Date: Sat, 10 Oct 1998 13:45:10 +0930 From: Leigh Hart <hart@dotat.com> To: spork <spork@super-g.com> Cc: freebsd-net@FreeBSD.ORG Subject: Re: IPFW, IPfilter, dummynet, et friends Message-ID: <199810100415.NAA27389@at.dotat.com> In-Reply-To: Your message of "Fri, 09 Oct 1998 23:03:46 -0400." <Pine.BSF.4.00.9810092137480.3701-100000@super-g.inch.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Charles, spork <spork@super-g.com> wrote: > > Once the techs at Bell Atlantic get the frame switch ready, I'll have a > 56K frame connection to my home again. I've been using the user ppp > package, which is *incredible* and gives me a nice boost over the windows > ppp monstrosity, I mean, *measurable*. I use the packet aliasing feature > to hide all my toys from prying eyes, and it's been working great. > > Since this is my home net, I really want to play around with some things, > including ipfilter and dummynet. I also would like to keep my dialup > connection nailed up as well (good througput, bad latency) and I'm > wondering if any combination of ipfw and natd would let me steer traffic > such as ftp transfers to the modem while keeping my high priority traffic > (ssh, telnet) flowing through the frame connection. > > Ideas? The box I'm using has two ethernet cards and the modem is attached > to it as well. The frame connection comes in via a small ascend router. > > I'm also interested in ipfilter, but i understand it's difficult to > integrate with ppp... I know this doesn't answer your question directly, but on a cisco you'd do this with policy based routing and NAT. Not sure how it would work on FreeBSD, there's no equivalent to policy based routing as far as I know... here's an example cisco config (rough draft, not a working config by any means): ! ip nat inside source list allowed_hosts interface serial0 overload ip nat inside source list allowed_hosts interface serial1 overload ! int Ethernet0 description local lan segment ip address 172.16.1.1 255.255.255.0 ip nat inside ! int Serial0 description frame relay link to the 'net ip address 192.168.1.1 255.255.255.252 ip nat outside ! int Serial1 description modem link to the 'net ip address 10.1.1.1 255.255.255.252 ip nat outside ! ip route 0.0.0.0 0.0.0.0 10.1.1.2 ! default via the modem ! route-map POLICY permit 10 ! policy via the frame relay match ip address telnet_and_ssh set ip next-hop 192.168.1.2 ! alternatively, set interface s0 ! ! might work, not sure which is better. ! ip access-list extended allowed_hosts permit 172.16.1.0 0.0.0.255 ! ip access-list extended telnet_and_ssh permit tcp any any range 22 23 ! Cheers Leigh -- | "By the time they had diminished | Leigh Hart, <hart@dotat.com> | | from 50 to 8, the other dwarves | Dotat Communications Pty Ltd | | began to suspect 'Hungry' ..." | GPO Box 487 Adelaide SA 5001 | | -- Gary Larson, "The Far Side" | http://www.dotat.com/hart/ | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199810100415.NAA27389>