Szálka Tamás wrote:
Hi!
I have to make a firewall which guarantees bandwidth to several
clients (both upstream and downstream should be limitied). It has
three interfaces, eth0 facing to the internet, eth1 to local network
with several ip addresses (different subnets) and eth2 to dmz
(webserver). Egress traffic is ok, I set up the tc rules to eth0 and
the upstream limiting is fine. But I have to manage bandwidth of
downloading too.
While eth0 has one public ip address, the firewall does masquerading
to the local subnets (with local ip ranges). So should I set up an imq
device on eth1 with iptables mangle through the prerouting chain to do
traffic shaping to the subnets? In this case the packets arrive to
eth1 already masqueraded (am I right?) and I can limit the ingress
traffic of local adresses. Or should I use the imq on eth0? Doesn't it
bothers egress shaping? I'm confused a little bit... :-s
Can you help me?
Thanks
Tom
I feel imq+HTB on eth0 is an ideal solution for ur requirement.
Regards
-Raghu
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
