Hello, I have a question about two way traffic, and how to shape it? Lets say we want to limit a customer usage to 256kbit total. So on my firewall I add shaping rules to the client side nice with a ceiling of 256kbit. Now I also want to limit there upload, so I add the same to the other nice in the firewall. But if the customer uploads and downloads at the same time, they could use up 512kbit of my connection. How can one handle this problem. Is there a way to specify a max for all traphic and then alow barrowing between upload and download?? Or it this a limitation that I will have to live with? -- Regards Joseph Watson _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Friday 01 November 2002 06:35, Joseph Watson wrote:> Hello, > > I have a question about two way traffic, and how to shape it? > > Lets say we want to limit a customer usage to 256kbit total. So on my > firewall I add shaping rules to the client side nice with a ceiling of > 256kbit. Now I also want to limit there upload, so I add the same to the > other nice in the firewall. But if the customer uploads and downloads at > the same time, they could use up 512kbit of my connection. How can one > handle this problem. Is there a way to specify a max for all traphic and > then alow barrowing between upload and download?? Or it this a limitation > that I will have to live with?You can use the imq device. This is a virtual device. You can redirect packets with iptables to it and you can do it on incoming/outgoing and from different NIC''s. So you can limit download + upload together like you want. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> Lets say we want to limit a customer usage to 256kbit total.That is, you want to limit upload+download. Whether or not it can be done, I think it''s worth pointing out that this is nonsense. It makes sense to allocate A+B only if A and B can be used to replace each other. Upload and Download are not like that. They''re more like food and air - you need both. If you have no air it won''t do any good to be given more food. In your case the analogous thing is that you have a total of 1Mbit up and 1Mbit down available, two users, and you allocate 1Mbit total to each. One decides to attack the other by using 1Mbit upload. You decide that''s fair, the other (the victim) can just use 1Mbit download. Well, maybe he can, but it won''t do him any good. I suggest instead that you allocate upload and download bandwidth separately. _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/