On Wed, 11 Jul 2001, MONZ wrote: > In my ipchains firewall I have > > ipchains -A output -p tcp -d 0/0 www -i ppp+ -t 0x01 0x10 > ipchains -A output -p tcp -d 0/0 https -i ppp+ -t 0x01 0x10 > ipchains -A output -p tcp -d 0/0 pop3 -i ppp+ -t 0x01 0x10 > ipchains -A output -p tcp -d 0/0 simap -i ppp+ -t 0x01 0x10 > ipchains -A output -p tcp -d 0/0 ssh -i ppp+ -t 0x01 0x10 > #ipchains -A output -p tcp -d 0/0 telnet -i ppp+ -t 0x01 0x10 > > ipchains -A output -p tcp -d 0/0 ftp-data -i ppp+ -t 0x01 0x02 > #ipchains -A output -p tcp -d 0/0 pop3 -i ppp+ -t 0x01 0x02 > ipchains -A output -p tcp -d 0/0 nntp -i ppp+ -t 0x01 0x02 > > but when downloading everything else is unresonable slow (isdn link). > Where do I read about those 0x.. values, so I can fix the problem? > Man ipchains doesn't seen to tell enough.. If only one could fix the problems of slow links by applying quality of service rules, I would be a rich man by now ;-) Seriously though, these are only applied for outbound traffic; most traffic in your case is inbound, from Internet to you. You cannot help the problem with modifying TOS bits significantly. And even if some servers mirror the TOS bits when sending replies, very few routers implement QoS policies using them. -- Pekka Savola "Tell me of difficulties surmounted, Netcore Oy not those you stumble over and fall" Systems. Networks. Security. -- Robert Jordan: A Crown of Swords - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org
