Anyone using iptables and --set-tos?

[joey2k]

Anyone use iptables and familiar with the --set-tos option?

I'm looking for a good resource on it and/or examples of actual firewall scripts using it.

I have a 768 down/128 up ADSL connection and it's easy for a file upload to ruin web browsing and VPN. I want my router to prioritize http and vpn traffic. Anyone have experience doing something like this?

My router:
Redhat Linux 7.2
iptables firewall
PPPoE connection to internet

Thanks!
-- Joel

 

[gaidin123]

Yes I do exactly this at home but without the set-tos option. iptables doesn't have support for QoS. You will want the iproute2 tools to do this. I'd recommend taking a look at http://www.lartc.org for detailed instructions on how to set this all up.

In my case I am using a heavily modified version of the "wondershaper" htb script example in the howto. I've added a few more queues but the 2 rules that apply to what you want are simply these:
# Web into faster class
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 match ip dport 80 0xffff flowid 1:10
# VPN gets priority
tc filter add dev $DEV parent 1:0 protocol ip prio 10 u32 match ip dst VPN_IP/32 flowid 1:10

Now granted I'm not actually prioritizing http protocol and pptp protocol traffic, rather I'm pushing port 80 destination and all traffic going to the VPN server into a higher priority queue. It works but of course doing something like that could be a problem on networks with more than a few users. 🙂

Gaidin

Edit: for the VPN if you find know which protocol you're using you can just filter for that protocol and prioritize it that way instead of the ghetto way I'm doing it.