> NOC Phibee wrote: >>Hi >> >>I am search a sample config for my linux box: >> Shorewall 3.2.3 >> Eth0 => Internet Access 4Mbits on ethernet >> Eth1 => Lan >> Eth2 => Lan 2 >> Eth3 => Lan 3 >> >>i want limit the internet access: >> Eth1 = 2 Mbits >> Eth2 = 0,5 Mbits >> Eth3 = 1,5 Mbits >> >>but if eth1 don't use 2 Mbits other lan can use it >> >>anyone have a simple sample config for help me ? > > Do you require inbound limiting as well as outbound ? If so then it > becomes a bit harder. I'll start with the outbound as that's fairly > easy : > > > There's an article on the shorewall site about configuring traffic > shaping, that together with the articles at > http://lartc.org/howto/lartc.cookbook.ultimate-tc.html and > http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm should give you > enough information to figure out how to do it. > > In short, you attach an HTB queue to eth0, and then define classes > below that to control/shape the traffic. > > > Inbound is a lot harder to do, and in this setup I'm not entirely > certain what's required. You can only shape traffic that is leaving > an interface - you CANNOT shape traffic that is coming in. In a > simple two-interface box you can apply traffic shaping to the > internal interface and it will have the effect of shaping the inbound > traffic (I've just set this up at a clients site) - but here you have > multiple interfaces. > > So what I suspect you need to do is create an Intermediate Queing > Device (http://lartc.org/howto/lartc.imq.html). You can then apply > the traffic shaping to traffic 'exiting' via this interface, and > after that it can be routed out of the real interfaces. Don't forget > that in these cases, you need to allow for traffic that originated > either on the firewall, or from other local nets, and allow it an > 'unrestricted' class so that you don't shape 'internal' traffic to > the speed of your internet connection. > > Beyond that though, it's into territory I haven't been (yet).
1. IMQ now replaced on IFB (http://www.linux-foundation.org/en/Net:IFB). 2. If we have several interfaces we can shape inbound traffic on external interface if we would shape outbound traffic on internal interfaces (for external connections). Alex ---------- Любишь фотографироваться? И выигрывать? Получай приз 'Прайм Телеком' и Fotoblog.by! Потрясающий цифровой Olympus, стильный MP3-плеер и другие призы ждут тебя на www.Fotoblog.by! ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
