From owner-freebsd-ipfw@FreeBSD.ORG Wed Nov 19 06:16:41 2014 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 852354EB for ; Wed, 19 Nov 2014 06:16:41 +0000 (UTC) Received: from smtp.rlwinm.de (smtp.rlwinm.de [IPv6:2a01:4f8:201:31ef::e]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 49552115 for ; Wed, 19 Nov 2014 06:16:41 +0000 (UTC) Received: from hexe.rlwinm.de (p57A7D672.dip0.t-ipconnect.de [87.167.214.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.rlwinm.de (Postfix) with ESMTPSA id 09EF2C324 for ; Wed, 19 Nov 2014 07:16:37 +0100 (CET) Message-ID: <546C35C5.8010702@rlwinm.de> Date: Wed, 19 Nov 2014 07:16:37 +0100 From: Jan Bramkamp User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Subject: Re: FreeBSD max pipe size? References: <543C4825.6030901@nyi.net> In-Reply-To: Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Nov 2014 06:16:41 -0000 On 14.10.2014 00:13, Michael Sierchio wrote: > On Mon, Oct 13, 2014 at 2:46 PM, Jack Barber wrote: > >> I am trying to set up dummynet with FreeBSD 9.3 and a 10 GB Fibre over >> ethernet NIC (ix drivers). >> >> Dummynet appears to have a limit of 1.25 gigabits a second, and when I >> start setting extremely large pipe values I start running into: IIRC dummynet stores the pipe bandwidth in bits per seconds in a 32 bit integer. This limits dummynet to ca. 4.2Gb/s. I don't know if this representation is exported as part of a KBI. If it is changing it to a 64 bit integer would break the KBI and will probably require someone to push for the change in 11-CURRENT and a set of compatible APIs for 10-STABLE and maybe even 9-STABLE. From owner-freebsd-ipfw@FreeBSD.ORG Wed Nov 19 06:42:19 2014 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7EDE79F9 for ; Wed, 19 Nov 2014 06:42:19 +0000 (UTC) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 5319A3D1 for ; Wed, 19 Nov 2014 06:42:18 +0000 (UTC) Received: from Julian-MBP3.local (50-196-156-133-static.hfc.comcastbusiness.net [50.196.156.133]) (authenticated bits=0) by vps1.elischer.org (8.14.9/8.14.9) with ESMTP id sAJ6gETc088851 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Tue, 18 Nov 2014 22:42:17 -0800 (PST) (envelope-from julian@freebsd.org) Message-ID: <546C3BC0.8090903@freebsd.org> Date: Wed, 19 Nov 2014 14:42:08 +0800 From: Julian Elischer User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Subject: Re: Questions about ipfw References: In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Nov 2014 06:42:19 -0000 On 11/15/14, 12:13 AM, Egoitz Aurrekoetxea wrote: > Good afternoon, > > I wanted to formulate a couple of questions I’m doing my self some time ago. > > 1 - With Linux, Iptables and mod_conntrack_ftp you can allow only connecting to unprivileged port ranges for > ftp passive mode to ip addresses who have properly established a tcp/21 port connection. Is this possible in > FreeBSD with ipfw?. I believe not, though you maybe able to use nat to achieve this as it has an ftp module. I t requires understanding the protocol.. ipfw tries to not know about protocols. > 2.- I am a client A connecting to public ip 1.1.1.1 (for example) of host B. I want this packets at B to be redirected to host C > but changing the source address of A from that packets with the ip address of B. Later when B receives back the answer of C > that packets from the answer to be redirected to A changing B destination ip address to A destination ip address. So when telnetting > from client A to host B for example to port 5000, really, to be telnetting host C port 5000 for example and work this telnet properly from A. > > The most important question is number two. Could you help me please?. this is possibly doable with the NAT module or divert+natd. We generally do not change the source address, but there are options for nat for reverse nating that may help. > > Best regards. > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > >