Hi. I have a firewall configured with Shorewall with 2 zones: loc and net. The firewall does the masquerading from the loc to the net zones. I want to make a traffic shaping to let me to have a certain piece of bandwith when I connect to the firewall from my fixed IP address, independently from the use of the network from the loc zone. Is there a way to make this? Thank you very much! Bye. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
On Mon, 2007-11-26 at 19:49 +0100, shacky wrote:> Hi. > > I have a firewall configured with Shorewall with 2 zones: loc and net. > The firewall does the masquerading from the loc to the net zones. > I want to make a traffic shaping to let me to have a certain piece of > bandwith when I connect to the firewall from my fixed IP address, > independently from the use of the network from the loc zone. > Is there a way to make this?Yes -- at least for traffic outbound from the firewall. See http://www.shorewall.net/traffic_shaping.htm -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
On Mon, Nov 26, 2007 at 11:26:36AM -0800, Tom Eastep wrote:> > On Mon, 2007-11-26 at 19:49 +0100, shacky wrote: > > I have a firewall configured with Shorewall with 2 zones: loc and net. > > The firewall does the masquerading from the loc to the net zones. > > I want to make a traffic shaping to let me to have a certain piece of > > bandwith when I connect to the firewall from my fixed IP address, > > independently from the use of the network from the loc zone. > > Is there a way to make this? > > Yes -- at least for traffic outbound from the firewall. See > http://www.shorewall.net/traffic_shaping.htmWith the usual proviso - this is completely ineffective against a DoS attack. It is convinience, not security. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Hi Tom! I have one question about shaping work. As i understand (from my observers) if we profiling traffic for some network with 'tc' utility (and Shorewall help) we get equal distribution bandwidth for all _connections_ but not _ipaddresses_. And if one ipaddress create many connections therefore it have more bandwidth. Am i right? And if so, can we shaping traffic on ipaddress base? Thank you very much! Alex ----------- Доставка на дом и в офис пиццы, суши, шашлыка, напитков круглосуточно. Закажи сейчас! http://www.pizza.by (017) 266-35-07 ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users