On 08/06/2009 15:05, Tom Eastep wrote: > Pablo Sebastián Greco wrote: > >> On 08/06/2009 13:53, Tom Eastep wrote: >> >>> Pablo Sebastián Greco wrote: >>> >>> >>>> On 08/06/2009 10:02, Tom Eastep wrote: >>>> >>>> >>>>> Simon Hobson wrote: >>>>> >>>>> >>>>> >>>>>> Tom Eastep wrote: >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>> > i think iproute2 is capable of doing this, can anybody suggest >>>>>>> me some >>>>>>> >>>>>>> >>>>>>> >>>>>>>> toola or utility to configure this. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> iproute2 + iptables + xtables-addons + recent Linux Kernel + lots of >>>>>>> knowledge about how all of those things work. >>>>>>> >>>>>>> >>>>>>> >>>>>> A situation for using an IFB ? >>>>>> >>>>>> >>>>>> >>>>>> >>>>> I doubt it. Unless the OP has public IP addresses assigned to all >>>>> internal systems, an IFB doesn't work for limiting traffic per-host. The >>>>> reason is that the destination address of the traffic hasn't been >>>>> 'de-NATted' yet when it goes through the IFB. >>>>> >>>>> One really needs IPMARK applied to shaping on the internal interface. >>>>> This will be possible in Shorewall 4.4 but is not available in 4.2. >>>>> >>>>> -Tom >>>>> >>>>> >>>>> >>>> You can use IMQ configured in AB configuration (you can shape on the >>>> external eth based on internal IP). I'm using it with shorewall just >>>> adding a few lines to the start script, redirecting traffic to IMQ. >>>> >>>> Hope it helps. >>>> >>>> >>> Please elaborate -- what few lines did you add to the start script? I >>> assume that 'start script' means /etc/shorewall/start? >>> >>> -Tom >>> >>> >>> >> Yes, I'm adding these lines: >> /etc/shorewall/start >> run_iptables -t mangle -A POSTROUTING -o eth0 -j IMQ --todev 0 >> run_iptables -t mangle -A PREROUTING -i eth0 -j IMQ --todev 1 >> > Unfortunately, IMQ target support isn't available in either the standard > iptables distribution or in xtables-addons. > > -Tom > I know, I really hate that :( , but it's the only solution I can think of. Pablo.
------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
