From mboxrd@z Thu Jan  1 00:00:00 1970
From: Raghuveer <raghuveer-rc@naturesoft.net>
Date: Wed, 10 Sep 2003 11:33:05 +0000
Subject: Re: [LARTC] beginner question about imq
Message-Id: <marc-lartc-106319321200571@msgid-missing>
List-Id: <lartc.vger.kernel.org>
References: <marc-lartc-106318926529070@msgid-missing>
In-Reply-To: <marc-lartc-106318926529070@msgid-missing>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
To: lartc@vger.kernel.org

Sz=E1lka Tam=E1s wrote:

> Hi!
>
> I have to make a firewall which guarantees bandwidth to several=20
> clients (both upstream and downstream should be limitied). It has=20
> three interfaces, eth0 facing to the internet, eth1 to local network=20
> with several ip addresses (different subnets) and eth2 to dmz=20
> (webserver). Egress traffic is ok, I set up the tc rules to eth0 and=20
> the upstream limiting is fine. But I have to manage bandwidth of=20
> downloading too.
> While eth0 has one public ip address, the firewall does masquerading=20
> to the local subnets (with local ip ranges). So should I set up an imq=20
> device on eth1 with iptables mangle through the prerouting chain to do=20
> traffic shaping to the subnets? In this case the packets arrive to=20
> eth1 already masqueraded (am I right?) and I can limit the ingress=20
> traffic of local adresses. Or should I use the imq on eth0? Doesn't it=20
> bothers egress shaping? I'm confused a little bit... :-s
> Can you help me?
>
> Thanks
> Tom
>
I feel imq+HTB on eth0 is an ideal solution for ur requirement.

Regards
-Raghu

>
>
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
>
>


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/