From owner-freebsd-net@FreeBSD.ORG Wed Oct 22 07:11:19 2003 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 14F2216A4B3 for ; Wed, 22 Oct 2003 07:11:19 -0700 (PDT) Received: from queue.unet.com.mk (queue.unet.com.mk [212.13.64.51]) by mx1.FreeBSD.org (Postfix) with ESMTP id B47D943FBF for ; Wed, 22 Oct 2003 07:11:13 -0700 (PDT) (envelope-from aleksandar@unet.com.mk) Received: from b166-er.unet.com.mk (ppp25.unet.com.mk [212.13.64.90] (may be forged)) by queue.unet.com.mk (8.11.6/8.11.6) with SMTP id h9MCtFT18906 for ; Wed, 22 Oct 2003 14:55:15 +0200 Date: Wed, 22 Oct 2003 16:13:53 +0200 From: Aleksandar Simonovski To: freebsd-net@freebsd.org Message-Id: <20031022161353.2deeeeeb.aleksandar@unet.com.mk> Organization: Unet X-Mailer: Sylpheed version 0.9.4-gtk2-20030802 (GTK+ 2.2.4; i686-pc-linux-gnu) X-Operating-System: Slackware 9.1 Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavis-milter (http://amavis.org/) Subject: gateway/firewall script X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Oct 2003 14:11:19 -0000 this is my script, works just fine, it's purpose is to allow just www,ftp and dns requests but i get only 6KB/s transfer with config bw 128Kbit/s, and 3KB/s with 64Kbit/s and so on and it should be 16KB/s with 128Kbit/s and 8KB/s with 64Kbit/s and do on so is this right or i'am missing something? any comments on the script would be fine INTINF = rl1 EXTINF = rl0 # natd is running natd -n rl0 #!/bin/sh -f flush add 1000 divert 8668 ip from any to any via rl0 add 1200 allow ip from any to any via lo0 add 1300 deny ip from any to 127.0.0.1/8 add 1400 deny ip from 127.0.0.1/8 to any add 1500 check-state add 1550 allow icmp from any to any keep-state add 1600 allow log udp from any to any 53 keep-state out add 1610 allow log udp from any to any 53 keep-state in #add 1620 allow log udp from any 53 to any keep-state in add 1700 queue 1 log tcp from any to any 20,21 keep-state out add 1800 queue 2 log tcp from any 20,21 to any keep-state in add 2000 queue 3 log tcp from any to any 80 keep-state out add 2010 queue 4 log tcp from any to any 80 keep-state in #add 2020 queue 5 log tcp from any 80 to any keep-state in add 2100 deny log ip from any to any queue 1 config weight 5 pipe 1 mask all queue 2 config weight 5 pipe 2 mask all queue 3 config weight 5 pipe 3 mask all queue 4 config weight 5 pipe 4 mask all queue 5 config weight 5 pipe 5 mask all pipe 1 config bw 128Kbit/s pipe 2 config bw 128Kbit/s pipe 3 config bw 128Kbit/s pipe 4 config bw 128Kbit/s pipe 5 config bw 128Kbit/s Cheers, Aleksandar