From owner-freebsd-questions@FreeBSD.ORG Wed Aug 17 04:02:36 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 96EBC16A41F for ; Wed, 17 Aug 2005 04:02:36 +0000 (GMT) (envelope-from heccjj1@gmail.com) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id 302F643D46 for ; Wed, 17 Aug 2005 04:02:36 +0000 (GMT) (envelope-from heccjj1@gmail.com) Received: by zproxy.gmail.com with SMTP id 8so59406nzo for ; Tue, 16 Aug 2005 21:02:35 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=BQH6Hf2mVqwp6V8kQUIj8gees/yQZkVVwh2i930sMVq1zPQrrqXmVjniT30wNvJfJ5HBnx6zexWLtVVuqTVcKx40Wd7mIJ2bHba1pLrImxl6F/k+MRsP2w8AylYwfMuM/tpvKeBo6nsS09OVY/J7H0zf5FKTVRgR2cHDHGEz2Xo= Received: by 10.36.24.5 with SMTP id 5mr152433nzx; Tue, 16 Aug 2005 21:02:35 -0700 (PDT) Received: by 10.36.227.25 with HTTP; Tue, 16 Aug 2005 21:02:35 -0700 (PDT) Message-ID: <6f9d8a505081621024e34f9ff@mail.gmail.com> Date: Wed, 17 Aug 2005 12:02:35 +0800 From: he ccjj To: freebsd-questions@freebsd.org In-Reply-To: <6f9d8a5050816210169f248ff@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <6f9d8a505080922315e2bc928@mail.gmail.com> <20050810093428.62d11299@apircalabu.dsd.ro> <6f9d8a5050816210169f248ff@mail.gmail.com> Subject: Fwd: How to limit the nat's stream speed? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Aug 2005 04:02:36 -0000 Good,I use your method to solute the problem,i do like this: add dummynet_enabe=3D"YES" to /boot/loader.conf then add these lines to /etc/rc.firewall: ${fwcmd} add pipe 1 ip from ${inet} to any out limit src-addr 400 ${fwcmd} add pipe 2 ip from any to ${inet} in limit src-addr 400 ${fwcmd} pipe 1 config delay 2ms bw 10Mbit/s ${fwcmd} pipe 2 config delay 2ms bw 10Mbit/s yeah! But the speed was limited to about 350KB/s when i download enven in LAN! I changed scr-add and delay and bw,it's like that have no effect except deleting delay 2ms(about 800KB/s without delay). The users of LAN will hate me from now! :< 2005/8/10, Adi Pircalabu : > On Wed, 10 Aug 2005 13:31:28 +0800 > he ccjj wrote: > > > I use freebsd5.4+ipfw+natd to setup a box for sharing internet,it's > > work fine.But i have a very serious problem: > > Some computer of my inner user was attacked by virus,they make very > > big volume of stream to internet,so the natd will occupy almost all > > the cpu,the others can't visit internet at all !! Is there a solution > > to limit the natd's cpu occupancy or limit every user's stream speed? > > You may take a look at ipfw(8) manpage and search for dummynet > configuration. > For example, if you know the offending IP, you can try something like > this: > > kldload dummynet > ipfw pipe ${pipe-num} config bw ${max-bw} > ipfw add ${rule-num} pipe ${pipe-num} ip from ${offending-IP} to any > > It's a very simple example, take it as a starting point. > Bye > > -- > Adi Pircalabu (PGP Key ID 0x04329F5E) > > > -- > This message was scanned for spam and viruses by BitDefender. > For more information please visit http://www.bitdefender.com/ > >