From owner-freebsd-questions@FreeBSD.ORG  Fri Aug 22 03:13:21 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E071E16A4BF
	for <freebsd-questions@FreeBSD.ORG>;
	Fri, 22 Aug 2003 03:13:21 -0700 (PDT)
Received: from mejlik.maskot.sk (mejlik.maskot.sk [62.169.160.136])
	by mx1.FreeBSD.org (Postfix) with SMTP id BC6CE43FE0
	for <freebsd-questions@FreeBSD.ORG>;
	Fri, 22 Aug 2003 03:13:19 -0700 (PDT)	(envelope-from gigi@gigi.sk)
Received: (qmail 77031 invoked from network); 22 Aug 2003 10:13:16 -0000
Received: from maskot.maskot.sk (HELO gigi.sk) (@62.169.170.166)
  by mejlik.maskot.sk with SMTP; 22 Aug 2003 10:13:16 -0000
Message-ID: <3F45ECD8.60907@gigi.sk>
Date: Fri, 22 Aug 2003 12:13:44 +0200
From: Uncle GIGI <gigi@gigi.sk>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3) Gecko/20030313
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: freebsd-questions@FreeBSD.ORG
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Bandwith limitations, NAT and transparent proxy
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Aug 2003 10:13:22 -0000

Hi !

I have FreeBSD 4.8 installed.
There is IPFIREWALL, IPFIREWALL_FORWARD, IPDIVERT and DUMMYNET in my 
kernel configration.
On my FBSD gateway to the Internet I would like to use NAT (of course 
:-))) ), transparent proxy and limit the outgoing traffic.
xl0 (62.169.170.166/30) is the public interface, xl1 (192.168.1.1/24) is 
the private one.

If my firewall rules look like:
ipfw pipe 1 config bw 256Kbit/s queue 40Kbytes
ipfw add 47 pipe 1 ip from any to any out via xl0
ipfw add 48 allow ip from 192.168.1.1 to any
ipfw add 49 fwd 192.168.1.1,3128 tcp from 192.168.1.0/24 to any 80
ipfw add 50 divert 8668 ip from any to any via xl0
... (the rest of OPEN firewall rules)
nothing except http (because of transparent proxy, I think) goes through 
the gateway from the local net.

If my firewall rules look like:
ipfw pipe 1 config bw 256Kbit/s queue 40Kbytes
ipfw add 47 pipe 1 ip from 62.169.170.166 to any out via xl0
ipfw add 48 allow ip from 192.168.1.1 to any
ipfw add 49 fwd 192.168.1.1,3128 tcp from 192.168.1.0/24 to any 80
ipfw add 50 divert 8668 ip from any to any via xl0
... (the rest of OPEN firewall rules)
everything works fine except except the bandwith limitation.

Do you have any ideas, how to get these three things (bandwith 
limitation, nat, transparent proxy) work together ?

Thanks a lot in advance.

GIGI