On Wednesday 10 September 2003 20:13, Szálka Tamás wrote: > At 16:51 2003. 09. 10. +0530, you wrote: > >Szálka Tamás wrote: > >>Hi! > >> > >>I have to make a firewall which guarantees bandwidth to several clients > >>(both upstream and downstream should be limitied). It has three > >>interfaces, eth0 facing to the internet, eth1 to local network with > >>several ip addresses (different subnets) and eth2 to dmz (webserver). > >>Egress traffic is ok, I set up the tc rules to eth0 and the upstream > >>limiting is fine. But I have to manage bandwidth of downloading too. > >>While eth0 has one public ip address, the firewall does masquerading to > >>the local subnets (with local ip ranges). So should I set up an imq > >>device on eth1 with iptables mangle through the prerouting chain to do > >>traffic shaping to the subnets? In this case the packets arrive to eth1 > >>already masqueraded (am I right?) and I can limit the ingress traffic of > >>local adresses. Or should I use the imq on eth0? Doesn't it bothers > >>egress shaping? I'm confused a little bit... :-s > >>Can you help me? > >> > >>Thanks > >>Tom > > > >I feel imq+HTB on eth0 is an ideal solution for ur requirement. > > > >Regards > >-Raghu > > I'd like to filter the packages on their SNAT-ed (local) ip addresses. when > the package enters the IMQ right after the iptables PREROUTING chain, does > it have SNAT-ed ip addresses? As far as I know the SNAT happens in the > POSTROUTING chain. Am I wrong? Or am I even more confused? :) See http://www.docum.org/stef.coene/qos/kptd/ Stef -- stef.coene@xxxxxxxxx "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
