Thanks Martin for valuable links, Iam going through it. I want to apply traffic control rules for the incomming traffic to my firewall, which is what we call it as Ingress mode, am I right....? Just to confirm, suppose my firewall WAN interface is eth0 with IP 66.218.71.198 and LAN interface is eth1 with IP 192.168.1.2. So any traffic from Internet---->WAN is where I want to do traffic control for my LAN IP's. Hence amI right in saying that in ingress mode traffic control will be happening at eth0 interface(or ppp0 interface, WAN with ppp0 enabled). I saw in the link documents that, for ingress we are using imq0, so how this will fit into my scenario...?. I understood that in ingress mode we have to drop the packets instead of queueing it like in egress mode, so is it going to have any effects other than latency...? -Raghu Martin A. Brown wrote: >Raghuveer, > > : I would like to know whether can we do bandwidth management(traffic > : control) for incomming traffic to firewall. For ex;- If my firewall WAN > : interface IP is 203.145.1.2 and any data from internet comming to > : 203.145.1.2 whether can be controlled...? If my total bandwidth= 512kb > : and I want to allocate 100kb to a LAN m/c with IP 192.168.1.2 for http > : traffic, how will I do it..? > >If your linux host is not the source or sink for any of the traffic, you >can shape the inbound traffic on the inside interface of your bandwidth >management box. If, however, the directly connected box is the source or >sink for traffic, you'll need to look at other options. > >I would suggest considering IMQ. (Search the archives.) > > http://www.google.com/search?q=site%3Amailman.ds9a.nl+IMQ > http://www.google.com/search?q=site%3Amailman.ds9a.nl+IMQ+ingress > >You can also use an ingress qdisc and a policer. (Search the archives.) > > http://www.google.com/search?q=site%3Amailman.ds9a.nl+ingress+policer > >And there's a recent posting on this topic: > > http://mailman.ds9a.nl/pipermail/lartc/2003q3/009572.html > >-Martin > > >
