I have considered using 'tc filter' with the u32 classifier
but I couldn't find a way to differentiate between traffic coming
from the Internet (source ip = any) from traffic originating
in the gateway (source ip = ip of eth0). I need this because
I would like to shape only traffic coming from the Internet.
Internal clients should be able to download data from the gateway without any bandwidth restriction.
If at least there was a NOT (! like in iptables) operator
in the match syntax I could assume that traffic not coming from the source ip of eth0 is coming from the Internet. Something like this:
tc filter add dev eth0 parent 10:1\
protocol ip\
prio 1\
u32\
NOT operator --> match ip src ! (eth0 IP)\
match ip dst (client IP)\
classid 10:2Any ideas on how to differentiate these two kinds of traffic using 'tc filter' ?
Best regards, Claudio Leonel Salvadori cls@xxxxxxxxxxxx
bert hubert wrote:
On Thu, Dec 13, 2001 at 10:27:37AM -0200, Claudio L. Salvadori wrote:
Hi,
I would like to control download bandwidth from the Internet for clients inside a network. The gateway is a Linux box using 'iptables nat'. I would like to use 'iptables mangle' to mark the packets coming from the Internet and going to specific clients and then use CBQ to shape it:
Mangle is being upgraded by the netfilter people to be available everywhere. In he meantime, you should use tc filters to shape on eth0's egress. For what you want, the commands are very simple.
How can I classify this traffic so I can shape it ?
http://ds9a.nl/lartc/HOWTO//cvs/2.4routing/output/2.4routing-9.html#ss9.6 'All the filtering commands you will normally need'.
Regards,
bert
