On Friday 01 November 2002 00:07, Robert Felber wrote:
> On Thu, Oct 31, 2002 at 11:50:28PM +0100, thomas bilke wrote:
> > Yes, the host is in my LAN. But I want to shape the incoming and outg=
oing
> > traffic corresponding to this host, or later to the whole LAN. Doesn'=
t
> > exist any facility to shape the incoming traffic?
> >
> > Thomas
>
> Yes, the qdisc ingress is exactly developed for one purpose: shape
> incomming traffic.
Ingress will not shape the incoming traffic, but if you use filters+polic=
ers=20
you can drop packets that exceed a certain rate. That's not the same as =
you=20
can do with cbq for the outgoin packets.
> You can both, the CBQ and ingress qdisc, use at the same time for
> a device (yes, also real eth devices).
You have something like this :
LAN --- eth1 --- linux box --- eth0 --- ISP
If you add a cbq qdisc on eth0, this will shape the packets going to your=
ISP. =20
So in the filter statement you need the src address of the host in the LA=
N. =20
But be aware that if you are natting on that box, you don't know the src=20
address anymore (the src address is natted to the address of the linux-bo=
x). =20
You can solve this issue with iptables + fw filter : mark the packets whe=
n=20
they enter the box at eth1 and use that to filter mark on eth0.
For the incoming bandwidth, you can use the ingress qdisc and filters wit=
h=20
policer. If you add a ingress qdisc, you can add filters with policers. =
=20
Each policer is a sort of tbf with a certain rate. Packets that exceed t=
hat=20
rate are dropped. So you can control the incoming packets.
An other trick is using a imq device or shaping on eth1 if the linux box =
is=20
only a router so all packets entering eth0 are leaving eth1.
Stef
--=20
stef.coene@docum.org
"Using Linux as bandwidth manager"
http://www.docum.org/
#lartc @ irc.oftc.net