[Firehol-support] howto configure high priority traffic (ssh)?
JusTiCe8
justice8 at wanadoo.fr
Thu May 20 12:11:21 BST 2004
Hi,
Bernhard J. M. Gruen wrote:
> Hi,
>
> I would like to set up some rules to optimize the speed of a ssh
> connection (to an ssh server NOT in my private network). I saw that
> there exist some -t mangle rules but I don't know yet the "best" rules
> for doing that. I know that this question has nearly nothing to do
> with FireHOL but on this list are some really good firewall experts.
> Anyway it would also be a nice enhancement to FireHOL if something
> like high priority traffic (with mangle and TOS or in general QoS)
> would be supported. This way a server can answer (for example) ssh
> connections even if it is under high load during a for example DoS
> attack.
>
>
I have find a good solution to gain QoS running well on a linux box and
with not so much pain, I hame write a documentation (in french yet)
about what I have done at :
http://perso.wanadoo.fr/justice8/linux/qos.html, you just have to
download, compile and install dsl_qos_queue
(http://www.sonicspike.net/software/#dsl_qos_queue), add some rules in
your firehol.conf like (inspired from dsl_qos_queue doc):
iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 80 -j MARK --set-mark
22 # http
iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 443 -j MARK --set-mark
22 # https
iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 110 -j MARK --set-mark
23 # POP3
iptables -t mangle -A MYSHAPER-OUT -p tcp --dport 25 -j MARK --set-mark
23 # SMTP
and everything will be fine :).
>
> Bernhard Gruen, Germany
Regards,
J8.
More information about the Firehol-support
mailing list