Date: Fri, 4 Jan 2002 13:13:18 -0500 From: "Gerald T. Freymann" <freymann@eagle.ca> To: freebsd-questions@freebsd.org Subject: Freebsd in bridge mode with dummynet + ipfw Message-ID: <3C35AA6E.2785.F55512@localhost>
index | next in thread | raw e-mail
I have need to set up a FreeBSD box to act as a bridge where the
main purpose is to limit bandwidth, but also filtering packets based on
port numbers would be handy too.
I am recompiling the kernel now with
options BRIDGE
options DUMMYNET
and I have two network cards that are recognized and working fine.
I have set, in /etc/rc.conf
firewall_enable="YES"
firewall_type="open"
And adjusted the "open" section of rc.firewall as follows:
############
# Only in rare cases do you want to change these rules
#
${fwcmd} add 100 pass all from any to any via lo0
${fwcmd} add 200 deny all from any to 127.0.0.0/8
${fwcmd} add 300 deny ip from 127.0.0.0/8 to any
# If you're using 'options BRIDGE', uncomment the following line to
# pass ARP
#${fwcmd} add 400 pass udp from 0.0.0.0 2054 to 0.0.0.0
# Prototype setups.
#
case ${firewall_type} in
[Oo][Pp][Ee][Nn])
${fwcmd} add pipe 1 ip from any to any out
${fwcmd} add pipe 2 ip from any to any in
${fwcmd} pipe 1 config bw 1000Kbit/s
${fwcmd} pipe 2 config bw 1000Kbit/s
# this blocks Bearshare, Limewire
${fwcmd} add deny tcp 6346 from any to any
# this blocks Morpheus
${fwcmd} add deny tcp 1214 from any to any
${fwcmd} add 65000 pass all from any to any
;;
And lastly, in /etc/sysctl.conf
net.link.ether.bridge=1
net.link.ether.bridge_ipfw=1
net.link.ether.bridge_cfg vr0:0,xl0:0
I do have a 'live' IP number on just *one* of the NICS so we can telnet
to the box and monitor from time to time.
I guess my questions are:
1) is this all there is to it? (gotta luv FreeBSD!)
2) are the firewall rules ok.
Yes, we're giving this client lots of up/down bandwidth but need to limit
them as they've been using close to 3000Kbit/s!
Any feedback would be appreciated as this is my first time using
FreeBSD in this configuration (although I've been using FreeBSD for
about 6 years now).
gf
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3C35AA6E.2785.F55512>