Date: Tue, 19 Jun 2007 14:01:45 +0200 From: Max Laier <max@love2party.net> To: freebsd-pf@freebsd.org Subject: Re: firewalling and ALTQ Message-ID: <200706191401.56528.max@love2party.net> In-Reply-To: <4677BF4A.8000601@techniumcast.com> References: <4677BF4A.8000601@techniumcast.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart1206709.vNetvt28k8 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 19 June 2007, Rob Shepherd wrote: > I've just installed FreeBSD with a view to making a traffic shaping, or > essentially transfer capacity limiting device. > > This must sit on bridged interfaces between org and edge outers. It can be difficult to wrap one's head around traffic shaping on bridges=20 because of the ambiguous of IN/OUT on a bridge. Be sure to filter on the=20 member interfaces instead and apply queueing there. > I'm having some difficulty working out which bits I need, which packet > filter to use and how to get started. > > The appears to be 3 packet filters > > pf,ipf,ipfw > > is this right? ALTQ works with each? ALTQ works with pf and can be used from ipfw, too. You will need pf=20 support regardless. ipf does not support the ALTQ version available in=20 =46reeBSD at this time (afaik). IPFW has dummynet, which can do traffic=20 shaping, too. > additionaly, I don't seem to have any /dev/ entries kldload pf / ipf / ipfw ... or use the rc.d scripts. e.g. "etc/rc.d/pf=20 forcestart" later automate the process by flipping the right switches in=20 rc.conf(5). You can also build the firewalls into your kernel, see the=20 handbook for details. Note, that ALTQ can *not* be loaded as a module=20 and requires a custom kernel instead. > There are many tutorials, but It's impossible to know what is the > current supported filter package, what works best with bridging and > ALTQ and how to test them when there's bit's missing. =46eel free to write down your lessons learned and publish them ;) =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1206709.vNetvt28k8 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.3 (FreeBSD) iD8DBQBGd8W0XyyEoT62BG0RAhpWAJwMsOGicyNcT5o2exOOppOdi3bOugCdH5N4 g2PmDnpTzlX9RG3GQbQj/kE= =rPJM -----END PGP SIGNATURE----- --nextPart1206709.vNetvt28k8--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200706191401.56528.max>