From owner-freebsd-questions@FreeBSD.ORG Mon May 4 16:49:15 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8F250106567E for ; Mon, 4 May 2009 16:49:15 +0000 (UTC) (envelope-from odhiambo@gmail.com) Received: from mail-bw0-f213.google.com (mail-bw0-f213.google.com [209.85.218.213]) by mx1.freebsd.org (Postfix) with ESMTP id 027638FC27 for ; Mon, 4 May 2009 16:49:14 +0000 (UTC) (envelope-from odhiambo@gmail.com) Received: by bwz9 with SMTP id 9so3800423bwz.43 for ; Mon, 04 May 2009 09:49:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type; bh=3ROqolw+tR8ymhCKKHudLFthhs5ZBcQEF5liBAQ1J3E=; b=M4ryZODPmgI+JH3+oakgmKxgryvX84LNMfHVfofjGbBXdeEMA/uZcQMafcqSNMsS6L WlzvuMWGDUZxizONxqhzgv89DDqKFvo4lBR4lbd74XNC3mrWZMcwvX7fuz5C8giJlc56 alKXzBeHCMcMdoX2VRrHJozn+zyU+SgMUvPKY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=Z0KI+2eLWBw6paZO/duPrU6SBZbRZma7thVxEAKx6xVo1GAF8fNaXz8Vdoa4hVw/o4 +JXjXYD4xK63OWPbH+E4I2hJaorpYAk41W7zrMWf1EnAe5DJg2x5PgnbX9bZFofL70M6 EVqRRO01at4ehEIuw8MagmrMXFyBz2Zn1J+kA= MIME-Version: 1.0 Received: by 10.223.117.1 with SMTP id o1mr2368545faq.53.1241455753270; Mon, 04 May 2009 09:49:13 -0700 (PDT) In-Reply-To: <1ab57dc80905040833q1573f264oe6bd77420df31c6d@mail.gmail.com> References: <1ab57dc80905040833q1573f264oe6bd77420df31c6d@mail.gmail.com> Date: Mon, 4 May 2009 19:49:13 +0300 Message-ID: <991123400905040949p7351a397s199b538961647ab3@mail.gmail.com> From: =?UTF-8?B?T2RoaWFtYm8gIOODr+OCt+ODs+ODiOODsw==?= To: Tamar Lea Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: per protocol bandwidth filters for firewall X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 04 May 2009 16:49:16 -0000 On Mon, May 4, 2009 at 6:33 PM, Tamar Lea wrote: > Hello all, > I have inherited the job of maintaining a FreeBSD firewall that sits behind > an ADSL line that connects 128 clients to the internet. I have not used > FreeBSD before but have some linux experience. The connections must be > always on though I am allowed to reboot if absolutely necessary. It is > using > ipfilter and ipnat. There have been issues with clients taking up too much > bandwidth, so after several hours of careful testing I managed to redirect > all traffic on port 80 to a squid service using ipnat. This uses delay > pools > to limit the max speed per user. However I would also like to limit the max > speed per user for streaming traffic on port 1935. Would this be possible > with the current setup and what programs or config would be able to do the > job? If you consider PF+ALTQ, you will be able to do what IPFilter/IPNAT is doing now and much more - just like you desire. You will also find it quite easy to convert the current firewall/nat rules into PF syntax. Best of luck! -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ "Clothes make the man. Naked people have little or no influence on society." -- Mark Twain