenot> > HTML webpages, i want to slow down those connections. > > I know that can be overriden by stopin/resuming the transfer but i still > > want to do it since people start downloading from HTTP with many > > connections, during the day and leave the office, i have no time to hunt > > them, so i just want to classify those connections if is possible. > > Sure, you can do that with the connbytes Netfilter module. After someone > downloads some given amount of data you can reclassify that traffic from > interactive-Web to bulk-Web or something similar. I''ve been meaning to do > this myself, but haven''t gotten to it.Thanks a lot ! That was very usefull. I had some problems patching the kernel (I had to do it manually) since my gentoo kernel is already patched with a lot of other patches, but i managed to do it and works like a charm.> > -- > > Jason Boxman > Perl Programmer / *NIX Systems Administrator > Shimberg Center for Affordable Housing | University of Florida > http://edseek.com/ - Linux and FOSS stuff > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ > > > -- > This message was scanned for spam and viruses by BitDefender. > For more information please visit http://linux.bitdefender.com/ > >-- This message was scanned for spam and viruses by BitDefender. For more information please visit http://linux.bitdefender.com/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/