Text Size

Use Vyatta to Limit Guest Network Bandwidth

A problem many of us have in our offices or our homes is the need to have Guest access to our network but not hog all the bandwidth. What I did here is use Vyatta Quality of Service (QoS) settings to limit the bandwidth on a guest network through a traffic shaping policy. You can add other QoS rules like prioritizing VIOP if you wish but as that is more complex, I'm not covering it in this article, I'm just focusing on all bandwidth.

Add a comment

Read more: Use Vyatta to Limit Guest Network Bandwidth

Vyatta Multi Interface Traffic Shaping

As a follow-up to my Traffic Shaping article, I was asked how this could be applied to multiple subnets with different speeds. Fortunately, it's very easy to configure.

This article assumes that Vyatta has three network interfaces

eth0 - In my case, this is the main interface the connects to the internet
eth1 - This is my Guest network that I want limited
eth2 - This is my Virtual Machine network that will have a different limit.

Add a comment

Read more: Vyatta Multi Interface Traffic Shaping

Publish an internal web server with Vyatta

So you have Vyatta running and you want to publish your interal webserver to the internet. This is a simple article on how to forward internet requests to the external Vyatta interface to an internal server. Some call it Port Forwarding but Vyatta calls this DNAT. They have a few examples listed in the security documentation but I think the documentation is missing this example. You can easily use to open any other type of server to the internet you just need to change the destination port.

First, login to the Vyatta console and enter configuration mode, this is done by typing “configure” in the console.


Now lets create a rule to open the internal webserver to the internet.
Before we begin I need to let you know the assumptions that are made below. First, the extenal interface is eth1. Second, I'm forwarding HTTP. Third, the IP address is
I also want to point out that I do not apply a outside-address as the Vyatta documentation shows. This is not needed unless you have multiple external IP address and want to have a one to one IP address mapping.

#set service nat rule 20 type destination
#set service nat rule 20 inbound-interface eth1
#set service nat rule 20 protocol tcp
#set service nat rule 20 destination port http
#set service nat rule 20 inside-address address
Now anyone on the internet should be able to access your internal web server.

If you want to publish HTTPS, simply use this above rule as a template and increment the rule by one and change “port http” to “port https”. This will forward both http and https ports to your internal web server.

If you don’t increment the rule by one, you will overwrite nat rule 10 instead of creating nat rule 11.

Happy Routing!

Add a comment

Tech Stocks

Warning: Invalid argument supplied for foreach() in /home/sohowe5/public_html/tonystech.com/modules/mod_rokstock/lib/googlestock.class.php on line 71


If you like the site and feel the need to donate to help support the site, you can do it here.

Login Form