Date: Mon, 15 Jul 2002 18:01:30 -0700 (PDT) From: admin@biowarnet.info To: rizzo@icir.org Cc: freebsd-ipfw@FreeBSD.ORG Subject: NewBie Question Message-ID: <20020715180131.2114.h008.c011.wm@mail.biowarnet.info.criticalpath.net>
next in thread | raw e-mail | index | archive | help
Hello Rizzo
I would like to ask you what is the right configuration
for my network here :
I run FreeBSD 4.6-STABLE on server, and here i got
traffic bandwidth around 80kbit/s. (from MRTG Page)
I have 14 client here on my server not included server.
I run squid and accept http request on port 3128
And this is the question :
What sould i put on my firewall config, so every client
have max http traffic bandwidth around 5kbit/s? (from
80kbit/s /14 client in my network)
For a while i put these on /etc/firewall.conf
case ${natd_enable} in
[Yy][Ee][Ss])
if [ -n "${natd_interface}" ]; then
${fwcmd} add divert natd all
from any to any via ${natd_interface}
fi
;;
esac
# Stop RFC1918 nets on the outside interface
${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif}
${fwcmd} add deny all from 172.16.0.0/12 to any via
${oif}
${fwcmd} add deny all from 192.168.0.0/16 to any via
${oif}
# Dummynet Rules
/sbin/ipfw add pipe 1 tcp from any 3128 to
${inet}:${imask}
/sbin/ipfw pipe 1 config bw 40kbit/s queue 50 delay 10
mask dst-ip 0xffffff00
# Allow established connections with minimal overhead
${fwcmd} add pass tcp from any to any established
I wait for your answer
And I would thank very very thank you
Rinto N
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020715180131.2114.h008.c011.wm>