Date: Mon, 15 Jul 2002 18:01:30 -0700 (PDT) From: admin@biowarnet.info To: rizzo@icir.org Cc: freebsd-ipfw@FreeBSD.ORG Subject: NewBie Question Message-ID: <20020715180131.2114.h008.c011.wm@mail.biowarnet.info.criticalpath.net>
next in thread | raw e-mail | index | archive | help
Hello Rizzo I would like to ask you what is the right configuration for my network here : I run FreeBSD 4.6-STABLE on server, and here i got traffic bandwidth around 80kbit/s. (from MRTG Page) I have 14 client here on my server not included server. I run squid and accept http request on port 3128 And this is the question : What sould i put on my firewall config, so every client have max http traffic bandwidth around 5kbit/s? (from 80kbit/s /14 client in my network) For a while i put these on /etc/firewall.conf case ${natd_enable} in [Yy][Ee][Ss]) if [ -n "${natd_interface}" ]; then ${fwcmd} add divert natd all from any to any via ${natd_interface} fi ;; esac # Stop RFC1918 nets on the outside interface ${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif} ${fwcmd} add deny all from 172.16.0.0/12 to any via ${oif} ${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif} # Dummynet Rules /sbin/ipfw add pipe 1 tcp from any 3128 to ${inet}:${imask} /sbin/ipfw pipe 1 config bw 40kbit/s queue 50 delay 10 mask dst-ip 0xffffff00 # Allow established connections with minimal overhead ${fwcmd} add pass tcp from any to any established I wait for your answer And I would thank very very thank you Rinto N To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020715180131.2114.h008.c011.wm>