Omar Armas wrote:
[router]
|
[Firewall]
eth0: 200.x.x.x (public address)
eth1: 192.168.44.1 (private address)
|
[LAN] (192.168.44.0/24)
tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src \ 192.168.44.0/24 match ip dport 25 0xffff flowid 1:10
tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip src \ 192.168.44.0/24 match ip dport 80 0xffff flowid 1:11
But from a machine of the class 192.168.44 (fw as gateway) I made a test to an external http server and had no limit on port 80 traffic.
The htb qdisc is going to rate limit the traffic _leaving_ the interface.
so the rules you've created above will only slow down the HTTP requests to the internet, not the HTTP data downloaded from the external servers.
Is it necessary to add the same rules with eth1?
I think you should be able to move them all to eth1, and remove them from eth0. You'll also want to change the 'src' to 'dst'.
regards.
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Damion de Soto - Software Engineer email: damion@xxxxxxxxxxxx SnapGear --- ph: +61 7 3435 2809 | Custom Embedded Solutions fax: +61 7 3891 3630 | and Security Appliances web: http://www.snapgear.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --- Free Embedded Linux Distro at http://www.snapgear.org ---
_______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
