From owner-freebsd-ipfw@FreeBSD.ORG Tue Nov 10 13:10:17 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A2A98106568D for ; Tue, 10 Nov 2009 13:10:17 +0000 (UTC) (envelope-from it@hastigasht.com) Received: from gateway15.websitewelcome.com (gateway15.websitewelcome.com [69.93.82.23]) by mx1.freebsd.org (Postfix) with SMTP id 6360D8FC21 for ; Tue, 10 Nov 2009 13:10:16 +0000 (UTC) Received: (qmail 11368 invoked from network); 10 Nov 2009 12:57:18 -0000 Received: from integra.websitewelcome.com (67.18.3.194) by gateway15.websitewelcome.com with SMTP; 10 Nov 2009 12:57:18 -0000 Received: from [212.80.13.1] (port=2902 helo=nima) by integra.websitewelcome.com with esmtpa (Exim 4.69) (envelope-from ) id 1N7q4M-0006D9-Nu for freebsd-ipfw@freebsd.org; Tue, 10 Nov 2009 06:43:36 -0600 From: "Nima Mohammadi" To: Date: Tue, 10 Nov 2009 16:10:58 +0330 MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcpiAvAApWC/GGCJQyiEJp66dkQHoQ== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - integra.websitewelcome.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - hastigasht.com Message-Id: <20091110131017.A2A98106568D@hub.freebsd.org> X-Mailman-Approved-At: Tue, 10 Nov 2009 14:27:49 +0000 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: HELP ME X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Nov 2009 13:10:17 -0000 Hi i have a freebsd 7.1 with ipfw and dummynet and natd and all the things is good. but the i can not limite the upload to the internet with dummynet. the download limit works fine . when change the pipe2 (to me in ) to ( to any in) the internet connection of my client will be down vr0 : internal net : 192.168.10.0/24 nfe0: out net : 212.80.13.1 ,2 ,3 the upload is very high . HELP ME here is my ipfw config : pfw -q -f flush #Dedicate internet user and non internet user ############################################################################ # #charter 55 for ali shirali movaghat share with andishgar iuser="192.168.10.0/24{1,3,25, 27,31,42,48,50,53,54,55,63,69,81,84,88,92,98,100,105,118,128,131,134,135,137 ,140,155,165,171}" noiuser="192.168.10.0/24{44, 46}" ############################################################################ ## ##########################dummynet########################################## # #recive ipfw -q add pipe 1 ip from any to ${iuser} out via vr0 ipfw pipe 1 config bw 9KByte/s # queue 11 delay 100ms #send ipfw -q add pipe 2 ip from ${iuser} to me in via vr0 ipfw pipe 2 config bw 7KByte/s # queue 11 delay 100ms ############################################################################ # ##################################NAT####################################### ## ipfw -q add divert natd all from any to any via nfe0 ipfw -q add check-state ############################################################################ #block any to loopback ipfw -q add allow ip from any to any via lo0 ipfw -q add deny ip from any to 127.0.0.0/8 #########################END internet users################################## #web & ssl & yahoo messenger ###################WEB Accsess############################## ipfw -q add allow tcp from ${iuser} to any 80,443,5050 keep-state #allow all http to internal ipfw -q add allow tcp from any to any 80 in via nfe0 keep-state #charter 10 access on ghd24.net #ipfw -q add allow tcp from 192.168.10.64 to 66.49.211.210,94.182.197.230 80 keep-state ######################END Web Access######################### #aseman ipfw -q add allow tcp from any to any 7769 keep-state #amadeus ipfw -q add allow tcp from any to any 9876,10000 keep-state #air tour ipfw -q add allow tcp from any to any 1770 keep-state #ftp ipfw -q add allow ip from any to any 21 keep-state #ipfw -q add allow ip from any to any 1024-65535 keep-state ipfw -q add allow tcp from 192.168.10.69,192.168.10.1,192.168.10.9 to any 1024-65535 keep-state ipfw -q add allow tcp from any 1024-65535 to 192.168.10.1 keep-state #ipfw -q add check-state #DNS ipfw -q add allow ip from any to any 53 keep-state ipfw -q add allow ip from any 53 to any keep-state #remote ipfw -q add allow ip from any to any 35252,12114,3389 keep-state #mysql remote #ipfw -q add allow ip from any to any 3306,1433 keep-state #share #ipfw -q add allow tcp from any to me 139 #ipfw -q add allow tcp from any 139 to any #ping ipfw -q add allow icmp from any to any #cpanel #ipfw -q add allow ip from any to any 2082,2083,2095 keep-state #ssh ipfw -q add allow tcp from any to me 5432 keep-state ipfw -q add allow tcp from any 5432 to any keep-state #Out look pop3 ######################POP3 Access##################### ipfw -q add allow tcp from ${iuser},${noiuser} to any 25 keep-state ipfw -q add allow tcp from ${iuser},${noiuser} to any 110 keep-state ######################END POP3 Access################# #gmail #ipfw -q add allow tcp from any to any 995,465 keep-state #Ghost Surf ipfw -q add allow tcp from any to any 8888 keep-state #VPN TO EXTRENAL ipfw -q add allow gre from any to any keep-state ipfw -q add allow tcp from any to any 1723 keep-state #allow all to external ipfw -q add allow ip from any to any out via nfe0 #deny all in from external ipfw -q add deny all from any to any in via nfe0