On Tue, Sep 04, 2007 at 05:29:52PM +0100, alex wrote: > > So in effect, you can only shape inbound traffic on i/f1 as it exits > > i/f2 IFF there is minimal traffic coming for the firewall itself. > > Internal traffic from the firewall to i/f2 can be dealt with by > > sufficiently complicated tc setup ! > > No, only inbound traffic from i/f1 to firewall itself interesting > to me (not from firewall to i/f2). So as i have 1Gbit ethernet on i/f2 > and ADSL on i/f1.
If your intent is to prevent congestion on the ADSL line, from data being uploaded to your server, then forget it. This shaping operation must be performed at your ISP, you can't do it on your end of the link. All you can really control is the rate of traffic being downloaded from your server. As a partial kludge you can try shaping the acks sent out by your server, but this is not very effective and relies on making unjustified assumptions about the path MTU. ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
