From: "it clown" <suse@mailbox.co.za>
To: netfilter@lists.netfilter.org
Subject: Re: limiting bandwidth with iptables or squid?
Date: Fri, 29 Oct 2004 07:54:46 +0200 [thread overview]
Message-ID: <web-493669244@mail01.infosat.net> (raw)
In-Reply-To: <417CE54B.5060107@dsl.pipex.com>
Hi All,
I am abit confused with tc.
I need a string to limit band whidth for ips or mac
addresses.
iptables -A PREROUTING -i eth0 -s x.x.x.x -t mangle -j MARK
--set-mark 1
will mark the packets for that ip.i think.
what string for tc do i need to limit x.x.x.x to say 5kb/s
download speed? eth0 is my internal network card of my
linux box.
Regards
On Mon, 25 Oct 2004 12:36:43 +0100
Andy Furniss <andy.furniss@dsl.pipex.com> wrote:
> Jason Opperisano wrote:
> > On Sun, 2004-10-24 at 10:20, it clown wrote:
> >
> >>Hi All,
> >>
> >>I would like to know how to limit bandwidth with
> iptables.I
> >>would like to limit bandwidth to ip's and mac
> address.Do i
> >>need another program to work with iptables or can
> iptables
> >>do it on its own?Does any one know where i can find
> >>something to read up on this?
> >>
> >>If iptables can not do it can i do it with squid?
> >
> >
> > first off--you can't do "inbound" traffic shaping--only
> outbound.
>
> I know your link qualifies this a bit - but I'd say you
> can do inbound (narrow end of bottleneck) traffic
> shaping. Albeit as an inperfect kludge and at the expense
> of some bandwidth. The imperfect bit being if you really
> care about latency - not bandwidth shaping, I would argue
> that I can do that almost perfectly as my ISP has a 600ms
> buffer and my shaping at 80% of 512kbit/s never looses
> control enough that packets get dropped from that.
> you
> > cannot control how fast incoming packets hit your
> machine
>
> I assume TCP - which is clocked by acks - so the rate you
> dequeue does affect the rate at which packets hit ISP
> buffer. Packets never hit my machine faster than my link
> speed of course - which makes the queue get filled in a
> burstless way.
>
> > or how big they are--
>
> mss clamping :-)
>
> Andy.
>
> you can only control how fast you allow them to leave.
> >
> > that being said--read chapter 9 of:
> >
> > http://lartc.org/howto/
> >
> > -j
> >
>
>
>
_____________________________________________________________________
For super low premiums ,click here http://www.dialdirect.co.za/quote
next prev parent reply other threads:[~2004-10-29 5:54 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-10-24 14:20 limiting bandwidth with iptables or squid? it clown
2004-10-24 15:16 ` Jason Opperisano
2004-10-24 15:35 ` it clown
2004-10-25 11:36 ` Andy Furniss
2004-10-29 5:54 ` it clown [this message]
2004-10-31 11:40 ` Andy Furniss
2004-10-25 0:15 ` Alexander Samad
2004-10-25 9:05 ` Matteo Santori
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=web-493669244@mail01.infosat.net \
--to=suse@mailbox.co.za \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox