0

I have a linux server providing NAT to a large subnet (/16) using iptables to-destination + multiple external ip's to survive port exhaustion.

I've looked at using tc / htb such as here Limiting bandwidth on internal interface on Linux gateway but it looks like it's not designed to do per host policing.

I'm not looking to evenly distribute my uplink or guarantee service, I need to make sure no single ip / mac can use more than 2Mbps symmetric. Internal traffic can be unlimited, not that I could control it from the gateway anyway.

Is there any way to do this without 65534 tc queues?

All NAT clients communicate via eth0. eth1 is for management, eth2 gateway all internet bound packets leave here, eth3 and higher extra external ip's for receiving only.

Community
  • 1
SomePoorTech
  • 1
  • 1
  • Forgot to include all clients communicate via eth0, eth1 management, eth2 gateway, eth3 and higher extra external ip's. – SomePoorTech Jun 25 '15 at 14:02
  • You can edit your question to add any extra information necessary. – BE77Y Jun 25 '15 at 14:47
  • If you don't find other solution and resort to 64k tc queues, make sure to use hashing filters to keep cpu usage sane (yes they are a pain to understand and configure). – Dan Jun 25 '15 at 19:51

0 Answers0