This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Last revision Both sides next revision | ||
fair_traffic_shaping_an_adsl_line_for_a_local_network_using_linux [2018/12/06 21:55] abeverley |
fair_traffic_shaping_an_adsl_line_for_a_local_network_using_linux [2018/12/06 21:56] abeverley |
||
---|---|---|---|
Line 50: | Line 50: | ||
<code> | <code> | ||
- | # Set default mark for forwarded packets | + | # Set default mark for forwarded packets |
- | $IPTABLES -t mangle -A FORWARD -j MARK --set-mark 40 | + | $IPTABLES -t mangle -A FORWARD -j MARK --set-mark 40 |
- | + | ||
- | # Mark http and https traffic as 30, both in and out | + | # Mark http and https traffic as 30, both in and out |
- | $IPTABLES -t mangle -A FORWARD -p tcp --sport 80 -i ppp0 -j MARK --set-mark 30 | + | $IPTABLES -t mangle -A FORWARD -p tcp --sport 80 -i ppp0 -j MARK --set-mark 30 |
- | $IPTABLES -t mangle -A FORWARD -p tcp --dport 80 -o ppp0 -j MARK --set-mark 30 | + | $IPTABLES -t mangle -A FORWARD -p tcp --dport 80 -o ppp0 -j MARK --set-mark 30 |
- | $IPTABLES -t mangle -A FORWARD -p tcp --sport 443 -i ppp0 -j MARK --set-mark 30 | + | $IPTABLES -t mangle -A FORWARD -p tcp --sport 443 -i ppp0 -j MARK --set-mark 30 |
- | $IPTABLES -t mangle -A FORWARD -p tcp --dport 443 -i eth0 -j MARK --set-mark 30 | + | $IPTABLES -t mangle -A FORWARD -p tcp --dport 443 -i eth0 -j MARK --set-mark 30 |
- | + | ||
- | # Mark in and out SSH traffic as high priority | + | # Mark in and out SSH traffic as high priority |
- | $IPTABLES -t mangle -A FORWARD -p tcp --sport 22 -i ppp0 -j MARK --set-mark 10 | + | $IPTABLES -t mangle -A FORWARD -p tcp --sport 22 -i ppp0 -j MARK --set-mark 10 |
- | $IPTABLES -t mangle -A FORWARD -p tcp --dport 22 -o ppp0 -j MARK --set-mark 10 | + | $IPTABLES -t mangle -A FORWARD -p tcp --dport 22 -o ppp0 -j MARK --set-mark 10 |
- | + | ||
- | # Mark DNS traffic from localhost | + | # Mark DNS traffic from localhost |
- | $IPTABLES -t mangle -A OUTPUT -m udp -p udp --dport 53 -o ppp0 -j MARK --set-mark 10 | + | $IPTABLES -t mangle -A OUTPUT -m udp -p udp --dport 53 -o ppp0 -j MARK --set-mark 10 |
- | $IPTABLES -t mangle -A OUTPUT -m udp -p udp --sport 53 -o eth0 -j MARK --set-mark 10 | + | $IPTABLES -t mangle -A OUTPUT -m udp -p udp --sport 53 -o eth0 -j MARK --set-mark 10 |
- | + | ||
- | # IMAP | + | # IMAP |
- | $IPTABLES -t mangle -A FORWARD -p tcp --sport 993 -i ppp0 -j MARK --set-mark 30 | + | $IPTABLES -t mangle -A FORWARD -p tcp --sport 993 -i ppp0 -j MARK --set-mark 30 |
- | $IPTABLES -t mangle -A FORWARD -p tcp --dport 993 -o ppp0 -j MARK --set-mark 30 | + | $IPTABLES -t mangle -A FORWARD -p tcp --dport 993 -o ppp0 -j MARK --set-mark 30 |
- | + | ||
- | # Mark any large downloads as 40 (they may have been marked 30 or 10 earlier) | + | # Mark any large downloads as 40 (they may have been marked 30 or 10 earlier) |
- | $IPTABLES -t mangle -A FORWARD -m connbytes --connbytes 504857: --connbytes-dir both \\ | + | $IPTABLES -t mangle -A FORWARD -m connbytes --connbytes 504857: --connbytes-dir both \\ |
- | --connbytes-mode bytes -j MARK --set-mark 40 | + | --connbytes-mode bytes -j MARK --set-mark 40 |
- | + | ||
- | # To speed up downloads while an upload is going on, put short ACK | + | # To speed up downloads while an upload is going on, put short ACK |
- | # packets in their own class: | + | # packets in their own class: |
- | $IPTABLES -t mangle -A FORWARD -o ppp0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK ACK -m length --length :64 -j MARK --set-mark 20 | + | $IPTABLES -t mangle -A FORWARD -o ppp0 -p tcp -m tcp --tcp-flags \\ |
+ | FIN,SYN,RST,ACK ACK -m length --length :64 -j MARK --set-mark 20 | ||
</code> | </code> | ||