gypsy wrote: AFTERTHOUGHT: I should have been more precise: > Yes, but be careful with NAT; finding 192.168.1.# can be tough. Also > remember YOU DO NOT SHAPE DOWNLOADS! HTB can only "police" D/L, not > "shape". You must use iptables or IMQ to "shape" D/L; I use iptables -m > limit --limit ##/second -j ACCEPT > iptables -j DROP > and make sure that these 2 lines preceed any RELATED, ESTABLISHED > accepts. Note that the real iptables rules include either --dport ## or > --sport ##, depending on what the rule accomplishes. Note further that > downloads are on INPUT so I specify -A INPUT to throttle D/L. iptables is "rate limiting" not "shaping". NATted users are rate limited on the FORWARD chain, not INPUT. gypsy _______________________________________________ LARTC mailing list / LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
