Szálka Tamás wrote:
Hi!I feel imq+HTB on eth0 is an ideal solution for ur requirement.
I have to make a firewall which guarantees bandwidth to several clients (both upstream and downstream should be limitied). It has three interfaces, eth0 facing to the internet, eth1 to local network with several ip addresses (different subnets) and eth2 to dmz (webserver). Egress traffic is ok, I set up the tc rules to eth0 and the upstream limiting is fine. But I have to manage bandwidth of downloading too.
While eth0 has one public ip address, the firewall does masquerading to the local subnets (with local ip ranges). So should I set up an imq device on eth1 with iptables mangle through the prerouting chain to do traffic shaping to the subnets? In this case the packets arrive to eth1 already masqueraded (am I right?) and I can limit the ingress traffic of local adresses. Or should I use the imq on eth0? Doesn't it bothers egress shaping? I'm confused a little bit... :-s
Can you help me?
Thanks Tom
Regards -Raghu
I'd like to filter the packages on their SNAT-ed (local) ip addresses. when the package enters the IMQ right after the iptables PREROUTING chain, does it have SNAT-ed ip addresses? As far as I know the SNAT happens in the POSTROUTING chain. Am I wrong? Or am I even more confused? :)
Tom
_______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
