From: Sorin Panca <sorin.panca@gmail.com>
To: netfilter@lists.netfilter.org
Subject: Re: How would this help my LAN / network
Date: Fri, 07 Oct 2005 20:21:21 +0300 [thread overview]
Message-ID: <4346AE91.8090002@gmail.com> (raw)
In-Reply-To: <4346A414.3030809@eccotours.dyndns.org>
Hi!
Brent Clark wrote:
> Sorin Panca wrote:
>
>>
>> Small packets and control pachets should have priority because they
>> carry intrractive traffic.
>
>
> HI
>
> I just had this other Idea,
>
> I have a few services running in my private LAN, - Rules as so:
>
> # To allow PPL to see PORT 80 and 443 for a particular webserver
> $IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to
> 192.168.111.11:80
> $IPT -t filter -A FORWARD -i eth0 -p tcp --dport 80 -d 192.168.111.11 -j
> ACCEPT
> $IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to
> 192.168.111.11:443
> $IPT -t filter -A FORWARD -i eth0 -p tcp --dport 443 -d 192.168.111.11
> -j ACCEPT
>
> # TO ALLOW SMTP
> $IPT -t nat -A PREROUTING -i eth0 -p tcp --dport 25 -j DNAT --to
> 192.168.111.11:25
> $IPT -t filter -A FORWARD -i eth0 -p tcp --dport 25 -d 192.168.111.11 -j
> ACCEPT
>
> Can / should I use this following to help my internal web / mail server.
>
> $IPT -t mangle -A PREROUTING -p tcp -m tcp --sport 80 -j TOS --set-tos
> Maximize-Throughput
> $IPT -t mangle -A PREROUTING -p tcp -m tcp --sport 25 -j TOS --set-tos
> Maximize-Throughput
Maximize-Throughput puts the packet in a low priority band. To help your
web server you should set the TOS to Minimize-Delay.
But as someone on the LARTC list said today, as a response to your post
there, few or none of the ISPs around the world honnor those TOS bits...
For your router you have two options for making it to consider those
bits: a classful queuing discipline that priorize according to their
meaning (that's PRIO qdisc) or a classless qdisc like pfifo_fast. The
last one happen to be the default qdisc for egress on Linux's NICs.
I don't think that sending mail is interactive traffic nor receiving it.
>
> Just something I was thinking.
>
> Kind Regards
> Brent Clark
>
prev parent reply other threads:[~2005-10-07 17:21 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-10-07 14:30 How would this help my LAN / network Brent Clark
2005-10-07 15:16 ` Sorin Panca
2005-10-07 16:08 ` Brent Clark
2005-10-07 16:21 ` Rob Sterenborg
2005-10-07 16:40 ` Sorin Panca
2005-10-07 16:45 ` Gregory G Carter
2005-10-07 17:12 ` John A. Sullivan III
2005-10-07 17:36 ` Sorin Panca
2005-10-07 16:36 ` Brent Clark
2005-10-07 17:21 ` Sorin Panca [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4346AE91.8090002@gmail.com \
--to=sorin.panca@gmail.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.