On Jeu 12 mai 2005 10:52, Lee Sanders a écrit : > Hi Sylvain, > > Thanks for that, exactly what I'm doing :) > Ok I thought you were trying to match src addresses, and that would be a problem because of masquerading ;) > Along my travels I ran into this: http://l7-filter.sourceforge.net/ > Have you played with L7 and can you rate it good/bad ? I've installed it and used it for 2 month, though I can't say I've thoroughly tested the patterns. So far, it works out pretty good. The website has a page that lists supported protocols, and rates the quality of each pattern. I would not recommend it for production use, though. There can be side effects : if you visit a web page that describes the SMTP protocol, the packet will contain data that looks like SMTP, and who knows which pattern the packet is going to match... > The script you sent didn't answer one question, how to match on IP so I > can > add a further level of htb to equally share bandwidth amongst computers. You can create a class for each client on the LAN link, and limit upload from your server to each client. If you want to limit upload from client to server, you can restrict bandwidth with 'ingress'. > I think I know how to do this though, filter by MAC. I don't know if > iptables > at this point has munted the mac so I'm going to try that in a sec and see > if > I can get a match. > Iptables may give you more options to separate trafic to different classes by MARKing them. Then tc allocates bandwidth for each class. You'll have much more flexibility this way. Sylvain _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
