From mboxrd@z Thu Jan 1 00:00:00 1970 From: Philip Gaw Date: Thu, 23 Mar 2006 16:28:24 +0000 Subject: Re: [LARTC] linux box as vlan p2p limiter and firewall? Message-Id: <4422CCA8.2060804@darktech.org.uk> List-Id: References: <1143110605.17746.45.camel@localhost> In-Reply-To: <1143110605.17746.45.camel@localhost> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Andraz Sraka wrote: > re > > On Thu, 2006-03-23 at 16:58 +0100, Carlos Blanquer wrote: > > >> I recommend (so I haven't done it cos I have no needs up now) use >> FreeBSD to do that. Bridging in BSD has more sense than do it in a >> Linux box. >> > > that was my second best choice ;-] > > > >> It's totally possible, you can use any script found via google or any >> of that are travelling in this mail list. >> > > True in a way, but still I was hoping that someone can give me more > specific guidelines what are the possibilities and what's the "best" way > to do it. Since I've already said, that I need to do p2p limiting and > some basic firewalling on data stream in trunked (cisco term. = tagged) > vlan. > > regards, > Andraz > > > > > vlans on linux as someone said already, is just a basic eth0.x > interface, which you just shape/firewall etc in the same way as a > normal interface. > > > > its not difficult to setup. > > ------------------------------------------------------------------------ > > _______________________________________________ > LARTC mailing list > LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc > hey there. best way to do this is with ebtables + vlans + qos on a linux box. bsd shaping is basic at best, and junk at worst. altq cannot do proper shaping over multiple interfaces (couldnt have say 10mbit shared between 3 or 4 interfaces etc). certainly not in my experience. linux is far superior for what your wanting to do, can even do layer7 shaping. vlans on linux as someone said already, is just a basic eth0.x interface, which you just shape/firewall etc in the same way as a normal interface. its not difficult to setup. if you require any more info or help, feel free to pm me off list. i have this exact setup. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc