From mboxrd@z Thu Jan  1 00:00:00 1970
From: Przemyslaw Kowalczyk <PRZEM@it.engine.com.pl>
Date: Tue, 15 Apr 2003 13:44:37 +0000
Subject: [LARTC] Three interfaces and traffic shaping
Message-Id: <marc-lartc-105041427018247@msgid-missing>
List-Id: <lartc.vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

Hi.

I think, I have quite common configuration on my firwall:
eth0 - to provider (1Mbps) (imq0 attached on prerouting)
eth1 - local network (100Mbps) (private IPs) - users with certain 
priorities
eth2 - DMZ (100Mbps) (public IPs)

I'm trying to set up traffic shaping that would give both networks (local 
and DMZ) 512kbps for connection to/from the Internet and unlimited 
traffic between them (local <-> DMZ) while still managing same 
priorities for the local users (some of them should have 'better' 
service then others within the 512kbps limit).

The problem I cannot overcome is the NAT - packets enter imq0 have public 
IP so I can't distinguish the local users packet is heading for. On the 
other hand if I try to shape them on eth1 I will have to create a class 
with 100Mbps throughput and then a subclass with 512kbps which seems 
very 'unelegant' solution to me.

Is there any other way to shape in that kind of situation?

best regards
przem





_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/