[Firehol-support] howto configure high priority traffic (ssh)?

JusTiCe8 justice8 at wanadoo.fr
Thu May 20 12:11:21 BST 2004


Bernhard J. M. Gruen wrote:

> Hi,
> I would like to set up some rules to optimize the speed of a ssh 
> connection (to an ssh server NOT in my private network). I saw that 
> there exist some -t mangle rules but I don't know yet the "best" rules 
> for doing that. I know that this question has nearly nothing to do 
> with FireHOL but on this list are some really good firewall experts. 
> Anyway it would also be a nice enhancement to FireHOL if something 
> like high priority traffic (with mangle and TOS or in general QoS) 
> would be supported. This way a server can answer (for example) ssh 
> connections even if it is under high load during a for example DoS 
> attack.
I have find a good solution to gain QoS running well on a linux box and 
with not so much pain, I hame write a documentation (in french yet) 
about what I have done at : 
http://perso.wanadoo.fr/justice8/linux/qos.html, you just have to 
download, compile and install dsl_qos_queue 
(http://www.sonicspike.net/software/#dsl_qos_queue), add some rules in 
your firehol.conf like (inspired from dsl_qos_queue doc):

iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 80 -j MARK --set-mark 
22   # http
iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 443 -j MARK --set-mark 
22   # https

iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 110 -j MARK --set-mark 
23   # POP3
iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 25 -j MARK --set-mark 
23   # SMTP

and everything will be fine :).

> Bernhard Gruen, Germany



More information about the Firehol-support mailing list