From owner-freebsd-questions Thu Mar 8 0:23:24 2001 Delivered-To: freebsd-questions@freebsd.org Received: from smtpe.casema.net (smtpe.casema.net [195.96.96.172]) by hub.freebsd.org (Postfix) with SMTP id 3E47837B719 for ; Thu, 8 Mar 2001 00:23:20 -0800 (PST) (envelope-from walter@binity.com) Received: (qmail 21765 invoked from network); 8 Mar 2001 08:23:17 -0000 Received: from unknown (HELO slash.b118.binity.net) (195.96.105.183) by smtpe.casema.net with SMTP; 8 Mar 2001 08:23:17 -0000 Received: from tsunami.b118.binity.net (tsunami.b118.binity.net [172.18.3.10]) by slash.b118.binity.net (Postfix) with ESMTP id 90F5410E; Thu, 8 Mar 2001 09:22:29 +0100 (CET) Date: Thu, 8 Mar 2001 09:24:35 +0100 From: Walter Hop X-Mailer: The Bat! (v1.51) Educational X-Priority: 3 (Normal) Message-ID: <111411717177.20010308092435@binity.com> To: "G D McKee" Cc: FreeBSD Questions Subject: Re: Jail USER in HOME dir In-Reply-To: <001f01c0a5c4$a67173c0$0500a8c0@gdmckee.local> References: <001501c0a58f$79ca95c0$0500a8c0@gdmckee.local> <164186379910.20010305184858@binity.com> <001f01c0a5c4$a67173c0$0500a8c0@gdmckee.local> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG [in reply to freebsd@gdmckee.com, 05-03-2001] > What I am trying to do is give my friend FTP access to his home dir. That should be even easier! If you use the ftpd that ships with FreeBSD, you can just create a text file /etc/ftpchroot and insert the name(s) of the users you want to chroot in their homedirectories. > Also, Is there a way using IPFW to limit the bandwidth allocated to certain > ports. Yes. You need to build a kernel with at least the following options: options IPFIREWALL options DUMMYNET Dummynet is the traffic shaper in ipfw. It works perfectly with natd. Using dummynet you can create traffic "pipes" with characteristics like delay or maximum bandwidth. If you do: % ipfw pipe 1 config bw 20kBytes/s you'll have a pipe that will be able to pump 10 kilobytes per second. You can route traffic through this pipe by inserting an firewall rule, for example: % ipfw add 500 pipe 1 tcp from 172.18.0.0/16 to any 6688 % ipfw add 501 pipe 1 tcp from 172.18.0.0/16 to any 6699 will pipe everything that comes from my local network 172.18.0.0/16 and goes out to ports 6688 and 6699, which effectively places a bandwidth restriction on these traffic -- my roomates running Napster in this example ;) See "man dummynet" for a detailed description. Good luck, walter -- I DON'T CARE WHERE, JUST FAR To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message