limiting bandwith

Thomas S. Crum - AAA Web Solution, Inc. tscrum at aaawebsolution.com
Wed Apr 14 09:43:59 PDT 2004 

Using keep-state "is" the most efficient way to do it. The config that I
sent would still allow smtp and pop through, but limited as to the
weight of the queue.  Maybe I am misunderstanding what you are saying.

Are you saying that the mail is traversing unabated by the ruleset?

Best,
 
Thomas S. Crum
Senior Technical Associate
tscrum at aaawebsolution.com
Toll-free: (800) 834-0626
 
AAA Web Solution, Inc.
11924 W Forest Hill Boulevard
Building 22 - Mailstop 200
Wellington, FL 33414 USA
 
Providing full-service website design, maintenance, hosting, and
marketing.
No task is too small or enterprise too large for us to help you!
 
------------------------------------------------------------------------
----

-----Original Message-----
From: owner-freebsd-ipfw at freebsd.org
[mailto:owner-freebsd-ipfw at freebsd.org] On Behalf Of Ludo Koren
Sent: Wednesday, April 14, 2004 11:13 AM
To: rizzo at icir.org
Cc: ipfw at freebsd.org; tscrum at aaawebsolution.com
Subject: Re: limiting bandwith


    >> I wrote `interactive' (ticks), and I meant addresses that are
    >> used to connect to ssh, web, etc (interactive processes). All
    >> these addresses are NAT-ed. For these, your setup is working
    >> fine. Thank you very much.
    >> 
    >> The problem, I still have, is the following: the SMTP is
    >> flowing through, I am not relaying e-mail on this host. It
    >> seems to me, I cannot put together a rule which pass the
    >> traffic and add it to the queue except when I use keep-state
    >> flag. In this setup (keep-state), Luigi wrote it does not work.

     > i said your configuration does not work the way you want.  It
     > is possible to write a proper configuration that does what you
     > want but it is left as an exercise to the reader.

That I had understand. The problem is, the exercise I don't know to
do, even I tried hard several days... call me stupid...

The setup is: pass 2 mail servers without NAT and add the traffic from
the LAN to WAN to the queue and limit it (or weigth it). 

If I add:

ipfw add queue 3 tcp from A to B 25 
ipfw queue 3 config weight 1 pipe 10 mask src-ip 0x000000ff
ipfw pipe 10 config bw 256Kbit/s

and remove all rules with keep-state, it stops working.


     > 	cheers luigi

Regards,

lk
_______________________________________________
freebsd-ipfw at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"

More information about the freebsd-ipfw mailing list