complete linux and shaping newbie needs help

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi there good people,

I'm a newbie in what concerns running Linux on machines other than
desktops, so I need help from all you gurus out there :-)

I have Linux installed on an old computer (Winchip C6, Pentium clone),
acting as a router/firewall for two other computers. Both these
machines are connected to the firewall via a dedicated ethernet card
each, on different subnets, 192.168.0.7 (eth1) and 192.168.10.3
(eth2). Internet connection (eth0) is a 3Mbit/320Kbit cable modem. The
firewall box is configured with iptables, like this:

# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# iptables -A FORWARD -i eth1 -j ACCEPT
# iptables -A FORWARD -i eth2 -j ACCEPT

At this point I have to stress out that I am a complete
networking/shaping newbie. I've read the FAQ at lartc.org and my head
is still hurting, as it basically felt I was reading greek. Really ;-)

Right now I have wondershaper htb running to smooth things out, and
everything is great. The problem is our internet connection is metered
by the Gb, and our monthly cap is somewhat low. My roommate (computer
connected to eth2, 192.168.10.x) tends to abuse this (a lot), so I was
thinking of throttling his connection to around half of our 3Mbits, in
order to lower our monthly bill. I have read some stuff I found
online, but I must face the reality that I really don't know what I'm
doing ;-) So, I thought I'd ask you guys, since you're obviously much
more familiar with the subjct.

Could anyone tell me, given the above scenario (masquerading,
wondershaper), what 'tc' and 'iptables' commands should I enter on the
firewall to limit his ip (192.168.10.3) to, say, 200kb/s (~1650Kbps,
if I've done the math right), hard, without the possibility of
"borrowing" extra bandwidth even if the connection is otherwise idle?

Any help is really appreciated, otherwise I think I'll have to kick
him out, and I really don't want to come to that!

Thanks!


Aidan
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux