[LARTC] Allocating 64 kbits/s out of 256 kbits/s for one LAN behing fire

To:	lartc@mailman.ds9a.nl
Subject:	[LARTC] Allocating 64 kbits/s out of 256 kbits/s for one LAN behing firewall
From:	"Indunil Jayasooriya" <indunil75@gmail.com>
Date:	Thu, 2 Aug 2007 14:48:55 +0530
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	lartc-list@securepoint.com
Delivered-to:	lartc@outpost.ds9a.nl
Dkim-signature:	a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=ZNljqJv1nLKJih50unDxOjMJvoV9zovSiyaDHTkbDdfUulGxGHe5OmBRUvrF5CpGjzwx6QFpYIUZaKufjPgE3MJ0ql8PLnhJ9rcWFCtBW9R6/lLnnADPwsYupMMPFSKlM5jGQgrtPGgfpUUmhnkDRGRU9BrdMwEpkvxzzTPIJ2A=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=bTZJPxBof1iNc1PUGdE/qFnyHGlI/TbOKVq7dCJzEjAvlKs7LyVm0NMdifqHjPG6+0CRgnisJ/AWhltA/4AXsJZlowt2KXe6PvPAPZNABW+vmmxOEVeMP67M5/OTMQTCIRIpzjAb3xM/+6xzB1uxG4gcvufSpCid/oG2qdpY7oI=
In-reply-to:	<7ed6b0aa0708020218s31b0448cxb8ec8d7147173cac@mail.gmail.com>
List-archive:	<http://mailman.ds9a.nl/pipermail/lartc>
List-help:	<mailto:lartc-request@mailman.ds9a.nl?subject=help>
List-id:	"Mailinglist of the Linux Advanced Routing & Traffic Control project" <lartc.mailman.ds9a.nl>
List-post:	<mailto:lartc@mailman.ds9a.nl>
List-subscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=subscribe>
List-unsubscribe:	<http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc>, <mailto:lartc-request@mailman.ds9a.nl?subject=unsubscribe>
References:	<7ed6b0aa0708020218s31b0448cxb8ec8d7147173cac@mail.gmail.com>
Sender:	lartc-bounces@mailman.ds9a.nl

Hi,

We have a 256 kbits/s (kilobits per second) link to the internet. it is a router running Linux that belongs to our ISP. They have given us 8 internet ips. (i.e- subnet is 255.255.255.248 ). one has been given to this router. I have given another internet ip to the firewall running CentOS 4.5. iptables is running on it. And also, I have installed iproute2 pkg as well.

pls see below for installed pkgs.
[root@firebox ~]# rpm -qa |grep iptables
iptables-1.2.11-3.1.RHEL4
[root@firebox ~]# rpm -qa |grep iproute
iproute-2.6.9-3.EL4.3.centos4

This firewall has 3 ethernet cards at the moment. one is connected to router. one is connected to our DMZ zone. one is connected to LAN1.

These are ips of the firewall.

eth0 (internet) - 1.2.3.4/255.255.255.248 (pls assume it. For security reason, I will not give you the actual ip)
eth1 (DMZ Zone) - 192.168.100.254/255.255.255.0
eth2 (LAN1) - 192.168.101.254/255.255.255.0

Now, everyone in LAN1 has access to internet. (due to SNAT rule)

Now, I want to install another ethernet card to this firewall. then, it would be eth3.

eth3 will be as follows.

eth3 (LAN2) - 192.168.102.254/255.255.255.0

Now, I want put about 5 people (5 PCs) behind this LAN2 and give internet access to them. But, I do not want them to use my whole bandwidth ( i.e - 256 kbit/s), But Instead, I want peple behind this LAN2 to allocate 64 kbits/s (kilo bits per second) for their internert access.

Is it possible to acheive this task on firewall running iptables and iproute2 (CentOS 4.5) ?

If so, How can I do such thing?

If I do such thing, what will happen to the people behind LAN1 ? Will they get whole 256 kbits/s as before or will they get 256 kbit/s - 64 kbit/s for their internet access?

Hope to hear form you.

--
Thank you
Indunil Jayasooriya

--
Thank you
Indunil Jayasooriya

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc

<Prev in Thread]	Current Thread	[Next in Thread>
[LARTC] Allocating 64 kbits/s out of 256 kbits/s for one LAN behing firewall, Indunil Jayasooriya <= Message not available Re: [LARTC] Allocating 64 kbits/s out of 256 kbits/s for one LAN behingfirewall, Indunil Jayasooriya Message not available Re: [LARTC] Allocating 64 kbits/s out of 256 kbits/s for one LAN behingfirewall, Indunil Jayasooriya

Previous by Date:	Re: [LARTC] tc shown rate larger than ceil (was "Weird rate in HTB"), Andy Furniss
Next by Date:	Re: [LARTC] tc shown rate larger than ceil (was "Weird rate in HTB"), Stonie Cooper
Previous by Thread:	Re: [LARTC] tc shown rate larger than ceil (was "Weird rate in HTB"), Andy Furniss
Next by Thread:	Re: [LARTC] Allocating 64 kbits/s out of 256 kbits/s for one LAN behingfirewall, Indunil Jayasooriya
Indexes:	[Date] [Thread] [Top] [All Lists]