[Firewall] Rate limiting / DMZ LAN settings
mark at voidzero.net
Mon Oct 9 14:05:29 MDT 2006
I am moving away from using a Speedtouch as a multi-pc router, and using
a debian box for this instead. I hope you can provide me help with
config settings, as this is a little over my head. I hope I'm not asking
for too much.
Here's my networking scheme as how I want it to be:
/ eth0 (10.0.0.1/24) to internet router, gateway 10.0.0.138/24
debian router - eth1 (172.16.1.0/29) to pc / switch
\ eth2 (172.16.2.0/29) to neighbour's router: translates DHCP'ed
IP to 192.168.2.0/24
As you can see, eth0 has incoming traffic. It has a fixed IP address.
DHCP is running for eth1 and eth2.
There's one IP on eth1 that is always assigned to the same PC, being
172.16.1.1. This IP has to be the DMZ; everything that's sent to the
router has to be forwarded to that IP except for port 80. (ICMP: only
Also the debian router must allow IPv6. It's assigned a 6to4 tunnel by
hand, and it has to pass the tunnel through using radvd.
Also, regarding rate limiting:
I'd like to cap eth2 speed to 100kB/s down, and 10kB/s upstream, OR
I'd like to give eth1 and eth2 both a fixed half speed, OR
I'd like to give eth1 all preference over eth2.
My question basically is which settings I need to touch for all of this
to work. (Except probably rate limiting; couldn't find it in the config.
Could anyone help with that?)
Thanks very much in advance,
More information about the Firewall