Andreas Klauer schrieb:
However, there were some kind guys who designed the "tproxy" iptables
extension, which can help you.
(cut)
These are about the most interesting lines I've seen on this topic.
However, I'm in a small home network situation, so even having just
one dedicated linux machine is luxury. So any solution that requires
separate machines is not feasible for me.
Unfortunately for design reasons, TPROXY and NAT won't work together and
AFAIK there are no plans to change this. I didn't investigate deeply,
but I assume TPROXY uses the fields reserved for NAT for other purposes.
So if you need both NAT and TPROXY, you need 2 boxes (and some hacking
with the routing or arptables or both ;-)).
Other possibilities are:
- Never touch a running system. (If it works, why not leave as is?)
Actually this is a great idea. I admit I didn't read the original post
completely and assumed that a new system is required for some reason.
- Find out how exactly rshaper limits and/or distributes
Upon looking at the docs for rshaper, I don't think it distributes
anything (only limits and has no borrowing). This can be done with HTB
(and IMQ). Several years ago I wrote a bandwidth management system for a
small ISP that actually worked somewhat like this (the ISP uses a web
interface to set incoming/outgoing bandwith for individual customers,
and optionally a monthly limit, and cron sets up the HTB rules
automagically). I don't use it personally, Shurdix does fair
distribution only, but I imagine there are people who might have other
requirements. If there is enough interest (and I find the time) I can
polish it and put it for download.
Regards,
Andreas Klauer
Yours sincerely,
Peter
--
http://www.shurdix.org - Linux distribution for routers and firewalls
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
