Bridging and transparent web-cache
James Davis
jamesd at jml.net
Fri Sep 24 07:49:36 PDT 2004
On Fri, 24 Sep 2004, Steve Bertrand wrote:
> Please submit the pertinent rules in your firewall script, before and
> including the fwd rules, and include some details in your actual
> setup.
Before (note that I've recompiled the kernel so that ipfw defaults to
accept and I've cut out some irrelevant lines)
James.
--
# Clear out any old rules
ipfw -q flush
# Define some bits here to make life easy
# Define the external interface (in this case rl0 if the big D-Link card)
EXTIF=rl0
INTIF=dc0
# Define the size of the pipe. It's a bit less than the total capacity
# to allow for queues
PIPESIZE=60kb/s
# Set the size of the pipe
ipfw pipe 1 config bw $PIPESIZE
# Now define the class of data within the pipe. We'll have:-
ipfw queue 1 config pipe 1 weight 3
ipfw queue 2 config pipe 1 weight 2
ipfw queue 3 config pipe 1 weight 1
# Now lets define types of traffic and assign the class to each
# Web users
ipfw add 200 queue 2 tcp from any to any dst-port 80 in via $INTIF
ipfw add 210 queue 2 tcp from any to any src-port 80 in via $EXTIF
--
Now after...
--
# Clear out any old rules
ipfw -q flush
# Define some bits here to make life easy
# Define the external interface (in this case rl0 if the big D-Link card)
EXTIF=rl0
INTIF=dc0
IP=192.168.0.76
# Define the size of the pipe. It's a bit less than the total capacity
# to allow for queues
PIPESIZE=60kb/s
# Set the size of the pipe
ipfw pipe 1 config bw $PIPESIZE
# Now define the class of data within the pipe. We'll have:-
ipfw queue 1 config pipe 1 weight 3
ipfw queue 2 config pipe 1 weight 2
ipfw queue 3 config pipe 1 weight 1
# Web users
ipfw add 150 queue 1 tcp from $IP any to any dst-port 80 out via $EXTIF
ipfw add 160 fwd 127.0.0.1 tcp from any to any dst-port 80
--
"You're turning into a penguin. Stop it"
http://jamesd.ukgeeks.co.uk/
More information about the freebsd-ipfw
mailing list