From owner-freebsd-questions@FreeBSD.ORG Mon Feb 16 23:58:02 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BBCF816A4CE for ; Mon, 16 Feb 2004 23:58:02 -0800 (PST) Received: from mail.8ball.co.za (8ball.co.za [192.96.48.123]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9114343D1F for ; Mon, 16 Feb 2004 23:58:00 -0800 (PST) (envelope-from nelis@8ball.co.za) Received: (qmail 90317 invoked by uid 89); 17 Feb 2004 07:57:55 -0000 Received: from unknown (HELO ?192.168.10.3?) (192.168.10.3) by 192.168.10.1 with SMTP; 17 Feb 2004 07:57:55 -0000 From: Nelis Lamprecht To: FreeBSD Questions Mail List Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-WynBwUdEJlN684O9wQMa" Message-Id: <1077004673.268.67.camel@enigma.8ball.co.za> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Tue, 17 Feb 2004 09:57:53 +0200 Subject: using ipfw and ipf/ipnat together X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: nelis@8ball.co.za List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Feb 2004 07:58:02 -0000 --=-WynBwUdEJlN684O9wQMa Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi, I would like to make use of ipfw/dummynet traffic shaper and use it together with ipnat/ipf's filtering. Hope this is possible ? This is a personal preference so no need to tell me why I should just use ipfw etc.=20 Can someone suggest what I would or would not need to use in my rc.conf and kernel please. I have selected the following ( FreeBSD 5.2R ): rc.conf: ipfilter_enable=3D"YES" ipfilter_program=3D"/sbin/ipf" ipfilter_rules=3D"/etc/ipf.rules" ipfilter_flags=3D"" ipnat_enable=3D"YES" ipnat_program=3D"/sbin/ipnat" ipnat_rules=3D"/etc/ipnat.rules" ipmon_enable=3D"YES" ipmon_program=3D"/sbin/ipmon" ipmon_flags=3D"-Dsvn" ipnat_enable=3D"YES" kernel config: options IPFILTER #ipfilter support options IPFILTER_LOG #ipfilter logging options PFIL_HOOKS #required by IPFILTER options IPFILTER_DEFAULT_BLOCK #block all packets by default options IPFIREWALL #firewall options IPFIREWALL_DEFAULT_TO_ACCEPT #allow everything by defaul= t options DUMMYNET #bandwidth limiter options IPSTEALTH #support for stealth forwarding Seeing as though I'm not using ipfw filtering I thought I could just allow everything through by default. Will dummynet still work if IPFIREWALL_DEFAULT_TO_ACCEPT is set ? Any suggestions appreciated. Thanks. --=20 Nelis Lamprecht PGP: http://www.8ball.co.za/pgpkey/nelis.asc "Unix IS user friendly.. It's just selective about who its friends are." --=-WynBwUdEJlN684O9wQMa Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQBAMcmBQfIMKiRMCrERAkWwAJ9renD4gqqdxv4q8x6md6jlFkuyCwCgwbsP uBOf4wuhGYA1HkvvyMn/rjI= =e5Vg -----END PGP SIGNATURE----- --=-WynBwUdEJlN684O9wQMa--