Help with traffic shapping

[aloush]

Hi All

I have 100 users over that get IPs assigned through dhcp on the network 192.168.0.0/24.

I have a mail server on 192.168.0.2 and the linux gateway is on 192.168.0.1.

My total bandwidth is 1200kbit up and 1200kbit down. I want to split the bandwidth in a way so that any user can not use more than 96kbit at anytime. Apart from the mail server it should be allowed to get 256kbit.
The linux gateway of course should not be shapped.

If possible I want the following priorities as well.

1- Web traffic low prio
2- SSH high prio
3- Remote desktop high prio
4- Outgoing VPN connections high prio.


I have researched an tried myself. But this is really out of my league.

Any help is highly appreciated.

Thanks

[fuubar2003]

Take a look at iptables TOS:

....for example, something like:

# TOS
iptables -A PREROUTING -t mangle -p tcp --sport 22 -j TOS --set-tos Minimize-Delay
iptables -A PREROUTING -t mangle -p tcp --sport 80 -j TOS --set-tos Minimize-Cost
iptables -A PREROUTING -t mangle -p tcp --sport 3389 -j TOS --set-tos Minimize-Delay
iptables -A PREROUTING -t mangle -p tcp -d 192.168.0.0/8 -j TOS --set-tos Maximize-Throughput
....then repeat above rule syntax swapping out PREROUTING for OUTPUT

[pallen]

You can implement markings with the iptables mangle table as suggested, then use the 'tcng' package to create a traffic policy which specified traffic must conform to. Would have to read up on how to configure tcng.