Pablo Sebastián Greco wrote: > On 08/06/2009 13:53, Tom Eastep wrote: >> Pablo Sebastián Greco wrote: >> >>> On 08/06/2009 10:02, Tom Eastep wrote: >>> >>>> Simon Hobson wrote: >>>> >>>> >>>>> Tom Eastep wrote: >>>>> >>>>> >>>>> >>>>>> > i think iproute2 is capable of doing this, can anybody suggest me >>>>>> some >>>>>> >>>>>> >>>>>>> toola or utility to configure this. >>>>>>> >>>>>>> >>>>>>> >>>>>> iproute2 + iptables + xtables-addons + recent Linux Kernel + lots of >>>>>> knowledge about how all of those things work. >>>>>> >>>>>> >>>>> A situation for using an IFB ? >>>>> >>>>> >>>>> >>>> I doubt it. Unless the OP has public IP addresses assigned to all >>>> internal systems, an IFB doesn't work for limiting traffic per-host. The >>>> reason is that the destination address of the traffic hasn't been >>>> 'de-NATted' yet when it goes through the IFB. >>>> >>>> One really needs IPMARK applied to shaping on the internal interface. >>>> This will be possible in Shorewall 4.4 but is not available in 4.2. >>>> >>>> -Tom >>>> >>>> >>> You can use IMQ configured in AB configuration (you can shape on the >>> external eth based on internal IP). I'm using it with shorewall just >>> adding a few lines to the start script, redirecting traffic to IMQ. >>> >>> Hope it helps. >>> >> Please elaborate -- what few lines did you add to the start script? I >> assume that 'start script' means /etc/shorewall/start? >> >> -Tom >> >> > Yes, I'm adding these lines: > /etc/shorewall/start > run_iptables -t mangle -A POSTROUTING -o eth0 -j IMQ --todev 0 > run_iptables -t mangle -A PREROUTING -i eth0 -j IMQ --todev 1
Unfortunately, IMQ target support isn't available in either the standard iptables distribution or in xtables-addons. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
