Re: Router / Firewall / Gateway
On Sat, 2004-10-09 at 08:24, mark wrote:
> Adam Lydick wrote:
<snip>
> > (4) set up flow control with tc to cap non-interactive bandwidth usage
> > (this was not fun)
>
> You had me with you up until number four here... "What's flow
> control" for?
It divides traffic into classes (categories) and allows you to
prioritize them and control the amount of bandwidth each class is
allowed to consume. Quite useful if you are hosting a webserver or a p2p
client off a DSL connection and still want to use it for web browsing.
My tc rules look something like:
* if traffic is tagged as bulk (by a previous iptables rule) stick it in
the low priority queue.
* otherwise assume it is interactive traffic and put it in the high
priority queue.
The kernel will drain the interactive queue before touching the bulk
queue, ensuring that I never need to wait on more than one outgoing bulk
packet.
I didn't find the tool to be very friendly for human consumption, but I
managed to stagger through it over a weekend and just saved a script so
I don't have to remember how to do it ;)
<snip>
> Ditto, It will even be a VERY simple install. The only thing
> different about it is that I recompiled the kernel to include MPPE
> encryption for MS type vpn connections for my road warriors.
> Yet more routing difficulties there...
VPN is something I haven't tried setting up yet.
> All in all, I guess I really need to learn iptables before
> continuing. But hey, everyone starts out that way right?
I would recommend it. It is not terribly difficult to learn and will be
the most flexible solution in the long run.
I can make my configuration available, if you would like some simple
examples to start with. (although I cannot make any promises about the
accuracy, other than a "best effort").
> Thanks all,
> Mark
- Adam
Reply to: