Date: Fri, 13 Sep 2002 16:04:08 -0400 From: "Scott M. Nolde" <scott@smnolde.com> To: freebsd-ipfw@freebsd.org Subject: queues and firewalling Message-ID: <20020913200408.GA90537@smnolde.com>
next in thread | raw e-mail | index | archive | help
I'm trying to set up a firewall which has (at this moment) eight queues. Four are input and four are output queues. Each queue has an associated pipe and bandwidth limitation. This is, for the most part scripted so I can add a tcp or udp port and rerun the script quickly to move things around. The generic structure is this: 1. read in defaults 2. deny certain traffic (RFC 1918) at the external nic 3. divert for NAT 4. do some custom allow and deny stuff 5. begin adding rules for queuing (include tcp, udp, and esp) 6. define pipes for the queues 7. define bandwidth for the pipes 8. pass established 9. allow tcp from my LAN to any keep state 10. allow tcp from my ext nic to LAN keep-state 11. allow tcp from any to LAN keep-state 12. allow tcp from any to ext nic keep-state 13. allow tcp from ext nic to any keep-state 14. do udp and icmp filtering... For some odd reason (pebcak?) irc, www, and other services originating from the LAN or the firewall/nat box don't ever get connected. The firewall can be found here: http://www.smnolde.com:7080/ipfw/rc.ipfw.error Pipe and queue output can be found here (near the end): http://www.smnolde.com:7080/ipfw/rc.ipfw-test.show If anyone can offer assistance I'd be most grateful. -- Scott Nolde vGPG Key 0xD869AB48 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020913200408.GA90537>