I'm about to set up a Linux bridge (kernel 2.4.18.x from Redhat 7.3)
between a (future) cable modem and several machines in the house. Some
of those machines are windows, mine is Linux (but dual boots to
windows). Basically:
CABLE_MODEM (DHCP issues to each machine)
|
|(eth0 -- outer)
LINUX_BRIDGE (not proxy, but is firewall on some ports)
|(eth1 -- inner)
|
8_PORT_SWITCH
|
|-Machine1
|-Machine2
...
|-MachineN
Except for my machine, the other machines will email and web browsing
machines (I do cvs, ssh, remote web site editing, and write network game
software in Linux, as well as play games under windows). My goal is
similar to the cable modem "wonder shaper", but I'm not positive if
maybe I need to expand on that, and am currently not familiar with the
more advanced QoS and shaping abilities (I know they are there, I now
have some docs, and a machine I will be able to test on soon),
especially with respect to bridges. I want my machine to have low
latency, but the other machines do not care about latency; all machines
care about having a fair bandwidth.
A problem I am thinking about (until I get my bridge done I can only
think about it, can't test anything) is that each machine is assigned
address via DHCP, so perhaps the Linux bridge will have to find a way to
know which DHCP address is assigned to which physical machine. If I were
to simply assign qualities to the inside interface (eth1), then the same
QoS and general characteristics would apply to all machines...which I do
not want, so it seems I must deal on a per-IP-address basis, or a
per-port basis. For port 80 web traffic, this seems just fine. I could
even assign a quality for telnet and ssh ports. However, if I suddenly
decide that one machine wants different characteristics for a port, or
if it is an unknown port (such as some games work with...they may not
always use the same port, or they can use more than one port at once),
this breaks. So I am wanting to deal with latency on a per-machine
basis, and simply assign low latency to my machine in general, and fair
bandwidth for all machines; perhaps after that, I could override for
particular ports, and for example, make all machines use port 80 web
traffic with higher latency, even on my machine (which is otherwise low
latency).
Is this reasonable with current 2.4.x kernels? Are there particular
things to watch out for or look for, especially for a bridge?
Also, I have used ipchains in the past, but it seems iptables will be
the future. What parts of this depend on iptables versus ipchains (if
any)? The iproute2 package seems to provide most of the features I'm
looking at, but it is conceivable that the use of ipchains or iptables
will interact.
D. Stimits, stimits AT idcomm.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
