From owner-freebsd-net@FreeBSD.ORG Tue Oct 21 06:08:57 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F28BB16A4B3 for ; Tue, 21 Oct 2003 06:08:56 -0700 (PDT) Received: from queue.unet.com.mk (queue.unet.com.mk [212.13.64.51]) by mx1.FreeBSD.org (Postfix) with ESMTP id DA30843FAF for ; Tue, 21 Oct 2003 06:08:49 -0700 (PDT) (envelope-from aleksandar@unet.com.mk) Received: from b166-er.unet.com.mk (ppp25.unet.com.mk [212.13.64.90] (may be forged)) by queue.unet.com.mk (8.11.6/8.11.6) with SMTP id h9LBqpq26312 for ; Tue, 21 Oct 2003 13:52:51 +0200 Date: Tue, 21 Oct 2003 15:11:22 +0200 From: Aleksandar Simonovski To: freebsd-net@freebsd.org Message-Id: <20031021151122.486f6060.aleksandar@unet.com.mk> Organization: Unet X-Mailer: Sylpheed version 0.9.4-gtk2-20030802 (GTK+ 2.2.4; i686-pc-linux-gnu) X-Operating-System: Slackware 9.1 Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavis-milter (http://amavis.org/) Subject: natd+ipfw+trafic shaping X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Oct 2003 13:08:57 -0000 Hi all, can anyone explane why this rules doesn't work: rl0 EXTINF rl1 INTINF add 1000 divert 8668 ip from any to any via rl0 add 1200 allow ip from any to any via lo0 add 1300 deny ip from any to 127.0.0.1/8 add 1400 deny ip from 127.0.0.1/8 to any add 1500 check-state add 1550 allow icmp from any to any keep-state add 1600 allow log udp from any to any 53 keep-state add 1700 queue 1 log tcp from 192.168.1.0/24 to any 20,21,22,23 keep-state add 1800 queue 1 log tcp from any 20,21,22,23 to 192.168.1.0/24 keep-state #add 1900 allow log udp from any 137 to any keep-state add 2000 allow log tcp from 192.168.1.0/24 to any 80 keep-state add 2100 deny log ip from any to any queue 1 config weight 10 pipe 1 mask src-ip 0xffffff00 queue 1 config weight 10 pipe 1 mask dst-ip 0xffffff00 pipe 1 config bw 128kbit/s and when i change "192.168.1.0/24" to "any" it works but the trafic shaping is not as it should be. I now this has something to do with natd and rule 1000 but that's the thing that confuses me,how can i limit or allow trafix to the local net (192.168.1.0/24) any help would be appreciated