How to limit the nat's stream speed?

[Adi Pircalabu]

On Wed, 10 Aug 2005 13:31:28 +0800
he ccjj <heccjj1 at gmail.com> wrote:

> I use freebsd5.4+ipfw+natd to setup a box for sharing internet,it's
> work fine.But i have a very serious problem:
> Some computer of my inner user was attacked by virus,they make very
> big volume of stream to internet,so the natd will occupy almost all
> the cpu,the others can't visit internet at all !! Is there a solution
> to limit the natd's cpu occupancy or limit every user's stream speed?

You may take a look at ipfw(8) manpage and search for dummynet
configuration.
For example, if you know the offending IP, you can try something like
this:

kldload dummynet
ipfw pipe ${pipe-num} config bw ${max-bw}
ipfw add ${rule-num} pipe ${pipe-num} ip from ${offending-IP} to any

It's a very simple example, take it as a starting point.
Bye

-- 
Adi Pircalabu (PGP Key ID 0x04329F5E)


-- 
This message was scanned for spam and viruses by BitDefender.
For more information please visit http://www.bitdefender.com/