From owner-freebsd-ipfw@FreeBSD.ORG Fri Sep 24 14:49:35 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E97C616A4CE for ; Fri, 24 Sep 2004 14:49:35 +0000 (GMT) Received: from courgette.jml.net (courgette.jml.net [195.82.120.214]) by mx1.FreeBSD.org (Postfix) with ESMTP id AF85843D3F for ; Fri, 24 Sep 2004 14:49:35 +0000 (GMT) (envelope-from jamesd@jml.net) Received: from localhost ([127.0.0.1]) by courgette.jml.net with esmtp (Exim 4.30) id 1CArOA-0008Tk-Nv; Fri, 24 Sep 2004 15:49:34 +0100 Date: Fri, 24 Sep 2004 15:49:34 +0100 (BST) From: James Davis To: Steve Bertrand In-Reply-To: <3924.209.167.16.15.1096036044.squirrel@209.167.16.15> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-ipfw@freebsd.org Subject: Re: Bridging and transparent web-cache X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Sep 2004 14:49:36 -0000 On Fri, 24 Sep 2004, Steve Bertrand wrote: > Please submit the pertinent rules in your firewall script, before and > including the fwd rules, and include some details in your actual > setup. Before (note that I've recompiled the kernel so that ipfw defaults to accept and I've cut out some irrelevant lines) James. -- # Clear out any old rules ipfw -q flush # Define some bits here to make life easy # Define the external interface (in this case rl0 if the big D-Link card) EXTIF=rl0 INTIF=dc0 # Define the size of the pipe. It's a bit less than the total capacity # to allow for queues PIPESIZE=60kb/s # Set the size of the pipe ipfw pipe 1 config bw $PIPESIZE # Now define the class of data within the pipe. We'll have:- ipfw queue 1 config pipe 1 weight 3 ipfw queue 2 config pipe 1 weight 2 ipfw queue 3 config pipe 1 weight 1 # Now lets define types of traffic and assign the class to each # Web users ipfw add 200 queue 2 tcp from any to any dst-port 80 in via $INTIF ipfw add 210 queue 2 tcp from any to any src-port 80 in via $EXTIF -- Now after... -- # Clear out any old rules ipfw -q flush # Define some bits here to make life easy # Define the external interface (in this case rl0 if the big D-Link card) EXTIF=rl0 INTIF=dc0 IP=192.168.0.76 # Define the size of the pipe. It's a bit less than the total capacity # to allow for queues PIPESIZE=60kb/s # Set the size of the pipe ipfw pipe 1 config bw $PIPESIZE # Now define the class of data within the pipe. We'll have:- ipfw queue 1 config pipe 1 weight 3 ipfw queue 2 config pipe 1 weight 2 ipfw queue 3 config pipe 1 weight 1 # Web users ipfw add 150 queue 1 tcp from $IP any to any dst-port 80 out via $EXTIF ipfw add 160 fwd 127.0.0.1 tcp from any to any dst-port 80 -- "You're turning into a penguin. Stop it" http://jamesd.ukgeeks.co.uk/