From owner-freebsd-questions@FreeBSD.ORG Fri Jun 4 05:57:32 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 76EB016A4CE for ; Fri, 4 Jun 2004 05:57:32 -0700 (PDT) Received: from mail.8ball.co.za (8ball.co.za [196.22.201.157]) by mx1.FreeBSD.org (Postfix) with ESMTP id C31CC43D49 for ; Fri, 4 Jun 2004 05:57:30 -0700 (PDT) (envelope-from nelis@8ball.co.za) Received: (qmail 41209 invoked by uid 89); 4 Jun 2004 12:57:11 -0000 Received: from unknown (HELO ?192.168.10.9?) (192.168.10.9) by 192.168.10.1 with SMTP; 4 Jun 2004 12:57:11 -0000 From: Nelis Lamprecht To: FreeBSD Questions Mail List In-Reply-To: <1086352973.9330.29.camel@nelis.brabys.co.za> References: <1086352973.9330.29.camel@nelis.brabys.co.za> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-1n5Kdpo0pKsa5TqbMh6k" Organization: 8ball Network Solutions Message-Id: <1086354047.10140.9.camel@nelis.brabys.co.za> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Fri, 04 Jun 2004 15:00:48 +0200 Subject: Re: ipnat and ipfw dummynet X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: nelis@8ball.co.za List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jun 2004 12:57:32 -0000 --=-1n5Kdpo0pKsa5TqbMh6k Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Sorry, I failed to point out my current network configuration. I have 2 internal networks which use NAT, one class C ( 192.96.48.0/24 ) and one rfc1918 ( 192.168.1.0/24 ). The internal interface(bge1) is configured with the class c network and I have added a route to bge1 for 192.168.1.0/24. All traffic on the 192.96.48.0/24 network internally is routed via the gateway to get to the 192.168.1.0 network. Hope that makes sense. Nelis On Fri, 2004-06-04 at 14:43, Nelis Lamprecht wrote: > Hi, >=20 > I'm interested to hear how people utilise dummynet in a NAT environment. > How does one create a pipe for a NAT network without effecting the > actual LAN speed ? For example, on the gateway: >=20 > $fwcmd add pipe 1 ip from 192.168.1.0/24 to any out > $fwcmd add pipe 2 ip from any to 192.168.1.0/24 in > $fwcmd pipe 1 config bw 128Kbit/s > $fwcmd pipe 2 config bw 128Kbit/s >=20 > The above example would be fine if 192.168.1.0/24 were only talking to > the internet but unfortunately it also effects the machines from talking > to each other internally. The only interface you can specify is the > internal interface(bge1) because this is the only time that ipfw will > see the addresses before they are passed to NAT(ipnat) and will not be > seen on the external interface(bge0). So basically the above example > should be written as: >=20 > $fwcmd add pipe 1 ip from 192.168.1.0/24 to any out via bge1 > $fwcmd add pipe 2 ip from any to 192.168.1.0/24 in via bge1 >=20 > This however will also give 192.168.1.0/24 an internal LAN speed of > 128Kbit/s which is to say quite humorous ;-) >=20 > What is the solution to this ? ..I'm obviously missing something. The > internal interface is not firewalled. >=20 >=20 > Many thanks, --=20 Nelis Lamprecht PGP: http://www.8ball.co.za/pgpkey/nelis.asc "Unix IS user friendly.. It's just selective about who its friends are." --=-1n5Kdpo0pKsa5TqbMh6k Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQBAwHJ/QfIMKiRMCrERArMHAJ0T3M1Zjv1hSo7nH/ixvDANphr7BwCdEcRL pgiS09UhJTegkwFSxAA9vHw= =LxLN -----END PGP SIGNATURE----- --=-1n5Kdpo0pKsa5TqbMh6k--