From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Wingtung.Leung" <s965817@uia.ua.ac.be>
Date: Tue, 12 Jun 2001 14:40:37 +0000
Subject: Re: [LARTC] Bandwidth management on a NAT-ing firewall
Message-Id: <marc-lartc-99235689125443@msgid-missing>
List-Id: <lartc.vger.kernel.org>
References: <marc-lartc-99229659005031@msgid-missing>
In-Reply-To: <marc-lartc-99229659005031@msgid-missing>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

On Mon, 11 Jun 2001, Marc Guardiola wrote:

> I've got a Firewall, which is NAT-ing 10.10.0.0/16 to the outer world.
> eth0b.108.12.226
> eth1.10.100.1
>
> Of 1 ip, 10.10.100.212, I would like to limit the bandwith to 80 Kbit on the
> firewall. This with iproute (tc) and iptables.
> This can probably been done in different ways.. with fwmark and by
> sourceaddress. I've tried them all.. without success sofar. It seems to
> neglect the rules .. :((
> The last thing I tried is:

[snip]

Try to attach a filter to the internal interface which checks the source
IP address. Use the general u32 filter instead of fwmark, it should be
easier.

(This question (NAT + bandwidth control) is coming much too often on this
list, shouldn't it be added to the HOWTO?)

-- 
GnuPG public key: http://win-www.uia.ac.be/u/s965817/pub.key
fingerprint = A3C4 DE50 712D 4FA8 C564  4D96 5E06 C9CC ECFA 19C5



_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/