Date: Wed, 22 Oct 2003 02:05:16 +0400 (MSD) From: "."@babolo.ru To: Aleksandar Simonovski <aleksandar@unet.com.mk> Cc: freebsd-net@freebsd.org Subject: Re: natd+ipfw+trafic shaping Message-ID: <1066773916.587296.759.nullmailer@cicuta.babolo.ru> In-Reply-To: <20031021151122.486f6060.aleksandar@unet.com.mk>
next in thread | previous in thread | raw e-mail | index | archive | help
Remember that rules checked twice if not defined "in" or "out". Look at net.inet.ip.fw.one_pass sysctl > Hi all, > can anyone explane why this rules doesn't work: > > rl0 EXTINF > rl1 INTINF > > add 1000 divert 8668 ip from any to any via rl0 > add 1200 allow ip from any to any via lo0 > add 1300 deny ip from any to 127.0.0.1/8 > add 1400 deny ip from 127.0.0.1/8 to any > add 1500 check-state > add 1550 allow icmp from any to any keep-state > add 1600 allow log udp from any to any 53 keep-state > add 1700 queue 1 log tcp from 192.168.1.0/24 to any 20,21,22,23 keep-state > add 1800 queue 1 log tcp from any 20,21,22,23 to 192.168.1.0/24 keep-state > #add 1900 allow log udp from any 137 to any keep-state > add 2000 allow log tcp from 192.168.1.0/24 to any 80 keep-state > add 2100 deny log ip from any to any > queue 1 config weight 10 pipe 1 mask src-ip 0xffffff00 > queue 1 config weight 10 pipe 1 mask dst-ip 0xffffff00 > pipe 1 config bw 128kbit/s > > and when i change "192.168.1.0/24" to "any" it works but the trafic shaping is not > as it should be. I now this has something to do with natd and rule 1000 > but that's the thing that confuses me,how can i limit or allow trafix to the local net (192.168.1.0/24) > any help would be appreciated > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1066773916.587296.759.nullmailer>