Hi there good people, I'm a newbie in what concerns running Linux on machines other than desktops, so I need help from all you gurus out there :-)
I have Linux installed on an old computer (Winchip C6, Pentium clone), acting as a router/firewall for two other computers. Both these machines are connected to the firewall via a dedicated ethernet card each, on different subnets, 192.168.0.7 (eth1) and 192.168.10.3 (eth2). Internet connection (eth0) is a 3Mbit/320Kbit cable modem. The firewall box is configured with iptables, like this: # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # iptables -A FORWARD -i eth1 -j ACCEPT # iptables -A FORWARD -i eth2 -j ACCEPT At this point I have to stress out that I am a complete networking/shaping newbie. I've read the FAQ at lartc.org and my head is still hurting, as it basically felt I was reading greek. Really ;-) Right now I have wondershaper htb running to smooth things out, and everything is great. The problem is our internet connection is metered by the Gb, and our monthly cap is somewhat low. My roommate (computer connected to eth2, 192.168.10.x) tends to abuse this (a lot), so I was thinking of throttling his connection to around half of our 3Mbits, in order to lower our monthly bill. I have read some stuff I found online, but I must face the reality that I really don't know what I'm doing ;-) So, I thought I'd ask you guys, since you're obviously much more familiar with the subjct. Could anyone tell me, given the above scenario (masquerading, wondershaper), what 'tc' and 'iptables' commands should I enter on the firewall to limit his ip (192.168.10.3) to, say, 200kb/s (~1650Kbps, if I've done the math right), hard, without the possibility of "borrowing" extra bandwidth even if the connection is otherwise idle? Any help is really appreciated, otherwise I think I'll have to kick him out, and I really don't want to come to that! Thanks! Aidan _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
