From owner-freebsd-ipfw Mon Jul 15 18: 1:37 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9172037B405 for ; Mon, 15 Jul 2002 18:01:32 -0700 (PDT) Received: from c011.snv.cp.net (h003.c011.snv.cp.net [209.228.34.216]) by mx1.FreeBSD.org (Postfix) with SMTP id B0D5843E5E for ; Mon, 15 Jul 2002 18:01:31 -0700 (PDT) (envelope-from admin@biowarnet.info) Received: (cpmta 13812 invoked from network); 15 Jul 2002 18:01:31 -0700 Received: from 209.228.34.221 (HELO mail.biowarnet.info.criticalpath.net) by smtp.hosting-14.namesecure.com (209.228.34.216) with SMTP; 15 Jul 2002 18:01:31 -0700 X-Sent: 16 Jul 2002 01:01:31 GMT Received: from [202.155.77.114] by mail.biowarnet.info with HTTP; Mon, 15 Jul 2002 18:01:30 -0700 (PDT) Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 7bit MIME-Version: 1.0 To: rizzo@icir.org Cc: freebsd-ipfw@FreeBSD.ORG From: admin@biowarnet.info Subject: NewBie Question X-Sent-From: admin@biowarnet.info Date: Mon, 15 Jul 2002 18:01:30 -0700 (PDT) X-Mailer: Web Mail 5.0.10-17 Message-Id: <20020715180131.2114.h008.c011.wm@mail.biowarnet.info.criticalpath.net> Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello Rizzo I would like to ask you what is the right configuration for my network here : I run FreeBSD 4.6-STABLE on server, and here i got traffic bandwidth around 80kbit/s. (from MRTG Page) I have 14 client here on my server not included server. I run squid and accept http request on port 3128 And this is the question : What sould i put on my firewall config, so every client have max http traffic bandwidth around 5kbit/s? (from 80kbit/s /14 client in my network) For a while i put these on /etc/firewall.conf case ${natd_enable} in [Yy][Ee][Ss]) if [ -n "${natd_interface}" ]; then ${fwcmd} add divert natd all from any to any via ${natd_interface} fi ;; esac # Stop RFC1918 nets on the outside interface ${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif} ${fwcmd} add deny all from 172.16.0.0/12 to any via ${oif} ${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif} # Dummynet Rules /sbin/ipfw add pipe 1 tcp from any 3128 to ${inet}:${imask} /sbin/ipfw pipe 1 config bw 40kbit/s queue 50 delay 10 mask dst-ip 0xffffff00 # Allow established connections with minimal overhead ${fwcmd} add pass tcp from any to any established I wait for your answer And I would thank very very thank you Rinto N To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message