Hi, I've been using shorewall for quite some time for simple firewalling in a host with one interface to internet and 3 to different internal networks.
The internet port is connected to my provider switch and I get symmetrical 2mbps service from them. I have installed an asterisk box /besides/ the firewall, that is, connected to the same switch as the external interface of my firewall (with a different IP address, obviously). I'd like to prevent our internal hosts to hog the internet link and warrant about 250kbps to the asterisk host (give or take a few kbps). I don't think I can take much of shorewall's traffic shaping since the asterisk host is outside the reach of the firewall. However, I don't mind underusing the link a bit. So my plain need would be to limit all traffic coming in from or going out to eth0 (the internet leg of the firewall) limited to 1.75mbps. If I understand some of what is in http://www.shorewall.net/simple_traffic_shaping.html and http://www.shorewall.net/manpages/shorewall-tcinterfaces.html it is easy to somehow limit INCOMING traffic (simply enabling "TC_ENABLED=Simple" in shorewall.conf and using a linke like "eth0 external 1750kbit" in tcintefaces. That would solve 75% of my requirement (since I usually, but not always) have more incoming than outgoing traffic. I just upgraded from 4.2.2 to 4.4.11.1 in order to be able to use simple traffic shaping. Anyway, I'd like to know if what I did is somehow reasonable and if there's also a way to limit outgoing bandwidth. I have a kind of plan b but I don't like it very much. Chances are that high outgoing traffic originates in either eth3 or, less likely, eth1. I might do the same trick on eth3, but that would limit also internal eth3/eth2 traffic from 100mbps to 1.7mbps... Any help would be appreciated. -- Mariano Absatz - El Baby www.clueless.com.ar ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
