From mboxrd@z Thu Jan  1 00:00:00 1970
From: gypsy <gypsy@iswest.com>
Date: Fri, 02 Apr 2004 15:44:44 +0000
Subject: Re: [LARTC] wondershaper question
Message-Id: <406D8A6C.D7CAB0A1@iswest.com>
List-Id: <lartc.vger.kernel.org>
References: <9911B83A96D5CF44B5F326FF60E6EB690AD14F@mailsvr.leadingside.com.my>
In-Reply-To: <9911B83A96D5CF44B5F326FF60E6EB690AD14F@mailsvr.leadingside.com.my>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

gypsy wrote:

AFTERTHOUGHT:  I should have been more precise:

> Yes, but be careful with NAT; finding 192.168.1.# can be tough.  Also
> remember YOU DO NOT SHAPE DOWNLOADS!  HTB can only "police" D/L, not
> "shape".  You must use iptables or IMQ to "shape" D/L; I use iptables -m
> limit --limit ##/second -j ACCEPT
>     iptables -j DROP
> and make sure that these 2 lines preceed any RELATED, ESTABLISHED
> accepts.  Note that the real iptables rules include either --dport ## or
> --sport ##, depending on what the rule accomplishes.  Note further that
> downloads are on INPUT so I specify -A INPUT to throttle D/L.

iptables is "rate limiting" not "shaping".

NATted users are rate limited on the FORWARD chain, not INPUT.

gypsy
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/