[LARTC] traffic shaping question

[Nagy Gabor Peter <linux42@freemail.hu>]

Hi list,

I have read the lartc 9th chapter, the bandwidth management part.

I think I understand the principle, but I have a question.

So I have a firewall that has several different interfaces. The most
important for my question is the Internet interface, which is a 2mbps
leased line.
I have an interface into the protected network, I have a DMZ interface,
and I have an interface with direct connection to a client.

Here is what I need:
Internet -> DMZ + Internet -> LAN + Internet -> firewall traffic
together should not exceed 1.5mbps

At the moment I have a tbf, that limits everything that goes to the LAN,
and another that limits everything going to the internet.

I would like to shape the incoming traffic from the internet. OK, I
understand that I cannot influence the senders out there not to try to
send me packets, I can only influence how fast these packets are sent
from me.

But can I somehow treat all incoming traffic together?

Because my knowledge at the moment is only some shaping possibilities on
the LAN interface and on the DMZ interface.

I have only one idea, but I don't know if it is feasible, and if it is,
how to do that.

So I thought that I will create a virtual interface, and route all
traffic from the Internet through this one. So incoming on Internet
interface, outgoing on virtual interface, and from there incoming on the
firewall machine, or outgoing on the LAN or the DMZ interface.

Does it sound good? How can I do that? (I suppose I have to read other
chapters in the lartc guide. Could you point me out where to start? What
to look for?)

Or is there another solution? What would you recommend?

Cheers,
Gabor
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc