From: Ken Bantoft (ken_at_freeswan.ca)
Date: Tue Dec 10 2002 - 21:11:35 CET
-----BEGIN PGP SIGNED MESSAGE-----
On Tue, 10 Dec 2002, Christopher Lyon wrote:
> Maybe I looked at it to quickly but it doesn't look like I can be very
> granular with the control of the bandwidth. Can I control down to the IP
> address to use a specific amount and also down to the protocol?
Yes - some examples...
EG:
tc filter add dev ipsec0 protocol ip parent 1:0 prio 1 u32 match ip sport 5800 0xffff flowid 1:12
Thats Matches Source Port of 5800
tc filter add dev eth1 protocol ip parent 1:0 prio 1 u32 match ip src 200.0.0.128/27 match ip dst 192.168.0.0/24 flowid 1:10
Matches source in 200.0.0.128/127 and dest of 192.168.0.0/24.
tc filter add dev eth0 protocol ip parent 1:0 prio 1 u32 match ip protocol 50 0xff flowid 1:10
That matches all ESP (protocol 50) packets.
> -----Original Message-----
> From: Chris Malott [mailto:cmalott_at_travelconnection.com]
> Sent: Tuesday, December 10, 2002 8:52 AM
> To: Christopher Lyon
> Cc: users_at_lists.freeswan.org
> Subject: Re: [Users] VPN Bandwidth Control
>
> I use HTB...
>
> http://lartc.org/howto/lartc.qdisc.classful.html
>
> Basically configure them to shape outgoing traffic on both ends, and you
> will acheive the desired effect. There are some additional kernel
> options
> you have to enable in order to do this. I'm not an expert on this, and
> really, just followed the howto.
>
> Maybe somebody else can provide, some additional pointers.
>
> I'm attaching the script, which should serve as a good example.
>
> Chris
>
> ----- Original Message -----
> From: "Christopher Lyon" <cslyon_at_netsvcs.com>
> To: <users_at_lists.freeswan.org>
> Sent: Monday, December 09, 2002 6:12 PM
> Subject: [Users] VPN Bandwidth Control
>
>
> > I am in the need of a program that will control the bandwidth using
> > bandwidth allocation and priority per protocol (Layer3+) over the VPN
> > tunnels that I have created. Is there such a thing that I can load on
> > the VPN gateways to do this? I have iptables now and that is great for
> > controlling the traffic but would like to control the video and voice
> > going over the tunnel too. Any ideas?
> >
> >
> >
> >
> > _______________________________________________
> > Users mailing list
> > Users_at_lists.freeswan.org
> > http://lists.freeswan.org/mailman/listinfo/users
> >
>
>
> This message was checked by MailScan for WorkgroupMail.
> www.workgroupmail.com
>
> _______________________________________________
> Users mailing list
> Users_at_lists.freeswan.org
> http://lists.freeswan.org/mailman/listinfo/users
>
- --
Ken Bantoft The Unoffical FreeS/WAN Site:
ken_at_freeswan.ca http://www.freeswan.ca
PGP Key: finger ken_at_bantoft.org
"We can factor the number 15 with quantum computers. We
can also factor the number 15 with a dog trained to bark
three times." -- Robert Harley, 5/12/01, Sci.crypt
"It is dangerous to be right when the government is wrong."
-- Voltaire
"The obvious mathematical breakthrough would be development
of an easy way to factor large prime numbers."
-- Bill Gates from The Road Ahead, p265
"An essential element of freedom is the right to privacy,
a right that cannot be expected to stand against an
unremitting technological attack." -- Whitfield Diffie
"Anyone who considers arithmetical methods of producing
random digits is, of course, in a state of sin."
-- John Von Neumann, 1951
"Random numbers should not be generated with a method
chosen at random." -- Donald Knuth,
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQCVAwUBPfZKeliWUusaxGxpAQHnOQQAoMaz036sTA/D/DxTlKost2VuxG6Ic4zq
79WECQAG4YubJDgYyzN5D1c4mc1dunGVVSXGWe3eI132BtXEw415ax1t2O4t8Qdg
udK1gXg/jOx26T2qNB7i5P84kj9F1rXKvZuLNpwnARChW37JhKoMSkrQlVI7TwZC
a9wST0LAsT8=
=UL3L
-----END PGP SIGNATURE-----
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Wed Dec 11 2002 - 05:21:07 CET