On Wed, Dec 19, 2001 at 02:06:01AM -0600, Daniel Wittenberg wrote: > I've been doing ipchains/tables firewalls for quite a while now, but I'd > like to be able to do some bandwith shaping, and src-address based > routing to specific net connections. From what I've read so far, tc/ip > can do that, correct? Here's simply what I've got: Linux firewall, > 2.4.x, iptables, MASQ, about 10 internal subnets all going out as 1 IP > now. I have 1 T1 now, 2 more on the way. I'd like to say internal > subnets 1-5 go out T1 #1 6-7 go out T1 #2, etc. I'd also like to be > able to say that subnets 1-5 can only have 50% of that T1. I know these > are 2 seperate questions, but that's where I would like to be. Can > someone point me in the direction of some good docs/examples on how to > set this up? What I'm also unclear about, is if I'm using ip rules to You need: - to mark traffic coming in from different subnets - route based on that mark You can achieve the first with iptables in the mangle/PREROUTING target with fwmark. The second can be done with 'ip rule add' and 'ip route add .. table x'. > reroute traffic to specific out-going routers, do I still need MASQ, and > what role does it play? MASQ leaves the fwmark alone, so it doesn't interfere. Regards, bert -- http://www.PowerDNS.com Versatile DNS Software & Services http://www.tk the dot in .tk Netherlabs BV / Rent-a-Nerd.nl - Nerd Available - Linux Advanced Routing & Traffic Control: http://ds9a.nl/lartc
