| title: | throttle particular client ip |
|
I know this will be trivial for most, but I am having trouble with getting
my scenario to work correctly. I want to tag and throttle the
bandwidth to and from a particular client on my lan side. Better yet, I
just want to throttle smtp traffic, per say, for that ip.
----lan----------eth1-[linux.box]-eth0----------internet
I have used the technique provided by smueller@xxxxxxxxxx and his
limit.conn-0.2 perl script, which basically does the following:
iptables --append PREROUTING --in-interface eth0 --table mangle
--protocol tcp --source $SERVERIP
--source-port $SERVERPORT --jump MARK --set-mark 0x1
tc qdisc add dev eth0 handle ffff: ingress
tc filter add dev eth0 parent ffff: protocol ip prio 50 handle
0x1 fw police rate 1kbit burst 1500 mtu 9k drop flowid :0x1
This works great! But all clients on the lan side are throttled for what
ever $SERVERIP and $SERVERPORT that are marked.
I have yet to be able to syntactially provide the reversal onto a client.
And, Im not even sure if I need to utilize iptables for what I want to do?
And, If iptables are needed for the marking of the traffic, would I use
the POSTROUTING (which Ive tried)?
Im thinking that simply utilizing tc on the linux.box for a particular
interface (either eth0 or eth1) should work, but have not had luck in this
saga thus far.
Any help, advice, direction, will be apprecicated.
Also to note, as a newbie to tc, htb seems to be the most utilized in the
mail threads. And the man pages for tc mention (and your lartc.org
howtos) say cbq is more for link sharing.
Thank you for your time and consideration,
--Karl
MailKey: GUINNESS
_______________________________________________
LARTC mailing list / LARTC@xxxxxxxxxxxxxxx
mailman.ds9a.nl/mailman/listinfo/lartc mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: lartc.org/ lartc.org/
|
