-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John Cavanaugh wrote:
| Two questions here...
|
| Im using 2.0 as my NAT gw box between my cable modem
| and my internal home network.
|
|
| #1 - Shaping Implementation
|
| How would I configure shorewall to give the highest
| priority for traffic to & from an IP address on my
| internal network. Maybe Im being a bit dense, but I
| couldnt figure it out.
Little wonder -- Shorewall doesn''t do traffic shaping.
|
|
| #2 - SSH & Shaping Strategy
|
| Well I managed to figure out how to give ssh high
| priority in my queue, but things ended up a bit
| screwy. Normally ssh is "interactive" thus why you
| want to give it high priority, but Im using it for vpn
| and I transfer a lot of files (ie. bulk traffic).
|
| Anybody have any thoughts/ideas on how to segment the
| traffic such that bulk copies dont get high priority??
|
I suggest that you try:
a) Using scp for transferring files.
b) Removing the SSH entries from /etc/shorewall/tos -- that way, only
the interactive ssh traffic will be marked for minimum delay by your SSH
client/server (note that in Shorewall 2.1, the /etc/shorewall/tos file
that I release has no entries at all).
- -Tom
- --
Tom Eastep \ Nothing is foolproof to a sufficiently talented fool
Shoreline, \ http://shorewall.net
Washington USA \ teastep@shorewall.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFBHMRfO/MAbZfjDLIRAsIyAJ9G3QtXU+MJ0UBgbrGrkcqycJN+IQCeJIPn
5+4S/uUM2qgwS9F3ztHBMQY=RMq3
-----END PGP SIGNATURE-----