Date: Fri, 24 Sep 2004 15:49:34 +0100 (BST) From: James Davis <jamesd@jml.net> To: Steve Bertrand <iaccounts@ibctech.ca> Cc: freebsd-ipfw@freebsd.org Subject: Re: Bridging and transparent web-cache Message-ID: <Pine.LNX.4.44.0409241541050.32166-100000@courgette.jml.net> In-Reply-To: <3924.209.167.16.15.1096036044.squirrel@209.167.16.15>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 24 Sep 2004, Steve Bertrand wrote: > Please submit the pertinent rules in your firewall script, before and > including the fwd rules, and include some details in your actual > setup. Before (note that I've recompiled the kernel so that ipfw defaults to accept and I've cut out some irrelevant lines) James. -- # Clear out any old rules ipfw -q flush # Define some bits here to make life easy # Define the external interface (in this case rl0 if the big D-Link card) EXTIF=rl0 INTIF=dc0 # Define the size of the pipe. It's a bit less than the total capacity # to allow for queues PIPESIZE=60kb/s # Set the size of the pipe ipfw pipe 1 config bw $PIPESIZE # Now define the class of data within the pipe. We'll have:- ipfw queue 1 config pipe 1 weight 3 ipfw queue 2 config pipe 1 weight 2 ipfw queue 3 config pipe 1 weight 1 # Now lets define types of traffic and assign the class to each # Web users ipfw add 200 queue 2 tcp from any to any dst-port 80 in via $INTIF ipfw add 210 queue 2 tcp from any to any src-port 80 in via $EXTIF -- Now after... -- # Clear out any old rules ipfw -q flush # Define some bits here to make life easy # Define the external interface (in this case rl0 if the big D-Link card) EXTIF=rl0 INTIF=dc0 IP=192.168.0.76 # Define the size of the pipe. It's a bit less than the total capacity # to allow for queues PIPESIZE=60kb/s # Set the size of the pipe ipfw pipe 1 config bw $PIPESIZE # Now define the class of data within the pipe. We'll have:- ipfw queue 1 config pipe 1 weight 3 ipfw queue 2 config pipe 1 weight 2 ipfw queue 3 config pipe 1 weight 1 # Web users ipfw add 150 queue 1 tcp from $IP any to any dst-port 80 out via $EXTIF ipfw add 160 fwd 127.0.0.1 tcp from any to any dst-port 80 -- "You're turning into a penguin. Stop it" http://jamesd.ukgeeks.co.uk/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.44.0409241541050.32166-100000>