Bill Shirley wrote: >Because my LAN is 1 Gb I don't see how the incoming traffic on the >internet is ever going to trigger traffic shaping on the LAN.
It's not about what speed the interface is, it's about what speeds you configure in traffic shaping. Put simply, if you configure traffic shaping on your LAN interface, you can control the rate at which packets leave that interface. Thus you can configure rules which will limit that egress traffic to (say) 1Mbps and that's what your internal devices would be limited to - any more and the traffic shaping will kick in and restrict it - the other 999Mbps will go unused. Note that this is not truly traffic shaping your inbound link as the traffic has already passed down that link. it relies on a feature of TCP that detects dropped packets as indicating congestion and causes the sender to "back off" it's transmission rate. If you wanted to do anything about your upload speed then you'd do that by applying traffic shaping to the WAN interface. You'd have the same problem Tom has pointed out - your traffic will already have modified to use your public IP so you won't be able to apply any rules which rely on knowing what device the traffic came from. FWIW, I do exactly this at work - only without the NAT (we have a public IP block for our hosting etc). On our border routers I traffic shape egress traffic on the WAN and LAN sides. On my LAN side, the traffic shaping is such that traffic originating on the router is not shaped (well actually shaped to max 90Mbps), and everything else is. I have "quite extensive" rules for traffic control - multiple groups (either customers or groups of servers), with multiple priorities within each group. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://ad.doubleclick.net/clk;258768047;13503038;j? http://info.appdynamics.com/FreeJavaPerformanceDownload.html _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
