Good morning, AFAIK iptables does not allow rules applied to eth0:x, the rules must be applied to the physical interface ( eth0 ). My suggestion for you is apply traffic shapping to the physical interface and create rules in table mangle of iptables to identify the traffic. By example, create a class with tc to limit the ipsec traffic going through the ipsec interface and other class for the traffic going through the tun devices. Then, using filters created with tc or by rules in the mangle table, you can identify the traffic, set the class. The scenary will be a little bit more complicated if you want filter traffic going through the tunnels both I think that can be acomplished but this will be added unnecesary complexity to the environment. Jorge Dávila. On Fri, Jul 10, 2009 at 6:01 AM, Fabio Marcone<fabio.marcone@xxxxxxx> wrote: > Hi all, > I need to add traffic shaping in a linux router (debian) and I need to > understand tc behaviour with virtual interfaces. > > Examples: > I have eth0 and eth0:0, if I set a limit on eth0 datarate, is also eth0:0 > involved? > ...or... > If I have a tunnel OpenVPN (tun0) on eth0, how is managed data rate limit? > > Thanks in advance, > Fabio (I hope this post is not OT) > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- Jorge Isaac Dávila López +505 8430 5462 jorgedavilalopez@xxxxxxxxx --- Esta tierra es Linux. En las noches calladas puede escucharse a las máquinas Windows re-iniciándose... -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
