From mboxrd@z Thu Jan 1 00:00:00 1970 From: Gregory Carter Subject: Re: throttling an internal IP's upstream bandwidth Date: Sun, 18 Feb 2007 20:29:02 -0600 Message-ID: <45D90B6E.3020801@aesgi.com> References: <45D83C7C.6000501@rtij.nl> <45D858AD.5060501@rtij.nl> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <45D858AD.5060501@rtij.nl> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="us-ascii"; format="flowed" To: Martijn Lievaart Cc: netfilter@lists.netfilter.org, Scott van Looy I can post a simple tc / iptables recipe if need be to address this problem. -gc Martijn Lievaart wrote: > Scott van Looy wrote: > >> Today Martijn Lievaart did spake thusly: >> >>> Scott van Looy wrote: >>> >>>> >>>> I'm on DSL, I only have small upstream and big downstream. >>>> Everything goes through a 1:1 NAT iptables firewall - so internal >>>> IPs are directly mapped to an external IP. I want to throttle the >>>> internal upstream bandwidth so the internal machines can't upload >>>> at more than 25k/s as the maxing out of the upstream is killing the >>>> much faster downstream...is there a way to do this using iptables? >>>> >>> >>> Google for wondershaper. >> >> >> I use wondershaper, it doesn't let me throttle on a per machine basis >> tho - I want the firewall to only allow a max of 25k out for each of >> my internal machines >> > > Ah, then you have to do some work yourself. The answer is most > probably tc, not netfilter. If you don't have a lot of internal > machines, you can add a filter/qdisc for all of them but for large > amounts of internal machines (or with dhcp), this gets unwieldy. > > However, wondershaper should do what you ultimately want, shape > traffic so uploads don't disturb downloads. It works for me. > > M4 >