Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 20 Apr 2002 16:34:24 -0700
From:      Michael Loftis <mloftis@wgops.com>
To:        saign <saign@tfb.com>
Cc:        freebsd-ipfw@FreeBSD.ORG
Subject:   Re: 
Message-ID:  <3CC1FB00.5040600@wgops.com>
References:  <200204161504.g3GF4aZ08740@cluster2.tfb.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
*blink*
*blink*

The problem is your NAT line.  After 00050 there is no external IP on 
outbound packets.  After the divert line everything coming in is 
converted to internal representation, and everything going out is 
converted to external representation.  Therefore 00400 needs to be 
modified to have the external address instead of the internal 
(192.168.x.x) address.

saign wrote:

>After reading the man page for dummynet, I\'m confused!
>
>xeon# ipfw pipe 1 config bw 384Kbit/s
>xeon# ipfw pipe 2 config bw 384Kbit/s
>xeon# ipfw add pipe 1 ip from 192.168.1.19 to any out
>00400 pipe 1 ip from 192.168.1.19 to any out
>xeon# ipfw add pipe 2 ip from any to 192.168.1.19 in
>00450 pipe 2 ip from any to 192.168.1.19 in
>
>xeon# ipfw show
>00050  827195  473961009 divert 8668 ip from any to any via fxp0
>00100       0          0 allow ip from any to any via lo0
>00200       0          0 deny ip from any to 127.0.0.0/8
>00300       0          0 deny ip from 127.0.0.0/8 to any
>00400       0          0 pipe 1 ip from 192.168.1.19 to any out
>00450    4283    4567749 pipe 2 ip from any to 192.168.1.19 in
>65000 1732420 1009118949 allow ip from any to any
>65535       0          0 deny ip from any to any
>
>xeon# ipfw pipe list
>00001: 384.000 Kbit/s    0 ms   50 sl. 0 queues (1 buckets) 
>droptail
>    mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
>00002: 384.000 Kbit/s    0 ms   50 sl. 0 queues (1 buckets) 
>droptail
>    mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
>
>System is a router/dhcpd box. fxp0 is inet, fxp1 is internal
>
>Shouldn\'t the above \"cap\" both directions @ 384?
>It appears to only cap download, but not upload.
>
>-Tony
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-ipfw" in the body of the message
>



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CC1FB00.5040600>