[LARTC] 2 Questions on filtering incoming stuff

[Ed Wildgoose]

>> This might also be useful for setting up a bandwidth filter PC using 
>> only a single net card for example (assuming you don't worry about 
>> people bypassing it manually)
>
> Yeah, i've wondered if you could do that and get it working.


Yeah, I have a very limited implementation of this "working" right now.  
The problem is that there is no concept of direction on a single interface.

I think that it could be bodged by creating a 100mbit queue with a small 
ADSL sized queue underneath, and using iptables to redirect to the 
actual classes based on source and dest ip (ie you keep stuff on the 
network in the 100mbit queue and just limit the stuff with a non local 
source address.  In the same way I guess I could also rate limit 
incoming stuff from the net using the IMQ attached to incoming device, 
and iptables only bringing in external traffic to the queue..

Can't see any reason why it wouldn't work, but hey, I only read the 
HOWTO and haven't tried it yet...

I wonder what can be attached to TAP/TUN devices though?  Sure would be 
useful to have a virtual net card so that you can acquire "direction" 
from a single physical card.

In my case I am interested because I am thinking about misusing this PC 
to do both traffic shaping, and perhaps run a few net services under 
usermode-linux.  The usermode sessions need to be shaped as well.

Thanks

Ed W