Date: Fri, 04 Jun 2004 14:43:19 +0200 From: Nelis Lamprecht <nelis@8ball.co.za> To: FreeBSD Questions Mail List <questions@freebsd.org> Subject: ipnat and ipfw dummynet Message-ID: <1086352973.9330.29.camel@nelis.brabys.co.za>
next in thread | raw e-mail | index | archive | help
--=-eeDmiwKjiGVjBjbUMPcX Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi, I'm interested to hear how people utilise dummynet in a NAT environment. How does one create a pipe for a NAT network without effecting the actual LAN speed ? For example, on the gateway: $fwcmd add pipe 1 ip from 192.168.1.0/24 to any out $fwcmd add pipe 2 ip from any to 192.168.1.0/24 in $fwcmd pipe 1 config bw 128Kbit/s $fwcmd pipe 2 config bw 128Kbit/s The above example would be fine if 192.168.1.0/24 were only talking to the internet but unfortunately it also effects the machines from talking to each other internally. The only interface you can specify is the internal interface(bge1) because this is the only time that ipfw will see the addresses before they are passed to NAT(ipnat) and will not be seen on the external interface(bge0). So basically the above example should be written as: $fwcmd add pipe 1 ip from 192.168.1.0/24 to any out via bge1 $fwcmd add pipe 2 ip from any to 192.168.1.0/24 in via bge1 This however will also give 192.168.1.0/24 an internal LAN speed of 128Kbit/s which is to say quite humorous ;-) What is the solution to this ? ..I'm obviously missing something. The internal interface is not firewalled. Many thanks, --=20 Nelis Lamprecht PGP: http://www.8ball.co.za/pgpkey/nelis.asc "Unix IS user friendly.. It's just selective about who its friends are." --=-eeDmiwKjiGVjBjbUMPcX Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQBAwG5NQfIMKiRMCrERAubfAKCQk5yHqBzhbWtq179qgGrl2wMOHgCdHtg7 uwyVtTFKZTPJHz1naQqZ+CU= =Mkym -----END PGP SIGNATURE----- --=-eeDmiwKjiGVjBjbUMPcX--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1086352973.9330.29.camel>