Date: Wed, 10 Aug 2005 09:34:28 +0300 From: Adi Pircalabu <apircalabu@bitdefender.com> To: he ccjj <heccjj1@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: How to limit the nat's stream speed? Message-ID: <20050810093428.62d11299@apircalabu.dsd.ro> In-Reply-To: <6f9d8a505080922315e2bc928@mail.gmail.com> References: <6f9d8a505080922315e2bc928@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 10 Aug 2005 13:31:28 +0800
he ccjj <heccjj1@gmail.com> wrote:
> I use freebsd5.4+ipfw+natd to setup a box for sharing internet,it's
> work fine.But i have a very serious problem:
> Some computer of my inner user was attacked by virus,they make very
> big volume of stream to internet,so the natd will occupy almost all
> the cpu,the others can't visit internet at all !! Is there a solution
> to limit the natd's cpu occupancy or limit every user's stream speed?
You may take a look at ipfw(8) manpage and search for dummynet
configuration.
For example, if you know the offending IP, you can try something like
this:
kldload dummynet
ipfw pipe ${pipe-num} config bw ${max-bw}
ipfw add ${rule-num} pipe ${pipe-num} ip from ${offending-IP} to any
It's a very simple example, take it as a starting point.
Bye
--
Adi Pircalabu (PGP Key ID 0x04329F5E)
--
This message was scanned for spam and viruses by BitDefender.
For more information please visit http://www.bitdefender.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050810093428.62d11299>