[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[altq 1326] Re: Is ALTQ right for me? (fwd)
> I guess what I don't understand in the above example is how is
> high_class defined as ICMP? Assuming high_class is ICMP, then I see it
> as all those packets get priority and the others (default) get pushed
> back.
The answer is here:
> > filter fxp0 high_class 0 0 0 0 1
1 is the protocol number of ICMP. Replace the 1 with a 6, you get
TCP, 17 is UDP, etc.
Basically (and I'm just paraphrasing the docs here), 0 is a
wildcard, and the first field is the dest. IP address, the second is the
dest port, the third is the source IP address, the fourth is the source
port, and the fifth is the protocol number. fxp0 is the device name of the
interface considered.
So, in your case, something like:
filter fxp0 high_class 0 47 0 0 0
filter fxp0 high_class 0 723 0 0 0
filter fxp0 high_class 0 0 0 47 0
filter fxp0 high_class 0 0 0 723 0
should do. These are non-disjoint filters, and that is a problem. (The
last filter will override the others.) You will probably have to come up
with a more elaborate set of rules to ensure all filters are disjoint. The
rules in question will depend on the IP addresses of your hosts, of the
router, etc, but I guess you get the idea now, and you can probably hack
that up by yourself.
> The VPN guys say there is back and forth communication on both of those
> ports. Does that seem normal?
I guess one is for control and the other one for data. Not knowing
the specifics of the application that is running makes that an educated
guess at best.
--Nick
------------------------------------------------------------------------
Nicolas Christin nicolas@cs.virginia.edu
Multimedia Networks Group http://www.cs.virginia.edu/~nc2y
------------------------------------------------------------------------