misschien is astaro wat voor jou ondersteunt qos en dergelijke en heeft een heerlijk werkende interface.
http://www.astaro.com
https://demo.astaro.com voor een online demo
verder nog wat info over de qos module in astaro (lijkt me wel wat je zoekt) :
The Quality of Service module provides bandwidth management. You can define rules to match certain traffic types, based on source/destination networks and service type.
If QoS on a Interface is not enabled, the "best effort" method is used, meaning that the packet will be sent if there is sufficient bandwidth left. In case of congestion, packets will be dropped regardless of size or service. With QoS, you can limit traffic which could cause congestion, using a queuing discipline called HTB (Hierarchical Token Buckets).
Since the rules are sorted internally, it does not matter in which order they are entered or listed on this page.
ATTENTION: In order to use QoS, you MUST set up the Advanced Qos settings at least for one network interface. You can find these settings in Network->Interfaces. Edit the interfaces settings there and select to show the advanced options.
:: Adding a rule ::
The following parameters can be set when adding a new QoS rule:
* From (Client): This is the source address to match in this rule.
* Service: this is the service to match in this rule. Only the destination part of the service is used for matching. Only services NOT containing a port range are shown, with FTP being the exception.
* To (Server): This is the destination address to match in this rule.
* Weigth: This defines the weight factor that this rule should have in global bandwidth management calculations (low=1,medium=2,high=3).
* Borrow: This defines the relationship of this rule to other rules:
o borrow -> This rule will borrow bandwidth.
o don't borrow -> This rule will not borrow bandwidth.
Click Add to add the rule to the list.
Note: If a class does not use it's full bandwith, this bandwith can be used
by other classes which are set to borrow. The class reserving bandwith for
unshaped traffic is implicitly set to borrow, because it matches all traffic
leaving a QoS-enabled Interface without defined QoS rules.
ATTENTION: When constructing rules, keep in mind that only OUTGOING
traffic can be managed and that the rules have to match on the packet AFTER it
has been processed by the firewall (e.g. packet filter, proxies and NAT) and on
the right outgoing interface.
:: Example ::
Internet
|
| 2Mbit line
|
Firewall
/ | \
/ | \
| | |
WebServ FTPServ LAN
WebServ, FtpServ and LAN must share a 2 Megabit line to the internet.
Since the FTP server is fairly busy all the time, the Web server does
not have sufficient bandwidth left to serve all its clients.
In addition, you want 1 Megabit reserved for all other traffic - your
employees should be able to work regardless of the activity of your
servers. First, you have to set the reserved unshaped bandwith; go to Network->Interfaces, edit Interface (the outgoing one), enable
Advanced Options, and set the reserved unshaped bandwith to 1024 kilobits. Then, 2 QoS rules must be created:
From Service To Weigth Borrow
FTPServ Any Any medium borrow
WebServ Any Any medium borrow
These rules will make sure that in a worst case scenario (2 MBit line full)
each of the two services will have a quarter of the line for itself; the
other half is used by unmanaged traffic. When changing the weight parameters
for WebServ to "low" and for FTPServ to "high", WebServ will get only 250
kilobits, and FTPserv will get 750 kilobits (weight is 1:3). Since the Borrow
parameter is set to "borrow" in both rules, each service will fill the line up
to the maximum throughput if there is still bandwidth available.
The service definition of "Any" is needed because of the nature of TCP
connections. Since external users connect to your server, the TCP connection is
initiated from an unprivileged port on the client machine to your server (e.g.
port 80 for HTTP), and the response is sent from your server, port 80, to the
unpriviledged port of the client. Since those unpriviledged ports are picked
from a port range, they can usually not be predicted, and the definition "Any"
must be used.
ATTENTION: If you are using NAT, you can not specify the IP address of
your servers, since the source address on the outgoing interface will be that
of your firewall. You can not match on the service, either (see above). A
possible solution would be to use alias interfaces on the external interface of
the firewall and SNAT all traffic from a (internal) server IP to a dedicated
alias IP of your external firewall interface, which would enable you to match
on traffic from that dedicated IP.
Note: Don't forget that you MUST have a reserved unshaped bandwith for traffic
which does not match any QoS rules!
:: Current Rules Table ::
The table on the bottom of the page lists the translated rules as they appear
in the firewall system kernel. This table is primarily meant for debugging and
support purposes.
Note: The created rules are mapped to interfaces on the basis of source,
destination and your routing table. If you create a rule which matches on
packets which are not routed over any of your QoS-enabled Interfaces, it will
not be shown here, but it will still be listed as an active QoS rule above.
eth0
Class 1
Total link bandwidth.
Min. BW: 2Mbit
Max. BW: 2Mbit
Class 10
Reserved Bandwidth for unshaped traffic.
Min. BW: 1Mbit
Max. BW: 2Mbit
Class 11
Min. BW: 512kbit
Max. BW: 2Mbit
Filter:
Source /255.255.255.255
Class 12
Min. BW: 512kbit
Max. BW: 2Mbit
Filter:
Source /255.255.255.255
[
Voor 95% gewijzigd door
connected op 22-02-2004 00:44
]
/u/3626/front-kabels.png?f=community)
/u/26191/AC-60px.png?f=community)
:strip_exif()/u/26723/connection.gif?f=community)