On Wed, Sep 08, 2004 at 10:17:40PM +0200, Tzahi Fadida wrote: > sometimes its not enough to use only TOS and traffic shapers are better.
Using TOS isn't enough. In order for TOS-based priorities to take actual effect, you also need to cap your upstream to prevent packet queueing at the ISP side. This is what I've done with the 'tc' command. > however, you can set TOS flags to certain ports using iptables. Right, but it's mostly unnecessary. Before you set TOS on a certain port, use a traffic analyzer (like Ethereal): You might find out those packets already have a proper TOS. > btw, I am not sure you need also OUTPUT, I think PREROUTING is enough. > also you must understand you only control with TOS the outgoing packets. > if I understand correctly TOS works by grouping packets in 5 queues of Linux uses a 3-queue algorithm -- called the 'pfifo_fast' queueing discipline. You can read more about it in the Linux Advanced Routing and Traffic Control (LARTC) HOWTO. > $iptdir -A PREROUTING -t mangle -p tcp --dport 21 -j TOS --set-tos > Minimize-Delay That's unnecessary. Your FTP client sets the TOS on its sockets already. > $iptdir -A PREROUTING -t mangle -p tcp --dport 22 -j TOS --set-tos > Minimize-Delay Ditto for 'ssh'. > $iptdir -A PREROUTING -t mangle -p tcp --dport 23 -j TOS --set-tos > Minimize-Delay And 'telnet' too. > $iptdir -A PREROUTING -t mangle -p tcp --dport 80 -j TOS --set-tos > Minimize-Delay That's not entirely smart. This will make HTTP uploads be on the same priority as pings and Quake games; and Quake games sure need to be more responsive than mail you send thru your webmail... > $iptdir -A PREROUTING -t mangle -p tcp --dport 25 -j TOS --set-tos > Minimize-Delay That's entirely wrong. Is sending mail an "interactive" task? Nope, and it surely doesn't deserve to halt your Quake game, or your streaming video show. ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
