I have a linux server providing NAT to a large subnet (/16) using iptables to-destination + multiple external ip's to survive port exhaustion.
I've looked at using tc / htb such as here Limiting bandwidth on internal interface on Linux gateway but it looks like it's not designed to do per host policing.
I'm not looking to evenly distribute my uplink or guarantee service, I need to make sure no single ip / mac can use more than 2Mbps symmetric. Internal traffic can be unlimited, not that I could control it from the gateway anyway.
Is there any way to do this without 65534 tc queues?
All NAT clients communicate via eth0. eth1 is for management, eth2 gateway all internet bound packets leave here, eth3 and higher extra external ip's for receiving only.