From owner-freebsd-ipfw@FreeBSD.ORG Mon Jul 4 12:47:09 2011 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B654B106566B for ; Mon, 4 Jul 2011 12:47:09 +0000 (UTC) (envelope-from gregoire.leroy@retenodus.net) Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net [217.70.183.196]) by mx1.freebsd.org (Postfix) with ESMTP id 0D5A28FC1A for ; Mon, 4 Jul 2011 12:47:08 +0000 (UTC) X-Originating-IP: 217.70.178.134 Received: from mfilter4-d.gandi.net (mfilter4-d.gandi.net [217.70.178.134]) by relay4-d.mail.gandi.net (Postfix) with ESMTP id EDB6B17209F for ; Mon, 4 Jul 2011 14:46:57 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at mfilter4-d.gandi.net Received: from relay4-d.mail.gandi.net ([217.70.183.196]) by mfilter4-d.gandi.net (mfilter4-d.gandi.net [10.0.15.180]) (amavisd-new, port 10024) with ESMTP id mq-aLRv2sjjn for ; Mon, 4 Jul 2011 14:46:56 +0200 (CEST) X-Originating-IP: 212.234.55.192 Received: from rena.localnet (unknown [212.234.55.192]) (Authenticated sender: lupuscramus@hyperthese.net) by relay4-d.mail.gandi.net (Postfix) with ESMTPSA id 62D6A172081 for ; Mon, 4 Jul 2011 14:46:56 +0200 (CEST) From: =?iso-8859-1?q?Gr=E9goire_Leroy?= To: freebsd-ipfw@freebsd.org Date: Mon, 4 Jul 2011 14:46:55 +0200 User-Agent: KMail/1.13.7 (Linux/2.6.39-2-amd64; KDE/4.6.4; x86_64; ; ) X-KMail-Markup: true MIME-Version: 1.0 Message-Id: <201107041446.55415.gregoire.leroy@retenodus.net> Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Natd + dummynet X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 Jul 2011 12:47:09 -0000 Hi, I try to use dummynet with natd, but I don't understand where I must write= =20 pipes/queues lines. I want to use fair queueing on my sdsl line, and I don't understand if I mu= st=20 write rules : 1) before the firsts lines of nat 2) Between nat and chek-state 3) before allow/deny 4) After allow/deny 5) After lasts natd lines. I wonder also if pipes rules replace allow rules : if a packet is accepted = in=20 a pipe, it's also allowed, isn't it ? My rules are :=20 # Les paquets autorises sont nattes -> important $cmd 55300 divert 8868 ip from any to any in via $adsl1_if $cmd 55301 divert 8869 ip from any to any in via $adsl2_if $cmd 55302 divert 8870 ip from any to any in via $sdsl_if # On accepte les paquets autorises par keep-state $cmd 55320 check-state =2E.. some deny/allow/skipto lines ... #nat everything that get's here, should be ok as local allowed in first $cmd 61000 divert 8868 ip from $interne to any in $cmd 61100 divert 8868 ip from $interne to any out $cmd 61300 allow all from any to any $cmd 62000 divert 8869 ip from $interne to any out $cmd 62500 divert 8869 ip from $interne to any in $cmd 62700 allow all from any to any $cmd 63000 divert 8870 ip from $interne_all to any out $cmd 63500 divert 8870 ip from $interne_all to any in $cmd 63600 allow all from any to any #policy route to send traffic to correct isp $cmd 61200 fwd $isp1 ip from $adsl1_ip to any $cmd 62550 fwd $isp2 ip from $adsl2_ip to any $cmd 63700 fwd $isp3 ip from $sdsl_ip to any $cmd 65534 allow all from any to any Tkanks for your help, Gr=E9goire Leroy