On Friday 01 November 2002 00:07, Robert Felber wrote:
> On Thu, Oct 31, 2002 at 11:50:28PM +0100, thomas bilke wrote:
> > Yes, the host is in my LAN. But I want to shape the incoming and outgoing
> > traffic corresponding to this host, or later to the whole LAN. Doesn't
> > exist any facility to shape the incoming traffic?
> >
> > Thomas
>
> Yes, the qdisc ingress is exactly developed for one purpose: shape
> incomming traffic.
Ingress will not shape the incoming traffic, but if you use filters+policers
you can drop packets that exceed a certain rate. That's not the same as you
can do with cbq for the outgoin packets.
> You can both, the CBQ and ingress qdisc, use at the same time for
> a device (yes, also real eth devices).
You have something like this :
LAN --- eth1 --- linux box --- eth0 --- ISP
If you add a cbq qdisc on eth0, this will shape the packets going to your ISP.
So in the filter statement you need the src address of the host in the LAN.
But be aware that if you are natting on that box, you don't know the src
address anymore (the src address is natted to the address of the linux-box).
You can solve this issue with iptables + fw filter : mark the packets when
they enter the box at eth1 and use that to filter mark on eth0.
For the incoming bandwidth, you can use the ingress qdisc and filters with
policer. If you add a ingress qdisc, you can add filters with policers.
Each policer is a sort of tbf with a certain rate. Packets that exceed that
rate are dropped. So you can control the incoming packets.
An other trick is using a imq device or shaping on eth1 if the linux box is
only a router so all packets entering eth0 are leaving eth1.
Stef
--
stef.coene@docum.org
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.oftc.net
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
