Date: Mon, 3 Jun 2002 07:28:39 -0700 (PDT) From: Walid Nehme <walidn@yahoo.com> To: freebsd questions <freebsd-questions@freebsd.org> Subject: problem with Bridge, dummynet, ipfw. Message-ID: <20020603142839.88471.qmail@web10003.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
Dear Sirs. I configured a bridge today, as follows. cp /usr/src/sys/i386/conf/GENERIC Firewall and added there the lines : options IPFIREWALL #firewall options IPFIREWALL_VERBOSE #enable logging to options IPFIREWALL_FORWARD #enable transparent options IPFIREWALL_VERBOSE_LIMIT=100 #limit options DUMMYNET options BRIDGE options HZ=10 options NMBCLUSTERS=8192 then config firewall, then cd ../../compile/firewall make depend, make , make installed. In file sysctl.conf add net.link.ether.bridge_cfg=rl0:0;rl1:0 net.link.ether.bridge=1 net.link.ether.bridge_ipfw=1 net.inet.ip.fw.one_pass=0 #i need this for traf shapping. net.inet.ip.fw.enable=1 and put in my firewall ruels the following. I enforce rate limiting on each host in my network individually? I want to enforce an upstream limit of 64Kbit/s and a downstream of 384Kbit/s for each host; in addition, I want to disallow all external hosts from initiating connexions with the hosts on my network so that no one can run any servers. pipe 10 config mask src-ip 0x000000ff bw 64kbit/s queue 8Kbytes pipe 20 config mask dst-ip 0x000000ff bw 384kbit/s queue 8Kbytes add 100 deny icmp from any to 12.18.123.0/24 in via xl0 icmptypes 8 add 110 check-state add 1000 pipe 10 all from 12.18.123.0/24 to any out via xl0 add 1100 pipe 20 all from any to 12.18.123.0/24 in via xl0 add 1200 allow tcp from 12.18.123.0/24 to any out via xl0 setup keep-state add 1200 allow udp from 12.18.123.0/24 to any out via xl0 keep-state add 1300 allow icmp from 12.18.123.0/24 to any out icmptypes 8 keep-state add 65535 deny all from any to any In the resault i get the following error message in a huge number on the console: --loop(0) macaddress to rl0 from rl1 (active) --loop(1) same macaddress to rl1 from rl0 (active) /kernel: --loop(0) macaddress to rl0 from rl1(active) /kernel: --loop(1) same macaddress to rl1 from rl0 (active) and the bridge didnt work. i couldnt ping anything or surf the internet. Then i tried with open firewall adding add 100 pass all from any to any . and i get the same resault. CAN ANY ONE HELP? ===== Regards. Walid Nehme ICQ:5855336 MSN:nastylid@hotmail.com "The only reason I'm burning my candle at both ends, is because I haven't figured out how to light the middle yet" __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020603142839.88471.qmail>