Hey guys and gals, Sorry for the 'newbie' question, but I would like to get some help on configuring my HTB qdiscs form my network. My network setup: LAN --> Firewall --> Router -->Internet | | --> DMZ So much for the Ascii artist in me. :) The firewall has 3 interfaces: Eth0 = LAN --> 100Mbps NIC Eth1 = DMZ --> 100Mbps NIC Eth2 = Internet --> 4MB link to internet Backgrond: DMZ Zone Eth1: Web/FTP, and SMTP servers. (100Mbps switches and NICs) I notice that users download A LOT of data at high transfer rates from a servers in DMZ zone. WEB/FTP server :10.100.1.1/24 SMTP server:10.100.1.2/24 LAN Eth0: I have 3 different VLANs to categories the 3 different departments. VLAN1 -192.168.1.0/24 VLAN2 -192.168.2.0/24 VLAN3 -192.168.3.0/24 External Eth2 : 4MB Leased line to the internet. Currently my router that is connected to the 4MB leased line is becoming the bottleneck! How do I make the firewall Eth0 become the bottleneck???? Should I limit it to 10mbits as such: tc qdisc add dev eth0 root handle 1: htb default 10 tc class add dev eth0 parent 1: classid 1:1 htb rate 10mbit My objectives: 1.) I want to limit the bandwidth from the WEB/FTP servers from the DMZ to either the internet or the LAN. This is what I did: tc qdisc add dev eth0 root handle 1: htb default 10 tc class add dev eth0 parent 1: classid 1:1 htb rate 10mbit tc class add dev eth0 parent 1:1 classid 1:10 htb rate 128kbps ceil 256kbps prio 7 tc filter add dev eth0 protocol ip parent 1:1 prio 7 handle 7 fw classid 1:10 tc qdisc add dev eth1 root handle 2: htb default 10 tc class add dev eth1 parent 2: classid 2:1 htb rate 3840kbps tc class add dev eth1 parent 2:1 classid 2:10 htb rate 128kbps ceil 128kbps prio 7 tc filter add dev eth1 protocol ip parent 2:1 prio 7 handle 7 fw classid 2:10 tc qdisc add dev eth2 root handle 3: htb default 10 tc class add dev eth2 parent 3: classid 3:1 htb rate 3840kbps tc class add dev eth2 parent 3:1 classid 3:10 htb rate 128kbps prio 7 tc filter add dev eth2 protocol ip parent 3:1 prio 7 handle 7 fw classid 3:10 /sbin/iptables -A PREROUTING -I eth1 -s 10.100.1.1 -t mangle -j MARK --set-mark 7 /sbin/iptables -A PREROUTING -I eth1 -d 10.100.1.1 -t mangle -j MARK --set-mark 7 After testing Via FTP/web downloads. It appears that Ive managed to limit the amount of bandwidth thru and from the FTP/WEB server from the DMZ. All other traffic (internet surfing etc) will fall into the default rules correct? Did I miss anything out? I would like to limit the max amount of bandwidth on Eth0 to 10MB I would like to limit the max amount of bandwidth on Eth0 to 3840kbps I would like to limit the max amount of bandwidth on Eth2 to 3840kbps. (4MB leased line to internet. Did I accomplish this? Any help in anyway is appreciated! Regards edmund _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
