natd+ipfw+trafic shaping

• Previous message: Bruce M Simpson: "Re: Help Broadcasting a UDP packet on the LAN:URGENT"
• Next in thread: _at_babolo.ru: "Re: natd+ipfw+trafic shaping"
• Reply: _at_babolo.ru: "Re: natd+ipfw+trafic shaping"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Tue, 21 Oct 2003 15:11:22 +0200
To: freebsd-net@freebsd.org

Hi all,
can anyone explane why this rules doesn't work:

rl0 EXTINF
rl1 INTINF

add 1000 divert 8668 ip from any to any via rl0
add 1200 allow ip from any to any via lo0
add 1300 deny ip from any to 127.0.0.1/8
add 1400 deny ip from 127.0.0.1/8 to any
add 1500 check-state
add 1550 allow icmp from any to any keep-state
add 1600 allow log udp from any to any 53 keep-state
add 1700 queue 1 log tcp from 192.168.1.0/24 to any 20,21,22,23 keep-state
add 1800 queue 1 log tcp from any 20,21,22,23 to 192.168.1.0/24 keep-state
#add 1900 allow log udp from any 137 to any keep-state
add 2000 allow log tcp from 192.168.1.0/24 to any 80 keep-state
add 2100 deny log ip from any to any
queue 1 config weight 10 pipe 1 mask src-ip 0xffffff00
queue 1 config weight 10 pipe 1 mask dst-ip 0xffffff00
pipe 1 config bw 128kbit/s

and when i change "192.168.1.0/24" to "any" it works but the trafic shaping is not
as it should be. I now this has something to do with natd and rule 1000
but that's the thing that confuses me,how can i limit or allow trafix to the local net (192.168.1.0/24)
any help would be appreciated
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

• Previous message: Bruce M Simpson: "Re: Help Broadcasting a UDP packet on the LAN:URGENT"
• Next in thread: _at_babolo.ru: "Re: natd+ipfw+trafic shaping"
• Reply: _at_babolo.ru: "Re: natd+ipfw+trafic shaping"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: SMP and networking under FreeBSD 5.3 ... $ipfw_cmd add deny all from 127.0.0.1 to 127.0.0.1 ... $ipfw_cmd add allow udp from x.x.x.x y to x.x.255.255 y via ... $INTERNET_IFACE keep-state ... $ipfw_cmd add allow icmp from $FULL_LAN to any out xmit ... (freebsd-questions) RE: IPFW acting weird OR invalid ruleset? ... so reading the ruleset the traffic will behave (referring to your ... then by 61001 (without a keep-state). ... If you want to debug the current ruleset add logging to the deny rules ... Second section to allow/deny traffic directly to the firewall. ... (freebsd-questions) Re: IPFW problem ... Begin with a structured ruleset such as the following and build from there. ... deny ip from me to any ... allow icmp from any to me icmptypes 3,4,8,11 keep-state ... $cmd 00005 allow all from any to any via rl1 ... (freebsd-net) ipfw intricacies? ... I have a fbsd box that runs its own firewall.. ... 00904 allow udp from any to any dst-port 520 ... 00200 deny ip from any to 127.0.0.0/8 ... 01002 allow ip from any to any in dst-port 1-1024 keep-state ... (freebsd-questions) Re: Advanced IPFW2 Forward rule problem / bug / misunderstanding ... leave the port forwarding to you. ... interface vr0 ... deny egress from internal hosts ... 216.232.85.xxx/23 or 24.85.9x.xxx/22} keep-state add forward 142.179.104.254 ip from 142.179.109.xxx to any keep-state add forward 216.232.84.254 ip from 216.232.85.xxx to any keep-state add forward 24.85.92.1 ip from 24.85.9x.xxx to any keep-state add forward 24.85.92.1 ip from 24.85.9x.xxx to any keep-state add allow ip from me to any keep-state ... (freebsd-questions)