Date: Wed, 26 Sep 2007 11:05:46 -0400 From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> To: "Edgardo Nuevo" <darknighter@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Bandwidth filter with ipfw don't work Message-ID: <44sl51fovp.fsf@be-well.ilk.org> In-Reply-To: <a9a1b1c00709250110y3c192f41g9e1dc4fb5861aaf3@mail.gmail.com> (Edgardo Nuevo's message of "Tue\, 25 Sep 2007 03\:10\:04 -0500") References: <a9a1b1c00709250110y3c192f41g9e1dc4fb5861aaf3@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Edgardo Nuevo" <darknighter@gmail.com> writes:
> Hi
> I have Freebsd 6,2 with 2 cards of network, vr1 (10.0.1.10 with access
> to Internet), vr0 (192.168.1.1 internal network), I have configured
> ipfw + dummynet, when I configure a PC with 192.168.1.x does not work,
> but I put an IP type 10.0.1.x its works, what's error?
Can't tell from that. Have you checked ipfw counters to see which
rules are dropping the packets (if any)? Have you tried with no drop
rules at all? Do you have a route for the 192.168.1.x subnet on the
router?
> ############### firewall.rules ###############
> -f flush
> add 0012 skipto 20 all from any to any not layer2 in via vr0
> # Define MAC's users
> add 0013 skipto 20 all from any to any { MAC 00:1b:24:3b:4f:xx any or
> MAC any 00:1b:24:3b:4f:xx } layer2
> add 0014 skipto 20 all from any to any { MAC 00:1b:24:25:yy:69 any or
> MAC any 00:1b:24:25:yy:69 } layer2
>
> #Deny MACs not defined
> add 0019 deny log logamount 100 ip from any to any MAC any any layer2 via vr0
>
> # Enable NAT
> add 0020 divert natd all from any to any via vr1
>
> # Define pipe per MAC's
> add pipe 1 ip from any to any MAC 00:1b:24:3b:4f:xx any in via vr0
> add pipe 2 ip from any to any MAC any 00:1b:24:3b:4f:xx in via vr0
>
> add pipe 3 ip from any to any MAC 00:1b:24:25:yy:69 any
> add pipe 4 ip from any to any MAC any 00:1b:24:25:yy:69
>
> # Define bandwith per pipe
> pipe 1 config bw 50Kbit/s
> pipe 2 config bw 50Kbit/s
>
> pipe 3 config bw 6Kbit/s
> pipe 4 config bw 6Kbit/s
>
> add 0500 allow all from any to any
> #######################################################
>
> ############### sysctl.conf ###############
> net.link.ether.bridge.enable=1
> net.link.ether.bridge_cfg=vr1:1,vr0:2
> net.link.ether.bridge_ipfw=1
> net.ip.dummynet.debug=1
> net.inet.ip.fw.enable=1
> net.link.ether.ipfw=1
> #######################################################
>
> Thanks
>
> Dark Night Rider
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
>
--
Lowell Gilbert, embedded/networking software engineer, Boston area
http://be-well.ilk.org/~lowell/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44sl51fovp.fsf>