[LARTC] Ingress Limiting...

[LARTC] Ingress Limiting...

[Joshua Snyder]

I am having a problem with Ingress limiting.  I need to limit a interface
to 6Mbit of traffic incoming and outgoing.  Below is what I am trying to
do.  I know that it would be best to limit the incoming traffic at the
upstream router.  But, this is not an option.  I need to limit traffic
only on the Internet connection.  Each of these machines will have at
least one ethernet segment, but could have many other interfaces. 


              Linux Box 
               *----*   eth1
Internet(eth0) |    |--------
---------------|    |
 (6Mb in+out)  |    |----\
               *----*    |
                   Other Interfaces? 


So, here is how I am thinking about doing this.  I want to put an ingress
qdisc on the Internet side (eth0) to control the incoming bandwidth.  Then
I want to put a CBQ+TBF to do the limiting on the outbound side.  I don't
have a problem with the outbound traffic.  But I can't seem to get the
Ingress stuff to work.  Here is what I am trying to do...

tc qdisc add dev eth0 handle ffff: ingress

ipchains -A input -i eth0 -s 0.0.0.0/0 -d 0.0.0.0/0 -m 1
ipchains -A output -i eth0 -s 0.0.0.0/0 -d 0.0.0.0/0 -m 2

tc filter add dev eth0 parent ffff: protocol ip prio 1 handle 1 fw \
police rate 6000kbit burst 40k drop



This is not working, I don't see any data coming over the ingress qdisc.
Should this work?  Is their a better way of doing this( I think I need to
limit only on the internet connection )?  I am currently using linux
2.2.14 with the DS-8 patch and I have new iproute2 utils.  Thanks in
advance...


				josh 



_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/