Bandwidth filter with ipfw don't work

Lowell Gilbert freebsd-questions-local at be-well.ilk.org
Wed Sep 26 08:05:47 PDT 2007 

"Edgardo Nuevo" <darknighter at gmail.com> writes:

> Hi
> I have Freebsd 6,2 with 2 cards of network, vr1 (10.0.1.10 with access
> to Internet), vr0 (192.168.1.1 internal network), I have configured
> ipfw + dummynet, when I configure a PC with 192.168.1.x does not work,
> but I put an IP type 10.0.1.x its works, what's error?

Can't tell from that.  Have you checked ipfw counters to see which
rules are dropping the packets (if any)?  Have you tried with no drop
rules at all?  Do you have a route for the 192.168.1.x subnet on the
router?  

> ############### firewall.rules ###############
> -f flush
> add 0012 skipto 20 all from any to any not layer2 in via vr0
> # Define MAC's users
> add 0013 skipto 20 all from any to any { MAC 00:1b:24:3b:4f:xx any or
> MAC any 00:1b:24:3b:4f:xx } layer2
> add 0014 skipto 20 all from any to any { MAC 00:1b:24:25:yy:69 any or
> MAC any 00:1b:24:25:yy:69 } layer2
>
> #Deny MACs not defined
> add 0019 deny log logamount 100 ip from any to any MAC any any layer2 via vr0
>
> # Enable NAT
> add 0020 divert natd all from any to any via vr1
>
> # Define pipe per MAC's
> add pipe 1 ip from any to any MAC 00:1b:24:3b:4f:xx any in via vr0
> add pipe 2 ip from any to any MAC any 00:1b:24:3b:4f:xx in via vr0
>
> add pipe 3 ip from any to any MAC 00:1b:24:25:yy:69 any
> add pipe 4 ip from any to any MAC any 00:1b:24:25:yy:69
>
> # Define bandwith per pipe
> pipe 1 config bw 50Kbit/s
> pipe 2 config bw 50Kbit/s
>
> pipe 3 config bw 6Kbit/s
> pipe 4 config bw 6Kbit/s
>
> add 0500 allow all from any to any
> #######################################################
>
> ############### sysctl.conf ###############
> net.link.ether.bridge.enable=1
> net.link.ether.bridge_cfg=vr1:1,vr0:2
> net.link.ether.bridge_ipfw=1
> net.ip.dummynet.debug=1
> net.inet.ip.fw.enable=1
> net.link.ether.ipfw=1
> #######################################################
>
> Thanks
>
> Dark Night Rider
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>

-- 
Lowell Gilbert, embedded/networking software engineer, Boston area
		http://be-well.ilk.org/~lowell/

More information about the freebsd-questions mailing list