From owner-freebsd-questions@FreeBSD.ORG Fri Jun 4 05:39:55 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9820616A4CE for ; Fri, 4 Jun 2004 05:39:55 -0700 (PDT) Received: from mail.8ball.co.za (8ball.co.za [196.22.201.157]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4EC8F43D39 for ; Fri, 4 Jun 2004 05:39:53 -0700 (PDT) (envelope-from nelis@8ball.co.za) Received: (qmail 40832 invoked by uid 89); 4 Jun 2004 12:39:50 -0000 Received: from unknown (HELO ?192.168.10.9?) (192.168.10.9) by 192.168.10.1 with SMTP; 4 Jun 2004 12:39:50 -0000 From: Nelis Lamprecht To: FreeBSD Questions Mail List Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-eeDmiwKjiGVjBjbUMPcX" Organization: 8ball Network Solutions Message-Id: <1086352973.9330.29.camel@nelis.brabys.co.za> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Fri, 04 Jun 2004 14:43:19 +0200 Subject: ipnat and ipfw dummynet X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: nelis@8ball.co.za List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jun 2004 12:39:55 -0000 --=-eeDmiwKjiGVjBjbUMPcX Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hi, I'm interested to hear how people utilise dummynet in a NAT environment. How does one create a pipe for a NAT network without effecting the actual LAN speed ? For example, on the gateway: $fwcmd add pipe 1 ip from 192.168.1.0/24 to any out $fwcmd add pipe 2 ip from any to 192.168.1.0/24 in $fwcmd pipe 1 config bw 128Kbit/s $fwcmd pipe 2 config bw 128Kbit/s The above example would be fine if 192.168.1.0/24 were only talking to the internet but unfortunately it also effects the machines from talking to each other internally. The only interface you can specify is the internal interface(bge1) because this is the only time that ipfw will see the addresses before they are passed to NAT(ipnat) and will not be seen on the external interface(bge0). So basically the above example should be written as: $fwcmd add pipe 1 ip from 192.168.1.0/24 to any out via bge1 $fwcmd add pipe 2 ip from any to 192.168.1.0/24 in via bge1 This however will also give 192.168.1.0/24 an internal LAN speed of 128Kbit/s which is to say quite humorous ;-) What is the solution to this ? ..I'm obviously missing something. The internal interface is not firewalled. Many thanks, --=20 Nelis Lamprecht PGP: http://www.8ball.co.za/pgpkey/nelis.asc "Unix IS user friendly.. It's just selective about who its friends are." --=-eeDmiwKjiGVjBjbUMPcX Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQBAwG5NQfIMKiRMCrERAubfAKCQk5yHqBzhbWtq179qgGrl2wMOHgCdHtg7 uwyVtTFKZTPJHz1naQqZ+CU= =Mkym -----END PGP SIGNATURE----- --=-eeDmiwKjiGVjBjbUMPcX--