Felix Erkinger wrote: > > Tom Eastep schrieb: >> Felix Erkinger wrote: >>> Tom Eastep wrote: >>>> Felix Erkinger wrote: >>>>> Hi, >>>>> >>>>> i have a setup where the firewall creates four pptp tunnels (austrian >>>>> provider setup for multiple ip addresses) and i have no idea how to >>>>> setup traffic shaping in this configuration >>>>> >>>>> if i shape the encapsulated packets on the link to the modem, the >>>>> firewall shapes only GRE packets, so this doesnt work. >>>>> >>>>> is there a possibility like to put all pptp tunnels to a bridge and >>>>> reroute them via traffic shaping or can i use a common limit on a bunch >>>>> of interfaces so the count together, or am i stuck ? >>>> I believe you are stuck. >>> Hmm, what about setting up a bridge (eg. "tonet"), >>> adding a private ip address to that bridge, >>> setting the default route to the ip address of that bridge, >>> mark all traffic for the corresponding pptp tunnels with fwmark x >>> create four ip rules that sorts packets with fwmark x to table ppp-x if >>> coming from dev tonet, >>> add four ip routes for the default gw of dev ppp-x and table ppp-x >>> >>> Could this work ? >> I don't understand your proposal. What devices would you add to the >> bridge (can't be PPtP devices)? > > hmm, none, i just poked arround, and added a bridge, with > "brctl add tonet" > and assigned an ip address to it with > "ifconfig tonet 10.10.0.1" > after that i can ping it, and assign the default gw route to it, so > there must be a ip stack answering the ping, so there could be a > possibility to reroute ?
Not that I can see. What this calls for is an Intermediate Queuing Device (IQD) attached to your internal interface. Unfortunately, I've never been able to make one work (but I haven't tried very hard either). Warning: It requires kernel patching. See the LARTC Howto. YMMV -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
