On Wednesday 10 September 2003 20:13, Szálka Tamás wrote:
> At 16:51 2003. 09. 10. +0530, you wrote:
> >Szálka Tamás wrote:
> >>Hi!
> >>
> >>I have to make a firewall which guarantees bandwidth to several clients
> >>(both upstream and downstream should be limitied). It has three
> >>interfaces, eth0 facing to the internet, eth1 to local network with
> >>several ip addresses (different subnets) and eth2 to dmz (webserver).
> >>Egress traffic is ok, I set up the tc rules to eth0 and the upstream
> >>limiting is fine. But I have to manage bandwidth of downloading too.
> >>While eth0 has one public ip address, the firewall does masquerading to
> >>the local subnets (with local ip ranges). So should I set up an imq
> >>device on eth1 with iptables mangle through the prerouting chain to do
> >>traffic shaping to the subnets? In this case the packets arrive to eth1
> >>already masqueraded (am I right?) and I can limit the ingress traffic of
> >>local adresses. Or should I use the imq on eth0? Doesn't it bothers
> >>egress shaping? I'm confused a little bit... :-s
> >>Can you help me?
> >>
> >>Thanks
> >>Tom
> >
> >I feel imq+HTB on eth0 is an ideal solution for ur requirement.
> >
> >Regards
> >-Raghu
>
> I'd like to filter the packages on their SNAT-ed (local) ip addresses. when
> the package enters the IMQ right after the iptables PREROUTING chain, does
> it have SNAT-ed ip addresses? As far as I know the SNAT happens in the
> POSTROUTING chain. Am I wrong? Or am I even more confused? :)
See
http://www.docum.org/stef.coene/qos/kptd/
Stef
--
[EMAIL PROTECTED]
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.oftc.net
_______________________________________________
LARTC mailing list / [EMAIL PROTECTED]
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
