[Shorewall-users] Re: shorewall + tos + netbios

Luca Andreoli l.andreoli at kelyansmc.it
Wed Jun 11 16:15:09 PDT 2003


Anyone can help me pls!!!
thnkx a lot..


Tom Eastep wrote:

> On Mon, 09 Jun 2003 18:02:26 +0200, Luca Andreoli 
> <l.andreoli at kelyansmc.it> wrote:
>
>
>> I have a question.
>> I have 2 pc with redhat 9.0 configured with ipsec freeswan 1.99 (vpn) 
>> and i have to tranfer file from one to the othert one.
>> I see that ftp tranfer have a throughtput is the double than a 
>> netbios tranfer... why???
>> I supposed the problem is the TOS.(/etc/shorewall/tos) and i modified 
>> the file like ftp... in this method.
>
>
> TOS only comes into play when there are routers in the path that pay 
> attention to that field. In your case, unless you have QOS configured 
> to queue traffic over the ipsec link using the TOS field, TOS will be 
> ignored in your environment.
>
>>
>> #SOURCE DEST            PROTOCOL        SOURCE PORTS    DEST 
>> PORTS      TOS
>> all     all             tcp             -               
>> ssh             16
>> all     all             tcp             ssh             
>> -               16
>> all     all             tcp             -               
>> ftp             16
>> all     all             tcp             ftp             
>> -               16
>> all     all             tcp             ftp-data        
>> -               8
>> all     all             tcp             -               
>> ftp-data        8
>> all     all             tcp             netbios-ns      
>> -               8
>> all     all             tcp             -               
>> netbios-ns      8
>> all     all             tcp             netbios-ssn     
>> -               8
>> all     all             tcp             -               
>> netbios-ssn     8
>>
>> but don't work and have the same result.
>> like the pic..
>> do you have a suggest?
>>
>
> No -- I haven't personally compared SMB and FTP performance since I 
> don't use SMB through my firewall. Possibly other users have some 
> experience in this area.
>
> -Tom



-- 
========================================
Andreoli Luca
System Support Division
Kelyan SMC S.p.a. - Franco Bernabè Group
Via Nuova Ponente 1/A-1/B
41012 Carpi (MO), Italy
Tel.+39 059 637611
Fax.+39 059 694768
E-Mail: l.andreoli at kelyansmc.it
======================================== 




More information about the Shorewall-users mailing list