Date: Sat, 24 May 2003 13:41:14 +0200 From: "Elector" <elector@elector.dk> To: freebsd-ipfw@freebsd.org Subject: Prioritizing traffic and NAT. Message-ID: <200305241341140515.0EB4D5DA@pasmtp.tele.dk>
next in thread | raw e-mail | index | archive | help
Hi there, first time I post here. But I'm soon to be hairless, if I didn't=
try something else, than just reconfigging and reconfigging without=
getting anywhere...
I'll try to draw my setup here. Hope it looks alright/understandable.
WAN
|
|
FreeBSD
| |
| |
PC1 PC2
PC1 and PC2 are on a 10.0.0.0/8 private IP-net.
Fairly simple setup, where the FreeBSD NAT's PC1 and PC2 to the Internet,=
and that works just fine.The problem is that I run a FTP server and a=
couple of other services on the FreeBSD box, and when users are=
downloading like nutts from it, PC1 and PC2 (and the FreeBSD box for that=
matter) can barely use the Internet. So I would like to priortize the=
traffic, as in giving PC1 and PC2 higher priority to the Internet than the=
FreeBSD box itself.
First of all, I'm just trying to prioritize outgoing traffic and incomming=
apart from eachother. I know saturating outgoing traffic will slow down=
incomming to a crawl, but that's not the biggest problem right now. First=
I just want to get this to work, then I can worry about the other things=
later. :-)
My problem is that the config below, doesn't seem to prioritize anything,=
well allmost anything. It works on the internal LAN traffic, and I can set=
the speeds to whatever I want there and it works, BUT on the WAN side it=
doesn't seem to work at all - that is no prioritizing whatsoever.
I really REALLY hope someone here has a good sugestion.
--- ipfw config file ---
#first flush the old rules
-f flush
#set up queue for traffic on a 2M/512K ADSL connection.
#outgoing traffic is the major bottleneck here, and I set it a bit lower=
than max, to avoid saturating the line
pipe 10 config bw 500Kbit/s
pipe 20 config bw 2Mbit/s
#LAN traffic should still run at 100Mbit
pipe 99 config bw 100Mbit/s
#outgoing traffic should be prioritized, so that the LAN PC's has has=
higher priority than the router-box.
queue 10 config pipe 10 weight 100
queue 20 config pipe 10 weight 1
#incomming traffic should be prioritized, so that the LAN PC's has has=
higher priority than the router-box.
queue 30 config pipe 20 weight 100
queue 40 config pipe 20 weight 1
#LAN traffic should still run at 100Mbit
queue 99 config pipe 99 weight 1
#enable NAT/PAT
add 50 divert natd all from any to any via rl0
add 100 allow ip from 10.0.0.0/8 to 10.0.0.0/8
#LAN traffic should still run at 100Mbit
add 150 queue 99 ip from me to any out via fxp0
add 151 queue 99 ip from any to me in via fxp0
#LAN traffic to the outside world should be highest prioritized =3D get all=
the BW they need.
add 200 queue 10 ip from 10.0.0.0/8 to any in via fxp0
add 201 queue 30 ip from any to 10.0.0.0/8 out via fxp0
#box traffic to the ouside world (runs a FTP server among others) should be=
lowest prioritized =3D only use
#the BW that arn't used by the LAN PC's.
add 300 queue 20 ip from me to any out via rl0
add 301 queue 40 ip from any to me in via rl0
#allow all traffic - Cisco PIX in front of box takes care of the actual=
firewalling
add 999 allow all from any to any
--------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200305241341140515.0EB4D5DA>