ipnat and ipfw dummynet
Nelis Lamprecht
nelis at 8ball.co.za
Fri Jun 4 05:39:55 PDT 2004
Hi,
I'm interested to hear how people utilise dummynet in a NAT environment.
How does one create a pipe for a NAT network without effecting the
actual LAN speed ? For example, on the gateway:
$fwcmd add pipe 1 ip from 192.168.1.0/24 to any out
$fwcmd add pipe 2 ip from any to 192.168.1.0/24 in
$fwcmd pipe 1 config bw 128Kbit/s
$fwcmd pipe 2 config bw 128Kbit/s
The above example would be fine if 192.168.1.0/24 were only talking to
the internet but unfortunately it also effects the machines from talking
to each other internally. The only interface you can specify is the
internal interface(bge1) because this is the only time that ipfw will
see the addresses before they are passed to NAT(ipnat) and will not be
seen on the external interface(bge0). So basically the above example
should be written as:
$fwcmd add pipe 1 ip from 192.168.1.0/24 to any out via bge1
$fwcmd add pipe 2 ip from any to 192.168.1.0/24 in via bge1
This however will also give 192.168.1.0/24 an internal LAN speed of
128Kbit/s which is to say quite humorous ;-)
What is the solution to this ? ..I'm obviously missing something. The
internal interface is not firewalled.
Many thanks,
--
Nelis Lamprecht
PGP: http://www.8ball.co.za/pgpkey/nelis.asc
"Unix IS user friendly.. It's just selective about who its friends are."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040604/2fdb1d67/attachment.bin
More information about the freebsd-questions
mailing list