|
|
does these lines achive what I think:
Hi,
I would like to prioritize:
1) ssh (should have maximum priority, should always be available!!!)
2) ftp (should have low priority)
3) www (should have low priority)
When bandwidth is very low because of high http and/or ftp traffic, I would
like to always be able to log on "without" bandwidth problems/bottleneck via
ssh to the server.
I thought the following would achive my goal:
Prioritize lines:
priority-list 1 protocol ip low tcp www
priority-list 1 protocol ip low tcp ftp
priority-list 1 protocol ip high tcp 22
External interface (Internet) eth0:
interface Ethernet0
ip access-group 101 in
priority-group 1
the following access-list:
access-list 101 permit tcp any host 10.0.1.57 eq 22
access-list 101 permit tcp any host 10.0.1.57 eq www
access-list 101 permit tcp any host 10.0.1.57 eq ftp
access-list 101 deny ip any any log-input
Is this correct?
Perhaps there is a better solution?
I would really appreciate any suggestions!!!
Thanks a lot!!!
|
|
0
|
|
|
|
Reply
|
 Didier
|
1/23/2004 12:40:05 PM |
|
Didier wrote:
> I would like to prioritize:
> 1) ssh (should have maximum priority, should always be available!!!)
> 2) ftp (should have low priority)
> 3) www (should have low priority)
>
> When bandwidth is very low because of high http and/or ftp traffic, I would
> like to always be able to log on "without" bandwidth problems/bottleneck via
> ssh to the server.
>
> I thought the following would achive my goal:
>
> Prioritize lines:
> priority-list 1 protocol ip low tcp www
> priority-list 1 protocol ip low tcp ftp
> priority-list 1 protocol ip high tcp 22
Note that 'ftp' in a priority list is the control channel, not the data
channel. So you probably will want to use 'ftp-data' instead.
Regards,
Marco.
|
|
|
0
|
|
|
|
Reply
|
M
|
1/23/2004 1:06:25 PM
|
|
Hi, thanks!
The problem is that I use passiv ftp, this traffic is being opened and
closed between ports 60000-65000 and are handled by ip inspect that creates
temporary access-lists.
How could I handle this?
Sorry, but you didn't answer ;-), is it (mostly correct) what I did?
thx
"M.C. van den Bovenkamp" <marco@linuxgoeroe.dhs.org> wrote in message
news:40111c51$0$133$e4fe514c@dreader12.news.xs4all.nl...
> Didier wrote:
>
> > I would like to prioritize:
> > 1) ssh (should have maximum priority, should always be available!!!)
> > 2) ftp (should have low priority)
> > 3) www (should have low priority)
> >
> > When bandwidth is very low because of high http and/or ftp traffic, I
would
> > like to always be able to log on "without" bandwidth problems/bottleneck
via
> > ssh to the server.
> >
> > I thought the following would achive my goal:
> >
> > Prioritize lines:
> > priority-list 1 protocol ip low tcp www
> > priority-list 1 protocol ip low tcp ftp
> > priority-list 1 protocol ip high tcp 22
>
> Note that 'ftp' in a priority list is the control channel, not the data
> channel. So you probably will want to use 'ftp-data' instead.
>
> Regards,
>
> Marco.
>
|
|
|
0
|
|
|
|
Reply
|
Didier
|
1/23/2004 2:17:27 PM
|
|
|
2 Replies
101 Views
(page loaded in 0.023 seconds)
|
|
|
|
|
|
|
|
|
Search |
Post Question |
Groups |
Stream |
About |
Register
24944 articles. 
24 followers. 