From owner-freebsd-ipfw@FreeBSD.ORG Wed Apr 14 08:13:39 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 90E1A16A4CE for ; Wed, 14 Apr 2004 08:13:39 -0700 (PDT) Received: from mailgw.dgrp.sk (mailgw.dgrp.sk [195.28.127.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1469643D41 for ; Wed, 14 Apr 2004 08:13:39 -0700 (PDT) (envelope-from koren@tempest.sk) Received: by mailgw.dgrp.sk (Postfix, from userid 1003) id 0D6CA4FD93; Wed, 14 Apr 2004 17:13:38 +0200 (CEST) Received: from domino1.tempest.sk (unknown [195.28.100.38]) by mailgw.dgrp.sk (Postfix) with ESMTP id 91D544FD83; Wed, 14 Apr 2004 17:13:37 +0200 (CEST) Received: from lk106.tempest.sk ([195.28.109.36]) by domino1.tempest.sk (Lotus Domino Release 6.5.1IF1) with ESMTP id 2004041417133592-1306 ; Wed, 14 Apr 2004 17:13:35 +0200 Received: from lk106.tempest.sk (localhost [127.0.0.1]) by lk106.tempest.sk (8.12.10/8.12.5) with ESMTP id i3EFDRBp084325; Wed, 14 Apr 2004 17:13:27 +0200 (CEST) (envelope-from koren@lk106.tempest.sk) Received: (from koren@localhost) by lk106.tempest.sk (8.12.10/8.12.10/Submit) id i3EFDR5R084225; Wed, 14 Apr 2004 17:13:27 +0200 (CEST) (envelope-from koren) Date: Wed, 14 Apr 2004 17:13:27 +0200 (CEST) Message-Id: <200404141513.i3EFDR5R084225@lk106.tempest.sk> From: Ludo Koren To: rizzo@icir.org In-reply-to: <20040414075644.A95599@xorpc.icir.org> (message from Luigi Rizzo on Wed, 14 Apr 2004 07:56:44 -0700) X-MIMETrack: Itemize by SMTP Server on Domino1/DGRP(Release 6.5.1IF1|March 16, 2004) at 14.04.2004 17:13:35,at 14.04.2004 17:13:37, Serialize complete at 14.04.2004 17:13:37 X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on mailgw X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.61 X-Spam-Level: cc: ipfw@freebsd.org cc: tscrum@aaawebsolution.com Subject: Re: limiting bandwith X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Apr 2004 15:13:39 -0000 >> I wrote `interactive' (ticks), and I meant addresses that are >> used to connect to ssh, web, etc (interactive processes). All >> these addresses are NAT-ed. For these, your setup is working >> fine. Thank you very much. >> >> The problem, I still have, is the following: the SMTP is >> flowing through, I am not relaying e-mail on this host. It >> seems to me, I cannot put together a rule which pass the >> traffic and add it to the queue except when I use keep-state >> flag. In this setup (keep-state), Luigi wrote it does not work. > i said your configuration does not work the way you want. It > is possible to write a proper configuration that does what you > want but it is left as an exercise to the reader. That I had understand. The problem is, the exercise I don't know to do, even I tried hard several days... call me stupid... The setup is: pass 2 mail servers without NAT and add the traffic from the LAN to WAN to the queue and limit it (or weigth it). If I add: ipfw add queue 3 tcp from A to B 25 ipfw queue 3 config weight 1 pipe 10 mask src-ip 0x000000ff ipfw pipe 10 config bw 256Kbit/s and remove all rules with keep-state, it stops working. > cheers luigi Regards, lk