Re: natd+ipfw+trafic shaping

_at_babolo.ru
Date: 10/22/03

  • Next message: Barney Wolff: "Re: Help Broadcasting a UDP packet on the LAN:URGENT" 
    To: Aleksandar Simonovski <aleksandar@unet.com.mk>
Date: Wed, 22 Oct 2003 02:05:16 +0400 (MSD)

    Remember that rules checked twice
    if not defined "in" or "out".
    Look at net.inet.ip.fw.one_pass sysctl

    > Hi all,
    > can anyone explane why this rules doesn't work:
    >
    > rl0 EXTINF
    > rl1 INTINF
    >
    > add 1000 divert 8668 ip from any to any via rl0
    > add 1200 allow ip from any to any via lo0
    > add 1300 deny ip from any to 127.0.0.1/8
    > add 1400 deny ip from 127.0.0.1/8 to any
    > add 1500 check-state
    > add 1550 allow icmp from any to any keep-state
    > add 1600 allow log udp from any to any 53 keep-state
    > add 1700 queue 1 log tcp from 192.168.1.0/24 to any 20,21,22,23 keep-state
    > add 1800 queue 1 log tcp from any 20,21,22,23 to 192.168.1.0/24 keep-state
    > #add 1900 allow log udp from any 137 to any keep-state
    > add 2000 allow log tcp from 192.168.1.0/24 to any 80 keep-state
    > add 2100 deny log ip from any to any
    > queue 1 config weight 10 pipe 1 mask src-ip 0xffffff00
    > queue 1 config weight 10 pipe 1 mask dst-ip 0xffffff00
    > pipe 1 config bw 128kbit/s
    >
    > and when i change "192.168.1.0/24" to "any" it works but the trafic shaping is not
    > as it should be. I now this has something to do with natd and rule 1000
    > but that's the thing that confuses me,how can i limit or allow trafix to the local net (192.168.1.0/24)
    > any help would be appreciated
    > _______________________________________________
    > freebsd-net@freebsd.org mailing list
    > http://lists.freebsd.org/mailman/listinfo/freebsd-net
    > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
    >
    _______________________________________________
    freebsd-net@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-net
    To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

  • Next message: Barney Wolff: "Re: Help Broadcasting a UDP packet on the LAN:URGENT"