From owner-freebsd-ipfw Tue Apr 16 8:28:17 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from laptop.tenebras.com (laptop.tenebras.com [66.92.188.18]) by hub.freebsd.org (Postfix) with SMTP id B3D5B37B405 for ; Tue, 16 Apr 2002 08:28:06 -0700 (PDT) Received: (qmail 4206 invoked from network); 16 Apr 2002 15:28:06 -0000 Received: from sapphire.tenebras.com (HELO tenebras.com) (66.92.188.241) by 0 with SMTP; 16 Apr 2002 15:28:06 -0000 Message-ID: <3CBC4306.2070009@tenebras.com> Date: Tue, 16 Apr 2002 08:28:06 -0700 From: Michael Sierchio Reply-To: kudzu@tenebras.com User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.9) Gecko/20020404 X-Accept-Language: en-us, en MIME-Version: 1.0 To: saign Cc: freebsd-ipfw@freebsd.org Subject: Re: References: <200204161504.g3GF4aZ08740@cluster2.tfb.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG saign wrote: > After reading the man page for dummynet, I\'m confused! > > xeon# ipfw pipe 1 config bw 384Kbit/s > xeon# ipfw pipe 2 config bw 384Kbit/s > xeon# ipfw add pipe 1 ip from 192.168.1.19 to any out > 00400 pipe 1 ip from 192.168.1.19 to any out > xeon# ipfw add pipe 2 ip from any to 192.168.1.19 in > 00450 pipe 2 ip from any to 192.168.1.19 in > > xeon# ipfw show > 00050 827195 473961009 divert 8668 ip from any to any via fxp0 > 00100 0 0 allow ip from any to any via lo0 > 00200 0 0 deny ip from any to 127.0.0.0/8 > 00300 0 0 deny ip from 127.0.0.0/8 to any > 00400 0 0 pipe 1 ip from 192.168.1.19 to any out > 00450 4283 4567749 pipe 2 ip from any to 192.168.1.19 in Two points: 1) it's helpful to specify an interface, since all packets headed for 192.168.1.19 are seen both inbound and outbound 2) if by the second pipe rule you intend to limit outbound (upstream) traffic, remember that after being passed through natd, the address will not match 192.168.1.19 Let's suppose that ${oif} is the "outside" interface, and ${iif} is the inside interface. I believe you want (caveat: caffeine deficient) ipfw add pipe 1 from 192.168.1.19 to any in recv ${iif} ipfw add pipe 2 from any to 192.168.1.18 out xmit ${iif} To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message