[Techtalk] Limiting bandwidth (apache/iptables)
Magni Onsoien
magnio+lc-techtalk at pvv.ntnu.no
Wed Oct 23 16:07:42 EST 2002
I run several servers behind a 2Mbps link. They are mainly mailservers
for an important governmental project, and the capacity is more than
enough for that. However, one of the servers is also a webserver and
this may eat a bit too much of the capacity (i.e. all) for short peaks
when a client (on the outside) downloads big files from it. (This only
occurs when the client has more bandwidth than this system, and with the
user profile of this system (mostly accountants and small enteprises)
this is rather rare...)
In order to make sure mail always get through the link, I'd like to use
some kind of bandwidth limitations on the webserver so the webserver can
only use 1.5Mbps of the bandwidth.
I am not sure about what kind of bandwidth limitation implementations
that are available. I thought about using some module in Apache and had
a look at mod_throttle, but as this module rejects (as far as Iunderstood)
requests when the limit is reached, it isn't exactly what I want. I
simply want to decrease the available bandwidth, not give clients
strange error messages about "connection refused" or whatever...
I also read the Bandwidth Limiting HOWTO, but this seemed to be mostly
aimed at restricting the available bandwidth when downloading from outside,
i.e. opposite of what I want (I think). It also involves squid, which I
hoped to avoid since it's not a part of the system and there are
restrictions on what we can do with the services without permission from
the owners of the system (it's not a problem to get permission, but it
will require a lot of testing and will be a completely new component in
the system).
I thought I could do this with iptables, but I am not able to find the
source I think I read this in... I think it was a page with information
about different "cool" things to do with iptables, like limiting acess
at certain parts of day etc.
Anyway, can I use iptables to limit bandwidth, preferably without
recompiling the kernel?
The server in question is running RedHat 7.2 (will be 7.3) with a
2.4.18-17.7 kernel (from RedHat). Apache 1.3.22-6, iptables 1.2.5-3
(both from RedHat RPMs).
Any tips welcome :)
Magni :)
--
sash is very good for you.
More information about the Techtalk
mailing list