From: Arne B. <ar...@al...> - 2006-01-31 15:38:27
|
On Tue, 2006-01-31 at 11:33 +0100, Bruno L=E9on wrote: > Hi All, Hi Bruno, >=20 > I'm using Shorewall 3.0.4 and I'm wondering if it is possible to do=20 > traffic shapping on only one interface from a bridge. > The firewall has got 3 NIC, eth0, eth1, eth2. >=20 normally this should not be a problem. I use it only on the outgoing interface of my firewall... > eth0 and eth2 are bridged, but if I'm right, when you specify a traffic= =20 > rate for a link, you do it for the interface. In my case, eth0 and eth2= =20 > do not appear in the interface file, but it is an interface called br0=20 > that is specified. >=20 > The problem is that I belive that if I limit the rate for eth0 which is= =20 > connected to the WAN, this will limit the traffic to eth2 (DMZ) from=20 > eth1 (LAN) as well, because the bandwidth limit will be specified for=20 > br0, and not specifically for eth0 and eth2. >=20 you need to set the limits for the real interface, not br0. Although eth0 is not in your interface file, it is there, just without an ip address (which you don't need for bridging or traffic shaping). I haven't done this myself but i am quite sure that it will work (At least the "LinuxAdvanced Routing & TrafficControl HOWTO" tells me this ;-). --arne --=20 Arne Bernin <ar...@al...> http://www.ucBering.de |