Manoj S Gaur wrote: >1. We have 20+ VLANs behind shorewall firewall. We would like to >distribute the Internet bandwidth to different VLANs having >minimumm, typical and maximum values based on IP ranges after NAT >e.g., <http://172.17.4.0/24>172.17.4.0/24. What rules need to be >created to do so?
If you simply want certain subnets or VLANs to have a certain max bandwidth, then that can be done by applying traffic shaping to each outbound interface as required. However, what you cannot do is 'borrow' bandwidth from another class on a different interface. What I mean is, with a single interface, you can have a class that is guaranteed x bps, but can use up to y bps if nothing else is using the extra. it should, in principal, be possible to use an IFB, which is in effect a virtual interface that all traffic is routed through, to allow you to setup such a configuration before the traffic is routed out of the physical interfaces. There has been some discussion on the list over the past few weeks, so try a search ofor IFB. >2. We also would like to time the access of internet of some of the >VLANs, i.e., <http://172.17.4.0/24>172.17.4.0/24 should be allowed >to access the internet only during 6:00am - 9:00am and >5:00pm-12:00am and so on. This is to make sure that the hostel >students come to the classes. How can it be implemented? Just have two (or more) different configurations, and a cron job which will restart shorewall at the appropriate times to lead the different configs. You can pass a config directory to the invocation to have shorewall use a non-standard config. if the only difference is a few rules, then you can use include files and links to get the rest of the config to be common across different setups. Getting the right config to be started at system boot time is a bit more involved ! ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
