Simon Hobson wrote: > Tom Eastep wrote: > >> > i think iproute2 is capable of doing this, can anybody suggest me some >>> toola or utility to configure this. >>> >> iproute2 + iptables + xtables-addons + recent Linux Kernel + lots of >> knowledge about how all of those things work. > > A situation for using an IFB ? >
I doubt it. Unless the OP has public IP addresses assigned to all internal systems, an IFB doesn't work for limiting traffic per-host. The reason is that the destination address of the traffic hasn't been 'de-NATted' yet when it goes through the IFB. One really needs IPMARK applied to shaping on the internal interface. This will be possible in Shorewall 4.4 but is not available in 4.2. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ OpenSolaris 2009.06 is a cutting edge operating system for enterprises looking to deploy the next generation of Solaris that includes the latest innovations from Sun and the OpenSource community. Download a copy and enjoy capabilities such as Networking, Storage and Virtualization. Go to: http://p.sf.net/sfu/opensolaris-get
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
