Date: Fri, 04 Jun 2004 15:00:48 +0200 From: Nelis Lamprecht <nelis@8ball.co.za> To: FreeBSD Questions Mail List <questions@freebsd.org> Subject: Re: ipnat and ipfw dummynet Message-ID: <1086354047.10140.9.camel@nelis.brabys.co.za> In-Reply-To: <1086352973.9330.29.camel@nelis.brabys.co.za> References: <1086352973.9330.29.camel@nelis.brabys.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-1n5Kdpo0pKsa5TqbMh6k Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Sorry, I failed to point out my current network configuration. I have 2 internal networks which use NAT, one class C ( 192.96.48.0/24 ) and one rfc1918 ( 192.168.1.0/24 ). The internal interface(bge1) is configured with the class c network and I have added a route to bge1 for 192.168.1.0/24. All traffic on the 192.96.48.0/24 network internally is routed via the gateway to get to the 192.168.1.0 network. Hope that makes sense. Nelis On Fri, 2004-06-04 at 14:43, Nelis Lamprecht wrote: > Hi, >=20 > I'm interested to hear how people utilise dummynet in a NAT environment. > How does one create a pipe for a NAT network without effecting the > actual LAN speed ? For example, on the gateway: >=20 > $fwcmd add pipe 1 ip from 192.168.1.0/24 to any out > $fwcmd add pipe 2 ip from any to 192.168.1.0/24 in > $fwcmd pipe 1 config bw 128Kbit/s > $fwcmd pipe 2 config bw 128Kbit/s >=20 > The above example would be fine if 192.168.1.0/24 were only talking to > the internet but unfortunately it also effects the machines from talking > to each other internally. The only interface you can specify is the > internal interface(bge1) because this is the only time that ipfw will > see the addresses before they are passed to NAT(ipnat) and will not be > seen on the external interface(bge0). So basically the above example > should be written as: >=20 > $fwcmd add pipe 1 ip from 192.168.1.0/24 to any out via bge1 > $fwcmd add pipe 2 ip from any to 192.168.1.0/24 in via bge1 >=20 > This however will also give 192.168.1.0/24 an internal LAN speed of > 128Kbit/s which is to say quite humorous ;-) >=20 > What is the solution to this ? ..I'm obviously missing something. The > internal interface is not firewalled. >=20 >=20 > Many thanks, --=20 Nelis Lamprecht PGP: http://www.8ball.co.za/pgpkey/nelis.asc "Unix IS user friendly.. It's just selective about who its friends are." --=-1n5Kdpo0pKsa5TqbMh6k Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQBAwHJ/QfIMKiRMCrERArMHAJ0T3M1Zjv1hSo7nH/ixvDANphr7BwCdEcRL pgiS09UhJTegkwFSxAA9vHw= =LxLN -----END PGP SIGNATURE----- --=-1n5Kdpo0pKsa5TqbMh6k--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1086354047.10140.9.camel>