From: "Martin A. Brown" <mabrown-lartc@securepipe.com>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] ROUTING, POSTROUTING, & Traffic Control
Date: Mon, 17 Feb 2003 18:10:40 +0000 [thread overview]
Message-ID: <marc-lartc-104550549406161@msgid-missing> (raw)
In-Reply-To: <marc-lartc-104550430904684@msgid-missing>
Jeff,
[I rearranged your question a bit.]
: Can I do this? If possible, can someone please give explicit details.
Yes. In order to help you more, we'd need to know IP addresses, and also
a bit more about why you think you need to add more NICs. Depending on
what your answer is to that question, we can make a recommendation on
whether you should simply use tc/fwmark with your existing hardware
configuration to perform your traffic control or whether you really need
to have more physical devices.
: I have 2 machines (A & B) behind a Linux Firewall (FW).
: I have 2 ethernet cards on the FW - eth0 talks to the internet, eth1 talks
: to machines A & B.
: Machine A has lots of inbound & outbound traffic while machine B doesn't.
: It seems reasonable that I could add 2 new ethernet cards (eth2 & eth3) to
: the FW and by configuring iptables and/or routing tables force traffic on A
: to be handled by eth0/eth1 and traffic for B to be handled by eth2/eth3.
If you are looking at reserving a certain amount of bandwidth for machine
B while still allowing machine A the lion's share of the bandwidth, you
are looking at a simple HTB setup on your eth0.
I'd recommend reading up on HTB, queuing and so forth on the following
sites for documentation:
http://lartc.org/howto/ # -- broad docs on linux traffic control
http://www.docum.org/ # -- more hands on docs (and intro)
HTB software:
http://luxik.cdi.cz/~devik/qos/htb/
In short, you can use "tc filter" to select based on fwmark, source
address, destination address, and a number of other criteria. This will
allow you to place traffic from machine A or machine B into a particular
class, thus reserving bandwidth for each one.
Is that what you were looking for?
Good luck,
-Martin
--
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
next prev parent reply other threads:[~2003-02-17 18:10 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-02-17 17:51 [LARTC] ROUTING, POSTROUTING, & Traffic Control Jeff Cordova
2003-02-17 18:10 ` Martin A. Brown [this message]
2003-02-17 19:00 ` Jeff Cordova
2003-02-18 14:28 ` Martin A. Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=marc-lartc-104550549406161@msgid-missing \
--to=mabrown-lartc@securepipe.com \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.