Date: Fri, 14 Feb 2003 09:15:44 +0100 (CET) From: =?iso-8859-1?q?Claus=20Guttesen?= <cguttesen@yahoo.dk> To: Eivind Olsen <eivind@aminor.no>, freebsd-stable@FreeBSD.ORG Subject: Re: ipfw1 or ipfw2 in STABLE? Message-ID: <20030214081544.33667.qmail@web14103.mail.yahoo.com> In-Reply-To: <97321400.1045177521@[192.168.0.2]>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi.
> man-page for ipfw(8) I get the impression that
> STABLE only uses ipfw1 by
> default and I'll have to enable ipfw2 by adding
> "IPFW2=TRUE" to
> /etc/make.conf and adding "options IPFW2" to the
> kernel config. But I can't
You're assumption is correct. I am running ipfw (in
combination with ipfilter), ipfw for traffic-shaping
(dummynet).
I wanted to prioritize both outcoming and returning
traffic, but ipfw (ver. 1) only allowed me to
prioritize on the port, but not distinguish on the
direction. The keyword ipfw2 has is src- and dst-port
as well. So I recompiled my world and kernel and
rebooted and everything went smoothly.
As an example I've pasted my setup from
/etc/rc.firewall (firewall type [Oo][Pp][Ee][Nn]:
# do some traffic-shaping, configure a pipe
${fwcmd} pipe 10 config bw 1Mbit/s
${fwcmd} pipe 20 config bw 1Mbit/s
# create some queues with various weight
${fwcmd} queue 11 config pipe 10 weight 50
${fwcmd} queue 12 config pipe 10 weight 25
${fwcmd} queue 13 config pipe 10 weight 5
${fwcmd} queue 21 config pipe 20 weight 50
${fwcmd} queue 22 config pipe 20 weight 25
${fwcmd} queue 23 config pipe 20 weight 5
# create some rules that will be applied to the queues
# inside-interface
${fwcmd} add 340 queue 11 tcp from 192.168.1.0/24 to
any dst-port http in recv xl0
${fwcmd} add 340 queue 11 tcp from 192.168.1.0/24 to
any dst-port ssh in recv xl0
${fwcmd} add 340 queue 12 tcp from 192.168.1.0/24 to
any dst-port smtp in recv xl0
${fwcmd} add 340 queue 12 tcp from 192.168.1.0/24 to
any dst-port pop3 in recv xl0
${fwcmd} add 340 queue 13 ip from 192.168.1.0/24 to
any in recv xl0
# outside-interface
${fwcmd} add 350 queue 21 tcp from any to
192.168.1.0/24 src-port http in recv xl1
${fwcmd} add 350 queue 21 tcp from any to
192.168.1.0/24 src-port ssh in recv xl1
${fwcmd} add 350 queue 22 tcp from any to
192.168.1.0/24 src-port smtp in recv xl1
${fwcmd} add 350 queue 22 tcp from any to
192.168.1.0/24 src-port pop3 in recv xl1
${fwcmd} add 350 queue 23 ip from any to
192.168.1.0/24 in recv xl1
Hope this helps.
regards
Claus
Har du problemer med din hjemmecomputer? Få hjælp med Yahoo!s PC-support på http://dk.shopping.yahoo.com/pcsupport/index.html
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030214081544.33667.qmail>