Ricardo Rios wrote: >Is there any chance i can limit upload and download per IP on my >local network ? i have a box with a external and internal interface, >and like 150 IPs in use on network, i am actually using a TC scrip >who limit only download, i want to know if is there any chance to >limit upload/download per-IP using shorewall, and not just a >segment, i need to give to every IP is own speed, like 192.168.2.200 >with 64kbps upload and 256kbps download, and 192.168.2.201 with >36kbps upload and 128kbps download, and like that with the rest of >the 150 IPs
Technically you can do it - buy you have to do it on the internal network connection before everything has been NATed onto one public IP. Since you can't do TC scheduling on ingress, you'd have to route the traffic through an IFB* (Intermediate Function Block) which effectively routes the traffic out and back in through a virtual interface that you can apply the scheduling on. * Is that the right one, I can never remember if that is the current functionality, or the older one that's been replaced. In practical terms though, it's going to be hard to do. 36kbps * 150 is about 5.4Mbps - so if you haven't got that much upstream bandwidth then you cannot give all clients that much committed bandwidth each. The sum of all your committed rates at any level in the setup must not exceed that in the next higher level. You can however give many users a low committed bandwidth and allow them to burst to a much higher rate. I also wonder how effective such traffic control would be - whether any of the available scheduling methods would cope well with that many separate classes. Also, when writing the rules, don't forget to allow (effectively) unlimited traffic to/from the firewall itself from/to the internal machines if they may access anything on the firewall. I have traffic logging going on on my routers at work, and so need to allow that data to be accessed without throttling. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
