Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 13 Sep 2006 08:25:24 +0300
From:      Odhiambo Washington <wash@wananchi.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: ipfw - bandwidth throttling (sanity check!)
Message-ID:  <20060913052524.GB11678@ns2.wananchi.com>
In-Reply-To: <200609122213.43164.list-freebsd-2004@morbius.sent.com>
References:  <20060912194907.GA44560@ns2.wananchi.com> <200609122213.43164.list-freebsd-2004@morbius.sent.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
* On 12/09/06 22:13 +0100, RW wrote:
| On Tuesday 12 September 2006 20:49, Odhiambo Washington wrote:
| > Hello Security guy ;)
| >
| > I have tried very hard to understand ipfw just for the purpose of
| > bandwidth throttling for smtp service.
| >
| > Basically, I want to throttle the bandwidth used by my SMTP
| > server outbound to _anyone_ else except my ip blocks.
| >
| > My Server is 1.2.3.4 and my ip blocks are a.b.c.d/19 and
| > e.f.g.h/20
| >
| >
| > Are the following rules sane enough?
| >
| >         ipfw pipe 1 config bw 256Kbit/s
| >         ipfw add pipe 1 tcp from 1.2.3.4 to not a.b.c.d/19 25
| >         ipfw add pipe 1 tcp from 1.2.3.4 to not e.f.g.h/20 25
| 
| This queues all outgoing smtp to the pipe. 
| 
| You also need to set  net.inet.ip.fw.one_pass=1 to avoid the packets 
| re-entering the rules on the next line.  Setting that means that the packets 
| cannot pass through dynamic rules. It is possible to use dynamic rules with 
| dummynet, but it's a pain.

Thank you so much for clarifying that. What I wanted to be clarified is
if it is true that "smtp traffic to a.b.c.d/19 and e.f.g.h/20" is NOT
being put through this pipe..

net.inet.ip.fw.one_pass=1 seems to be the default on my system. Not sure
why, but I will RTFM about it.


-Wash

http://www.netmeister.org/news/learn2quote.html

DISCLAIMER: See http://www.wananchi.com/bms/terms.php

--
+======================================================================+
    |\      _,,,---,,_     | Odhiambo Washington    <wash@wananchi.com>
Zzz /,`.-'`'    -.  ;-;;,_ | Wananchi Online Ltd.   www.wananchi.com
   |,4-  ) )-,_. ,\ (  `'-'| Tel: +254 20 313985-9  +254 20 313922
  '---''(_/--'  `-'\_)     | GSM: +254 722 743223   +254 733 744121
+======================================================================+

If only one could get that wonderful feeling of accomplishment without
having to accomplish anything.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060913052524.GB11678>