> > Bandwith must be the real bandwith of the NIC. Usual 10 or 100 mbit. > > ok > > > What you want to do is easy. But you are using the wrong commands. I > > have some working scripts. You can find them on www.docum.org. > > Ok, I have looked now... > > > But I advise you to use the htb qdisc. Much easier to set up and to > > understand. Again, more information on www.docum.org. If you really > > want to use CBQ, I can give you more information. Just leave a message > > on the mailing list. > > I have seen htb qdisc. But I see that it isn't in standard Kernel. I would > use standard kernel because (for various reasons). If I have time I will > test htb qdisc. > > Now my script works (with the help of your webpage): > > DEV="dev eth1" > OPTION="allot 1514 maxburst 20 avpkt 1000 prio 3" > tc qdisc add $DEV root handle 10: cbq bandwidth 10mbit avpkt 1000 > tc class add $DEV parent 10:0 classid 10:2 cbq bandwidth 10mbit rate \ > $2kbit $OPTION bounded > > tc filter add dev eth1 parent 10: protocol ip prio 1 u32 match ip \ > dst 192.168.0.5 flowid 10:2 > > But now I would like limit the bandwidth that 192.168.0.5 is sending. > > I cannot change dst for src, I think, because I am doing NAT and I think > that when the paquet traverse "tc filter bla bla bla" has IP of the > firewall machine. Then I have to do with iptables and mangle table? But > this table only has PREROUTING and OUTPUT: > > > cpie:~/tc# iptables -L -t mangle | grep Chain > Chain PREROUTING (policy ACCEPT) > Chain OUTPUT (policy ACCEPT) > > I suppose that I can mark paquets in PREROUTING Chain before the IP is > masqueraded. I will test. Indeed. You can not use the u32 filter but you will need the fw filter in conjuction with iptables if you do SNAT. > > Thank you very much for your attention. You can makt it easier to understand for us if you (try) to draw a small ASCII picture of your setup. Stef -- stef.coene@xxxxxxxxx More QOS info : http://www.docum.org/ Title : "Using Linux as bandwidth manager"