Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 24 Sep 2004 15:49:34 +0100 (BST)
From:      James Davis <jamesd@jml.net>
To:        Steve Bertrand <iaccounts@ibctech.ca>
Cc:        freebsd-ipfw@freebsd.org
Subject:   Re: Bridging and transparent web-cache
Message-ID:  <Pine.LNX.4.44.0409241541050.32166-100000@courgette.jml.net>
In-Reply-To: <3924.209.167.16.15.1096036044.squirrel@209.167.16.15>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Fri, 24 Sep 2004, Steve Bertrand wrote:

> Please submit the pertinent rules in your firewall script, before and
> including the fwd rules, and include some details in your actual
> setup.

Before (note that I've recompiled the kernel so that ipfw defaults to
accept and I've cut out some irrelevant lines)

James.

--

# Clear out any old rules
ipfw -q flush

# Define some bits here to make life easy
# Define the external interface (in this case rl0 if the big D-Link card)
EXTIF=rl0
INTIF=dc0

# Define the size of the pipe. It's a bit less than the total capacity
# to allow for queues

PIPESIZE=60kb/s

# Set the size of the pipe

ipfw pipe 1 config bw $PIPESIZE

# Now define the class of data within the pipe. We'll have:-

ipfw queue 1 config pipe 1 weight 3
ipfw queue 2 config pipe 1 weight 2
ipfw queue 3 config pipe 1 weight 1

# Now lets define types of traffic and assign the class to each

# Web users
ipfw add 200 queue 2 tcp from any to any dst-port 80 in via $INTIF
ipfw add 210 queue 2 tcp from any to any src-port 80 in via $EXTIF

--

Now after...

--

# Clear out any old rules
ipfw -q flush

# Define some bits here to make life easy
# Define the external interface (in this case rl0 if the big D-Link card)
EXTIF=rl0
INTIF=dc0
IP=192.168.0.76
# Define the size of the pipe. It's a bit less than the total capacity
# to allow for queues

PIPESIZE=60kb/s

# Set the size of the pipe

ipfw pipe 1 config bw $PIPESIZE

# Now define the class of data within the pipe. We'll have:-

ipfw queue 1 config pipe 1 weight 3
ipfw queue 2 config pipe 1 weight 2
ipfw queue 3 config pipe 1 weight 1

# Web users
ipfw add 150 queue 1 tcp from $IP any to any dst-port 80 out via $EXTIF
ipfw add 160 fwd 127.0.0.1 tcp from any to any dst-port 80


--
"You're turning into a penguin. Stop it"
http://jamesd.ukgeeks.co.uk/



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.44.0409241541050.32166-100000>