From owner-freebsd-questions@FreeBSD.ORG  Wed Feb 22 10:05:06 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8CA1116A420
	for <freebsd-questions@freebsd.org>;
	Wed, 22 Feb 2006 10:05:06 +0000 (GMT)
	(envelope-from imran@darkstar.thelakecity.com.pk)
Received: from darkstar.thelakecity.com.pk (darkstar.thelakecity.com.pk
	[202.59.74.139])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2A19743D66
	for <freebsd-questions@freebsd.org>;
	Wed, 22 Feb 2006 10:04:44 +0000 (GMT)
	(envelope-from imran@darkstar.thelakecity.com.pk)
Received: from darkstar.thelakecity.com.pk (localhost [127.0.0.1])
	by darkstar.thelakecity.com.pk (8.13.3/8.13.3) with ESMTP id
	k1L5N2oR004955 for <freebsd-questions@freebsd.org>;
	Tue, 21 Feb 2006 10:23:02 +0500 (PKT)
	(envelope-from imran@darkstar.thelakecity.com.pk)
Received: (from root@localhost)
	by darkstar.thelakecity.com.pk (8.13.3/8.13.3/Submit) id k1L5N1K0004952
	for freebsd-questions@freebsd.org; Tue, 21 Feb 2006 10:23:01 +0500 (PKT)
	(envelope-from imran)
Date: Tue, 21 Feb 2006 10:23:01 +0500 (PKT)
From: Imran Imtiaz <imran@darkstar.thelakecity.com.pk>
Message-Id: <200602210523.k1L5N1K0004952@darkstar.thelakecity.com.pk>
To: freebsd-questions@freebsd.org
Subject: proxy, nat and traffic shapping
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Feb 2006 10:05:06 -0000

Hi ! 


I have FreeBSD 5.4 installed. 
There is IPFIREWALL, IPFIREWALL_FORWARD, IPDIVERT and DUMMYNET in my 
kernel configration. 
On my FBSD gateway to the Internet I would like to use NAT (of course 
:-))) ), transparent proxy and limit the outgoing traffic. 
xl0 (62.169.170.166/30) is the public interface, xl1 (192.168.1.1/24) is 
the private one. 


If my firewall rules look like: 
ipfw pipe 1 config bw 256Kbit/s queue 40Kbytes 
ipfw add 47 pipe 1 ip from any to any out via xl0 
ipfw add 48 allow ip from 192.168.1.1 to any 
ipfw add 49 fwd 192.168.1.1,3128 tcp from 192.168.1.0/24 to any 80 
ipfw add 50 divert 8668 ip from any to any via xl0 
... (the rest of OPEN firewall rules) 
nothing except http (because of transparent proxy, I think) goes through 
the gateway from the local net. 


If my firewall rules look like: 
ipfw pipe 1 config bw 256Kbit/s queue 40Kbytes 
ipfw add 47 pipe 1 ip from 62.169.170.166 to any out via xl0 
ipfw add 48 allow ip from 192.168.1.1 to any 
ipfw add 49 fwd 192.168.1.1,3128 tcp from 192.168.1.0/24 to any 80 
ipfw add 50 divert 8668 ip from any to any via xl0 
... (the rest of OPEN firewall rules) 
everything works fine except except the bandwith limitation. 


Do you have any ideas, how to get these three things (bandwith 
limitation, nat, transparent proxy) work together ? 


Thanks a lot in advance.