firewalling and ALTQ
Max Laier
max at love2party.net
Tue Jun 19 12:00:15 UTC 2007
On Tuesday 19 June 2007, Rob Shepherd wrote:
> I've just installed FreeBSD with a view to making a traffic shaping, or
> essentially transfer capacity limiting device.
>
> This must sit on bridged interfaces between org and edge outers.
It can be difficult to wrap one's head around traffic shaping on bridges
because of the ambiguous of IN/OUT on a bridge. Be sure to filter on the
member interfaces instead and apply queueing there.
> I'm having some difficulty working out which bits I need, which packet
> filter to use and how to get started.
>
> The appears to be 3 packet filters
>
> pf,ipf,ipfw
>
> is this right? ALTQ works with each?
ALTQ works with pf and can be used from ipfw, too. You will need pf
support regardless. ipf does not support the ALTQ version available in
FreeBSD at this time (afaik). IPFW has dummynet, which can do traffic
shaping, too.
> additionaly, I don't seem to have any /dev/ entries
kldload pf / ipf / ipfw ... or use the rc.d scripts. e.g. "etc/rc.d/pf
forcestart" later automate the process by flipping the right switches in
rc.conf(5). You can also build the firewalls into your kernel, see the
handbook for details. Note, that ALTQ can *not* be loaded as a module
and requires a custom kernel instead.
> There are many tutorials, but It's impossible to know what is the
> current supported filter package, what works best with bridging and
> ALTQ and how to test them when there's bit's missing.
Feel free to write down your lessons learned and publish them ;)
--
/"\ Best regards, | mlaier at freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier at EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20070619/31265f9a/attachment.pgp
More information about the freebsd-pf
mailing list