From owner-freebsd-net@FreeBSD.ORG Tue Oct 21 15:03:58 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A0FCD16A4B3 for ; Tue, 21 Oct 2003 15:03:58 -0700 (PDT) Received: from ints.mail.pike.ru (ints.mail.pike.ru [195.9.45.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id EFC2643FA3 for ; Tue, 21 Oct 2003 15:03:56 -0700 (PDT) (envelope-from babolo@cicuta.babolo.ru) Received: (qmail 78722 invoked from network); 21 Oct 2003 22:27:07 -0000 Received: from babolo.ru (HELO cicuta.babolo.ru) (194.58.226.160) by ints.mail.pike.ru with SMTP; 21 Oct 2003 22:27:07 -0000 Received: (nullmailer pid 760 invoked by uid 136); Tue, 21 Oct 2003 22:05:16 -0000 X-ELM-OSV: (Our standard violations) hdr-charset=KOI8-R; no-hdr-encoding=1 In-Reply-To: <20031021151122.486f6060.aleksandar@unet.com.mk> To: Aleksandar Simonovski Date: Wed, 22 Oct 2003 02:05:16 +0400 (MSD) From: "."@babolo.ru X-Mailer: ELM [version 2.4ME+ PL99b (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Message-Id: <1066773916.587296.759.nullmailer@cicuta.babolo.ru> cc: freebsd-net@freebsd.org Subject: Re: natd+ipfw+trafic shaping X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Oct 2003 22:03:58 -0000 Remember that rules checked twice if not defined "in" or "out". Look at net.inet.ip.fw.one_pass sysctl > Hi all, > can anyone explane why this rules doesn't work: > > rl0 EXTINF > rl1 INTINF > > add 1000 divert 8668 ip from any to any via rl0 > add 1200 allow ip from any to any via lo0 > add 1300 deny ip from any to 127.0.0.1/8 > add 1400 deny ip from 127.0.0.1/8 to any > add 1500 check-state > add 1550 allow icmp from any to any keep-state > add 1600 allow log udp from any to any 53 keep-state > add 1700 queue 1 log tcp from 192.168.1.0/24 to any 20,21,22,23 keep-state > add 1800 queue 1 log tcp from any 20,21,22,23 to 192.168.1.0/24 keep-state > #add 1900 allow log udp from any 137 to any keep-state > add 2000 allow log tcp from 192.168.1.0/24 to any 80 keep-state > add 2100 deny log ip from any to any > queue 1 config weight 10 pipe 1 mask src-ip 0xffffff00 > queue 1 config weight 10 pipe 1 mask dst-ip 0xffffff00 > pipe 1 config bw 128kbit/s > > and when i change "192.168.1.0/24" to "any" it works but the trafic shaping is not > as it should be. I now this has something to do with natd and rule 1000 > but that's the thing that confuses me,how can i limit or allow trafix to the local net (192.168.1.0/24) > any help would be appreciated > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >