> I've been doing ipchains/tables firewalls for quite a while now, but I'd > like to be able to do some bandwith shaping, and src-address based > routing to specific net connections. I'll again do some advertisement for my bytelimit patch :-) it is a patch for netfilter (iptables) allowing to limit bandwidth, like the "limit" match but allowing to specify rates in bytes/second instead of packets/second. you might combine this patch and SNAT to do "overflowing", i.e. your first link will be used, and when it is "full" (or exceeds a given bandwidth), further connections will be SNAT'ed with another address, thus using the 2nd link. Jerome Petazzoni <skaya at enix dot org>
