On Sun, 2004-10-24 at 10:20, it clown wrote:
Hi All,
I would like to know how to limit bandwidth with iptables.I would like to limit bandwidth to ip's and mac address.Do i need another program to work with iptables or can iptables do it on its own?Does any one know where i can find something to read up on this?
If iptables can not do it can i do it with squid?
first off--you can't do "inbound" traffic shaping--only outbound.
I know your link qualifies this a bit - but I'd say you can do inbound (narrow end of bottleneck) traffic shaping. Albeit as an inperfect kludge and at the expense of some bandwidth. The imperfect bit being if you really care about latency - not bandwidth shaping, I would argue that I can do that almost perfectly as my ISP has a 600ms buffer and my shaping at 80% of 512kbit/s never looses control enough that packets get dropped from that.
you
cannot control how fast incoming packets hit your machine
I assume TCP - which is clocked by acks - so the rate you dequeue does affect the rate at which packets hit ISP buffer. Packets never hit my machine faster than my link speed of course - which makes the queue get filled in a burstless way.
or how big they are--
mss clamping :-)
Andy.
you can only control how fast you allow them to leave.
that being said--read chapter 9 of:
http://lartc.org/howto/
-j