On Sat, 2011-02-05 at 20:33 +0100, J Webster wrote: > Thanks. > Out of interest will this only limit connects incoming to the server and > not outgoing? It will limit the *outgoing* traffic on whichever interface you attach it to, but from your perspective this may actually result in traffic incoming to the server (which I guess is what you want). So if you attach to your LAN interface, and you actually mean "will this only limit traffic being downloaded from the internet", then the answer is yes. > For example, a user connects via VPN to the server, their connection > should be limited to 2Mbps (3in the example below) but they are > connecting to say www.youtube.com. I do not want the connection to > youtube.com to be restricted as maybe 10 users might be accessing > youtube at the same time. It won't in the example. However, even if you were doing egress shaping on the internet interface, you'd have to specifically specify youtube's IP address for the above to happen anyway. > So the server can have an unlimited outgoing connection to youtube but > when it passes on the connection to the client (much like a proxy server > might do), they should only have 2Mbps. Sort of - when you say "outgoing" connection to youtube, I assume you mean traffic "incoming" from youtube to the server. So if you egress shape on the LAN interface, then there will be no restrictions for the overall traffic coming the internet, but the client will be limited depending on your filters. Remember that traffic goes both ways - you'll need to egress shape on the internet interface if you want to also limit the traffic to the internet (ie uploads). > Now the reason I asked for a tutorial somewhere is I went through the > LARTC tutorial (which just looks like a blank white document) and my > understanding of leaf, HTB, U32, qdisc, etc is kind of lacking :) Well I found this to be pretty good: http://www.opalsoft.net/qos/DS.htm Andy -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
