I have the below example working on tagging a "source" and throttling
all
the clients for traffic control. However, I need to throttle a specific
client on the lan side only. The solution could be with or with out the
use of iptables, it doesn''t matter.
this works: eth0=wan eth1=lan
---------------------------------------------------------------------------
###############################################################
# tag all incoming SYN packets through $DEV as mark value 1
###############################################################
iptables --append PREROUTING --in-interface eth0 --table mangle \
--protocol tcp --source download.fedora.redhat.com \
--source-port 1:65535 \
--jump MARK --set-mark 0x1
############################################################
# install the ingress qdisc on the ingress interface
############################################################
tc qdisc add dev eth0 handle ffff: ingress
############################################################
# utilize ingress qdisc
############################################################
tc filter add dev eth0 parent ffff: protocol ip prio 50 handle \
0x1 fw police rate 1kbit burst 1500 mtu 9k drop flowid :0x1
---------------------------------------------------------------------------
I have tried several options, some of which were to simply add the
--destination option to the iptables statement. Others are a mix of
experimental tc cmds. I am not having success.
Any help would be most appreciated.
Thank You
--Karl
MailKey: GUINNESS
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
