From owner-freebsd-questions@FreeBSD.ORG Wed Sep 26 15:05:47 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7671B16A417 for ; Wed, 26 Sep 2007 15:05:47 +0000 (UTC) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: from be-well.ilk.org (dsl092-078-145.bos1.dsl.speakeasy.net [66.92.78.145]) by mx1.freebsd.org (Postfix) with ESMTP id 5663813C4A5 for ; Wed, 26 Sep 2007 15:05:47 +0000 (UTC) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: by be-well.ilk.org (Postfix, from userid 1147) id 8B92A2844C; Wed, 26 Sep 2007 11:05:46 -0400 (EDT) To: "Edgardo Nuevo" References: From: Lowell Gilbert Date: Wed, 26 Sep 2007 11:05:46 -0400 In-Reply-To: (Edgardo Nuevo's message of "Tue\, 25 Sep 2007 03\:10\:04 -0500") Message-ID: <44sl51fovp.fsf@be-well.ilk.org> User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.99 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Cc: freebsd-questions@freebsd.org Subject: Re: Bandwidth filter with ipfw don't work X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-questions@freebsd.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Sep 2007 15:05:47 -0000 "Edgardo Nuevo" writes: > Hi > I have Freebsd 6,2 with 2 cards of network, vr1 (10.0.1.10 with access > to Internet), vr0 (192.168.1.1 internal network), I have configured > ipfw + dummynet, when I configure a PC with 192.168.1.x does not work, > but I put an IP type 10.0.1.x its works, what's error? Can't tell from that. Have you checked ipfw counters to see which rules are dropping the packets (if any)? Have you tried with no drop rules at all? Do you have a route for the 192.168.1.x subnet on the router? > ############### firewall.rules ############### > -f flush > add 0012 skipto 20 all from any to any not layer2 in via vr0 > # Define MAC's users > add 0013 skipto 20 all from any to any { MAC 00:1b:24:3b:4f:xx any or > MAC any 00:1b:24:3b:4f:xx } layer2 > add 0014 skipto 20 all from any to any { MAC 00:1b:24:25:yy:69 any or > MAC any 00:1b:24:25:yy:69 } layer2 > > #Deny MACs not defined > add 0019 deny log logamount 100 ip from any to any MAC any any layer2 via vr0 > > # Enable NAT > add 0020 divert natd all from any to any via vr1 > > # Define pipe per MAC's > add pipe 1 ip from any to any MAC 00:1b:24:3b:4f:xx any in via vr0 > add pipe 2 ip from any to any MAC any 00:1b:24:3b:4f:xx in via vr0 > > add pipe 3 ip from any to any MAC 00:1b:24:25:yy:69 any > add pipe 4 ip from any to any MAC any 00:1b:24:25:yy:69 > > # Define bandwith per pipe > pipe 1 config bw 50Kbit/s > pipe 2 config bw 50Kbit/s > > pipe 3 config bw 6Kbit/s > pipe 4 config bw 6Kbit/s > > add 0500 allow all from any to any > ####################################################### > > ############### sysctl.conf ############### > net.link.ether.bridge.enable=1 > net.link.ether.bridge_cfg=vr1:1,vr0:2 > net.link.ether.bridge_ipfw=1 > net.ip.dummynet.debug=1 > net.inet.ip.fw.enable=1 > net.link.ether.ipfw=1 > ####################################################### > > Thanks > > Dark Night Rider > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > -- Lowell Gilbert, embedded/networking software engineer, Boston area http://be-well.ilk.org/~lowell/