ipfw - accessing DMZ from LAN , pipes
Marek Salwerowicz
marek_sal at wp.pl
Mon Nov 28 23:03:36 UTC 2011
Hello after a longer break ;)
W dniu 2011-10-01 22:02, Freddie Cash pisze:
>
>
> However, you could setup split-DNS or views and just configure everything to
> connect using hostnames. It's extra work to setup, but does make things
> easier down-the-road.
I've set up the DNS with views and since one month everything has been
working perfectly (I set up the firewall at small net5501 soekris box) -
thanks a lot for your help !
I am confused about one thing - I wanted to set up pipes for my DMZ
hosts (not to allow my hosts to consume all the bandwidth).
When I set up the pipes at the beginning of my firewall (before
configuring the NAT) - the whole traffic is blocked.
When I set up the pipes ad the end of firewall - they don't work (even
'ipfw show' shows no packets coming through 'pipe' rules).
Where should be the pipe rules placed?
Does it matter if I do first 'ipfw add pipe 1...' and then 'ipfw pipe 1
config...' ?
Regards,
--
Marek Salwerowicz
More information about the freebsd-net
mailing list