[Openswan Users] OpenSwan traffic shaping with HTB & sfq
Lewis Shobbrook
lshobbrook at fasttrack.net.au
Thu May 5 16:03:27 CEST 2005
Thanks for the reply Herbert,
> Tomasz Grzelak <tgrzelak at wktpolska.com.pl> wrote:
> >
> > maybe try to use the MARK target in the iptables script,
> for example:
> > mark the ftp traffic as 21, and rdp traffic as 1;
>
> Yep. You could also use TOS or CLASSIFY, both of which will
> survive the IPsec transformation.
>
> Cheers,
> --
> Visit Openswan at http://www.openswan.org/
> Email: Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
> Home Page: http://gondor.apana.org.au/~herbert/
> PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
I've applied a combination of TOS & fw mark.
I'd already played around with the TOS by itself, my results indicate
that it's only partially effective.
Using fw mark to restrict the source IP fo file servers seemed to be the
more effective.
The end result isn't quite perfect, but a substantial improvement.
I also like the look of CLASSIFY has that been around for long?
Cheers,
Lewis
More information about the Users
mailing list