Hi Jonathan, On 31 Aug 2007, jonathan.gazeley@xxxxxxxxxxxxx wrote: > > Hi Andy, > > Thanks a bunch for your help - really good of you to put time into > helping a newbie. > > Andy Furniss wrote: >> Rather than police you could, if using recentish 2.6 use ifb and >> have the same setup on ingress eth0. Or if you don't do nat on the >> same box on the wan. If you do do nat and don't have ifb then you >> need to use netfilter to mark by ip and match the marks. > > This box is also a NAT box, so I'll do marking with iptables to sort > the incoming traffic. I read about it somewhere on Google so I'm sure > I can manage! If I'm marking packets with iptables, would it be better > to shape them as they leave on the internal interface, rather than > doing something with ingress on the external interface? As long as you do not want to shape traffic from/to the box itself, the easiest solution is to shape on egress (at least if you only have two interfaces). If you want to also shape traffic from/to the box itself and don't do NAT, you can use ifb. ifb is a pseudo device you can redirect incoming traffic to, using tc. then you can attach egress qdisc to that pseudo device. If you want to also shape traffic from/to the box itself and do NAT, you still have to use IMQ (http://www.linuximq.net/) - I think. The latest kernel I have good results with IMQ ist 2.6.18. Greetings Jens _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
