fair_traffic_shaping_an_adsl_line_for_a_local_network_using_linux
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
fair_traffic_shaping_an_adsl_line_for_a_local_network_using_linux [2018/12/06 21:55] abeverley |
fair_traffic_shaping_an_adsl_line_for_a_local_network_using_linux [2018/12/06 21:56] abeverley |
||
|---|---|---|---|
| Line 49: | Line 49: | ||
| Next we need to mark traffic as required, using the principles set out earlier. The following code contains some examples. | Next we need to mark traffic as required, using the principles set out earlier. The following code contains some examples. | ||
| - | # Set default mark for forwarded packets | + | <code> |
| - | $IPTABLES -t mangle -A FORWARD -j MARK --set-mark 40 | + | # Set default mark for forwarded packets |
| - | + | $IPTABLES -t mangle -A FORWARD -j MARK --set-mark 40 | |
| - | # Mark http and https traffic as 30, both in and out | + | |
| - | $IPTABLES -t mangle -A FORWARD -p tcp --sport 80 -i ppp0 -j MARK --set-mark 30 | + | # Mark http and https traffic as 30, both in and out |
| - | $IPTABLES -t mangle -A FORWARD -p tcp --dport 80 -o ppp0 -j MARK --set-mark 30 | + | $IPTABLES -t mangle -A FORWARD -p tcp --sport 80 -i ppp0 -j MARK --set-mark 30 |
| - | $IPTABLES -t mangle -A FORWARD -p tcp --sport 443 -i ppp0 -j MARK --set-mark 30 | + | $IPTABLES -t mangle -A FORWARD -p tcp --dport 80 -o ppp0 -j MARK --set-mark 30 |
| - | $IPTABLES -t mangle -A FORWARD -p tcp --dport 443 -i eth0 -j MARK --set-mark 30 | + | $IPTABLES -t mangle -A FORWARD -p tcp --sport 443 -i ppp0 -j MARK --set-mark 30 |
| - | + | $IPTABLES -t mangle -A FORWARD -p tcp --dport 443 -i eth0 -j MARK --set-mark 30 | |
| - | # Mark in and out SSH traffic as high priority | + | |
| - | $IPTABLES -t mangle -A FORWARD -p tcp --sport 22 -i ppp0 -j MARK --set-mark 10 | + | # Mark in and out SSH traffic as high priority |
| - | $IPTABLES -t mangle -A FORWARD -p tcp --dport 22 -o ppp0 -j MARK --set-mark 10 | + | $IPTABLES -t mangle -A FORWARD -p tcp --sport 22 -i ppp0 -j MARK --set-mark 10 |
| - | + | $IPTABLES -t mangle -A FORWARD -p tcp --dport 22 -o ppp0 -j MARK --set-mark 10 | |
| - | # Mark DNS traffic from localhost | + | |
| - | $IPTABLES -t mangle -A OUTPUT -m udp -p udp --dport 53 -o ppp0 -j MARK --set-mark 10 | + | # Mark DNS traffic from localhost |
| - | $IPTABLES -t mangle -A OUTPUT -m udp -p udp --sport 53 -o eth0 -j MARK --set-mark 10 | + | $IPTABLES -t mangle -A OUTPUT -m udp -p udp --dport 53 -o ppp0 -j MARK --set-mark 10 |
| - | + | $IPTABLES -t mangle -A OUTPUT -m udp -p udp --sport 53 -o eth0 -j MARK --set-mark 10 | |
| - | # IMAP | + | |
| - | $IPTABLES -t mangle -A FORWARD -p tcp --sport 993 -i ppp0 -j MARK --set-mark 30 | + | # IMAP |
| - | $IPTABLES -t mangle -A FORWARD -p tcp --dport 993 -o ppp0 -j MARK --set-mark 30 | + | $IPTABLES -t mangle -A FORWARD -p tcp --sport 993 -i ppp0 -j MARK --set-mark 30 |
| - | + | $IPTABLES -t mangle -A FORWARD -p tcp --dport 993 -o ppp0 -j MARK --set-mark 30 | |
| - | # Mark any large downloads as 40 (they may have been marked 30 or 10 earlier) | + | |
| - | $IPTABLES -t mangle -A FORWARD -m connbytes --connbytes 504857: --connbytes-dir both \\ | + | # Mark any large downloads as 40 (they may have been marked 30 or 10 earlier) |
| - | --connbytes-mode bytes -j MARK --set-mark 40 | + | $IPTABLES -t mangle -A FORWARD -m connbytes --connbytes 504857: --connbytes-dir both \\ |
| - | + | --connbytes-mode bytes -j MARK --set-mark 40 | |
| - | # To speed up downloads while an upload is going on, put short ACK | + | |
| - | # packets in their own class: | + | # To speed up downloads while an upload is going on, put short ACK |
| - | $IPTABLES -t mangle -A FORWARD -o ppp0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK ACK -m length --length :64 -j MARK --set-mark 20 | + | # packets in their own class: |
| + | $IPTABLES -t mangle -A FORWARD -o ppp0 -p tcp -m tcp --tcp-flags \\ | ||
| + | FIN,SYN,RST,ACK ACK -m length --length :64 -j MARK --set-mark 20 | ||
| + | </code> | ||
| Now we need to look out for all those P2P connections. We're going to find these out by looking for a client on the network making lots of connections to high port numbers, which is generally what P2P software does. This isn't foolproof of course: I have seen P2P software start to use port 80, and there could be false negatives, but on the whole it seems to work better than any other solutions out there that I have tried. | Now we need to look out for all those P2P connections. We're going to find these out by looking for a client on the network making lots of connections to high port numbers, which is generally what P2P software does. This isn't foolproof of course: I have seen P2P software start to use port 80, and there could be false negatives, but on the whole it seems to work better than any other solutions out there that I have tried. | ||
fair_traffic_shaping_an_adsl_line_for_a_local_network_using_linux.txt · Last modified: 2018/12/06 22:02 by abeverley
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
