I have some remakst to make. You can't use iptables on a linux bridge. (I think there is a patch that you can, but I'm not sure). And try to patch the kernel for htb (it's a replacement for cbq). And maybe you can try to filter on mac-address so you don't need to know the ip-addresses. Stef On Thursday 01 August 2002 18:51, D. Stimits wrote: > I'm about to set up a Linux bridge (kernel 2.4.18.x from Redhat 7.3) > between a (future) cable modem and several machines in the house. Some > of those machines are windows, mine is Linux (but dual boots to > windows). Basically: > > CABLE_MODEM (DHCP issues to each machine) > > |(eth0 -- outer) > > LINUX_BRIDGE (not proxy, but is firewall on some ports) > > |(eth1 -- inner) > > 8_PORT_SWITCH > > |-Machine1 > |-Machine2 > > ... > > |-MachineN > > Except for my machine, the other machines will email and web browsing > machines (I do cvs, ssh, remote web site editing, and write network game > software in Linux, as well as play games under windows). My goal is > similar to the cable modem "wonder shaper", but I'm not positive if > maybe I need to expand on that, and am currently not familiar with the > more advanced QoS and shaping abilities (I know they are there, I now > have some docs, and a machine I will be able to test on soon), > especially with respect to bridges. I want my machine to have low > latency, but the other machines do not care about latency; all machines > care about having a fair bandwidth. > > A problem I am thinking about (until I get my bridge done I can only > think about it, can't test anything) is that each machine is assigned > address via DHCP, so perhaps the Linux bridge will have to find a way to > know which DHCP address is assigned to which physical machine. If I were > to simply assign qualities to the inside interface (eth1), then the same > QoS and general characteristics would apply to all machines...which I do > not want, so it seems I must deal on a per-IP-address basis, or a > per-port basis. For port 80 web traffic, this seems just fine. I could > even assign a quality for telnet and ssh ports. However, if I suddenly > decide that one machine wants different characteristics for a port, or > if it is an unknown port (such as some games work with...they may not > always use the same port, or they can use more than one port at once), > this breaks. So I am wanting to deal with latency on a per-machine > basis, and simply assign low latency to my machine in general, and fair > bandwidth for all machines; perhaps after that, I could override for > particular ports, and for example, make all machines use port 80 web > traffic with higher latency, even on my machine (which is otherwise low > latency). > > Is this reasonable with current 2.4.x kernels? Are there particular > things to watch out for or look for, especially for a bridge? > > Also, I have used ipchains in the past, but it seems iptables will be > the future. What parts of this depend on iptables versus ipchains (if > any)? The iproute2 package seems to provide most of the features I'm > looking at, but it is conceivable that the use of ipchains or iptables > will interact. > > D. Stimits, stimits AT idcomm.com > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.openprojects.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
