Date: Tue, 17 Sep 2002 18:45:17 -0400 From: "Scott M. Nolde" <scott@smnolde.com> To: Kenneth W Cochran <kwc@TheWorld.com> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: Traffic Shaping? Message-ID: <20020917224517.GA56724@smnolde.com> In-Reply-To: <200209172132.RAA9570071@shell.TheWorld.com> References: <0be801c25db3$97880c40$3c00010a@area51> <200209172132.RAA9570071@shell.TheWorld.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Kenneth W Cochran(kwc@TheWorld.com)@2002.09.17 17:32:25 +0000: > >Date: Tue, 17 Sep 2002 10:34:37 -0400 > >From: "Scott M. Nolde" <scott@smnolde.com> > >To: Lasse Laursen <laursen@netgroup.dk> > >Cc: freebsd-stable@FreeBSD.ORG > >Subject: Re: Traffic Shaping? > > > >As much as I hate to toot my own horn, I'll do it. I've just published a > >script for doing WF2Q+ traffic shaping at http://bsdvault.net. This > >script may be overkill for what you need, but it could help you in other > >ways and serve as an example of how to do implement traffic shaping. > > > >It's worth a read and i'm open to comments. Please post comments at > >bsdvault's site. > > > >- Scott > > (Hopefully quick) questions... > > I notice that in both your script & the one on which it is based, > there is a "duplicated" set of ingress/egress filtering rules > on either side (i.e. before & after) the natd rule. > > Why do we need both? > Wouldn't the 1st set be sufficient? I.e. Do our filtering before NAT? > > I see the purpose of that 1st set (before the divert rule) but I'm not > grokking that section immediately after. > > Thanks, > > -kc To the best of my knowledge, the second set is important since you are blocking traffic from the LAN side whatever happens to originate from the LAN. Those IP address blocks are reserved by IANA and it is very bad practice to let that traffic to the internet. These blocks or prefixes are "special use" prefixes. You can read the text mentioned in the script here: http://www.apnic.net/stats/bgp/notes/draft-manning-dsua-03.txt - Scott To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020917224517.GA56724>