On 08/06/2009 13:53, Tom Eastep wrote: > Pablo Sebastián Greco wrote: > >> On 08/06/2009 10:02, Tom Eastep wrote: >> >>> Simon Hobson wrote: >>> >>> >>>> Tom Eastep wrote: >>>> >>>> >>>> >>>>> > i think iproute2 is capable of doing this, can anybody suggest me >>>>> some >>>>> >>>>> >>>>>> toola or utility to configure this. >>>>>> >>>>>> >>>>>> >>>>> iproute2 + iptables + xtables-addons + recent Linux Kernel + lots of >>>>> knowledge about how all of those things work. >>>>> >>>>> >>>> A situation for using an IFB ? >>>> >>>> >>>> >>> I doubt it. Unless the OP has public IP addresses assigned to all >>> internal systems, an IFB doesn't work for limiting traffic per-host. The >>> reason is that the destination address of the traffic hasn't been >>> 'de-NATted' yet when it goes through the IFB. >>> >>> One really needs IPMARK applied to shaping on the internal interface. >>> This will be possible in Shorewall 4.4 but is not available in 4.2. >>> >>> -Tom >>> >>> >> You can use IMQ configured in AB configuration (you can shape on the >> external eth based on internal IP). I'm using it with shorewall just >> adding a few lines to the start script, redirecting traffic to IMQ. >> >> Hope it helps. >> > Please elaborate -- what few lines did you add to the start script? I > assume that 'start script' means /etc/shorewall/start? > > -Tom > > Yes, I'm adding these lines: /etc/shorewall/start run_iptables -t mangle -A POSTROUTING -o eth0 -j IMQ --todev 0 run_iptables -t mangle -A PREROUTING -i eth0 -j IMQ --todev 1
/etc/shorewall/init modprobe imq ip link set up imq0 ip link set up imq1 /etc/shorewall/stopped ip link set down imq0 ip link set down imq1 This way you can shape outgoing traffic on IMQ0 and incoming traffic on IMQ1, both based on private ip address. I don't use shorewall to mark packets, just plain tc filters. This is the main reason I prefer IMQ over IFB. I don't have an example script handy, but it should be trivial to port any tc script. Pablo. ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
