From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?iso-8859-1?Q?Sz=E1lka?= =?iso-8859-1?Q?_Tam=E1s?= Date: Wed, 10 Sep 2003 18:13:57 +0000 Subject: Re: [LARTC] beginner question about imq Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable To: lartc@vger.kernel.org At 16:51 2003. 09. 10.=AD +0530, you wrote: >Sz=E1lka Tam=E1s wrote: > >>Hi! >> >>I have to make a firewall which guarantees bandwidth to several clients=20 >>(both upstream and downstream should be limitied). It has three=20 >>interfaces, eth0 facing to the internet, eth1 to local network with=20 >>several ip addresses (different subnets) and eth2 to dmz (webserver).=20 >>Egress traffic is ok, I set up the tc rules to eth0 and the upstream=20 >>limiting is fine. But I have to manage bandwidth of downloading too. >>While eth0 has one public ip address, the firewall does masquerading to=20 >>the local subnets (with local ip ranges). So should I set up an imq=20 >>device on eth1 with iptables mangle through the prerouting chain to do=20 >>traffic shaping to the subnets? In this case the packets arrive to eth1=20 >>already masqueraded (am I right?) and I can limit the ingress traffic of = >>local adresses. Or should I use the imq on eth0? Doesn't it bothers=20 >>egress shaping? I'm confused a little bit... :-s >>Can you help me? >> >>Thanks >>Tom >I feel imq+HTB on eth0 is an ideal solution for ur requirement. > >Regards >-Raghu I'd like to filter the packages on their SNAT-ed (local) ip addresses. when= =20 the package enters the IMQ right after the iptables PREROUTING chain, does = it have SNAT-ed ip addresses? As far as I know the SNAT happens in the=20 POSTROUTING chain. Am I wrong? Or am I even more confused? :) Tom _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/