Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 17 Feb 2004 09:57:53 +0200
From:      Nelis Lamprecht <nelis@8ball.co.za>
To:        FreeBSD Questions Mail List <questions@freebsd.org>
Subject:   using ipfw and ipf/ipnat together
Message-ID:  <1077004673.268.67.camel@enigma.8ball.co.za>
next in thread | raw e-mail | index | archive | help 

--=-WynBwUdEJlN684O9wQMa
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Hi,

I would like to make use of ipfw/dummynet traffic shaper and use it
together with ipnat/ipf's filtering. Hope this is possible ? This is a
personal preference so no need to tell me why I should just use ipfw
etc.=20

Can someone suggest what I would or would not need to use in my rc.conf
and kernel please. I have selected the following ( FreeBSD 5.2R ):

rc.conf:

ipfilter_enable=3D"YES"
ipfilter_program=3D"/sbin/ipf"
ipfilter_rules=3D"/etc/ipf.rules"
ipfilter_flags=3D""
ipnat_enable=3D"YES"
ipnat_program=3D"/sbin/ipnat"
ipnat_rules=3D"/etc/ipnat.rules"
ipmon_enable=3D"YES"
ipmon_program=3D"/sbin/ipmon"
ipmon_flags=3D"-Dsvn"
ipnat_enable=3D"YES"

kernel config:

options         IPFILTER                #ipfilter support
options         IPFILTER_LOG            #ipfilter logging
options         PFIL_HOOKS              #required by IPFILTER
options         IPFILTER_DEFAULT_BLOCK  #block all packets by default
options         IPFIREWALL              #firewall
options         IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by defaul=
t
options         DUMMYNET                #bandwidth limiter
options         IPSTEALTH               #support for stealth forwarding

Seeing as though I'm not using ipfw filtering I thought I could just
allow everything through by default. Will dummynet still work if
IPFIREWALL_DEFAULT_TO_ACCEPT is set ?

Any suggestions appreciated.

Thanks.

--=20
Nelis Lamprecht
PGP: http://www.8ball.co.za/pgpkey/nelis.asc
"Unix IS user friendly.. It's just selective about who its friends are."

--=-WynBwUdEJlN684O9wQMa
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (FreeBSD)

iD8DBQBAMcmBQfIMKiRMCrERAkWwAJ9renD4gqqdxv4q8x6md6jlFkuyCwCgwbsP
uBOf4wuhGYA1HkvvyMn/rjI=
=e5Vg
-----END PGP SIGNATURE-----

--=-WynBwUdEJlN684O9wQMa--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1077004673.268.67.camel>