From: László B. <pix...@gm...> - 2009-03-28 11:17:33
|
Hi! I am quite new to shorewall - worked a lot with isa 2004 -, but while I found it easy to config, still i have a question: My FW config is following: eth0 fix ip 40/40mbs Internet eth1 fix ip 100Mbps DMZ (192.168.100.0/24) (we host websites) eth2 fix ip 100Mbps Local net with dhcp (192.168.101.0/24) eth3 fix ip 100Mbps sales net with dhcp (lot less allowed than local net) (192.168.102.0/24) I got this config to work already. My question begins here: I was asked to limit the bandwidth of the users on Local and Sales have towards and from the Internet to 1mbps/1mbps each. (So that users dont eat the bandwidth) Browsing the website i found the following solution: make classes for each ip and make rules for them (i did the tables with TAB-s, just i couldn't get it to work with my webmail) 1. Set TC_ENABLED to Internal in shorewall.conf 2. make a tcdevices file looking like this: #INTERFACE IN-BANDWITH OUT-BANDWIDTH eth0 40mbps 40mbps eth2 100mbps 100mbps 3. make a tcclasses file looking like this #INTERFACE MARK RATE CEIL PRIORITY OPTIONS eth0 1 full full 1 default eth2 1 full full 1 default eth0 2 100kbps 1mbps 2 eth2 2 100kbps 1mbps 2 eth0 3 100kbps 1mbps 2 eth2 3 100kbps 1mbps 2 eth0 4 100kbps 1mbps 2 eth2 4 100kbps 1mbps 2 ... 4. make a tcrules file looking like this #MARK SOURCE DESTINATION PROTIOCOL PORT(s) 2:F 192.168.101.11 eth0 all 2:F eth0 192.168.101.11 all 3:F 192.168.101.12 eth0 all 3:F eth0 192.168.101.12 all 4:F 192.168.101.13 eth0 all 4:F eth0 192.168.101.13 all ... Is This configuration correct? Becouse this means i have to create shedloads of classes! I can have around 500 Clients in the DHCP ranges, but in the description of the website, it is mentioned that 256 classes is the max..... Is there any other way to do this? thx 4 the help (in advance 8)) ) Laszlo Balogh |