Date: Thu, 25 May 2006 23:06:23 +0200 From: Alex de Kruijff <freebsd@akruijff.dds.nl> To: G-der <gderama@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: Traffic shaping with ipfw/DUMMYNET when using natd Message-ID: <20060525210623.GC814@Alex1.kruijff.org> In-Reply-To: <63cefb5c0605240732j264748bwa358ba904164d3f1@mail.gmail.com> References: <63cefb5c0605240732j264748bwa358ba904164d3f1@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, May 24, 2006 at 08:32:53AM -0600, G-der wrote: > I've been setting up ipfw and DUMMYNET to do some traffic shaping on my > network. Right now to test things out I've basicly put everything into two > categories. There's traffic from 10.0.10.10 which is lower priority (this > is a download machine) and then there's everything else. > > The biggest problem I've runinto is that because natd gets the packets first > thing the only way to catch outgoing traffic is on the internal network > interface. That is if you want to limit based on which internal machine is > generating the traffic like in my case. After the divert rule for natd the > src-ip field gets changed to my external ip address. This has a side effect > of limiting all the traffic on that internal interface, even stuff that is > not bound for the internet. > > I've tried playing around a little bit with the bridged, diverted, and > diverted-output commands but can't get any of them to catch the packets. > > Is there a way to limit outgoing traffic based on which machine owns the > traffic internally that doesn't have to be done on the internal interface? > Would it be better practice to scan outgoing traffic before the divert rules > for natd? I do it on the internal nic. I just have the internal traffic skip those rules. You could do it on the external nic, but this is more complex. You should remeber that the diverd rule changes the ip adress. Scanning outgoing traffic before the divert rule and incomming afther it should work to. -- Alex Please copy the original recipients, otherwise I may not read your reply. Howtos based on my personal use, including information about setting up a firewall and creating traffic graphs with MRTG http://alex.kruijff.org/FreeBSD/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060525210623.GC814>