ipnat and ipfw dummynet

Nelis Lamprecht nelis at 8ball.co.za
Fri Jun 4 05:57:32 PDT 2004


Sorry, I failed to point out my current network configuration.

I have 2 internal networks which use NAT, one class C ( 192.96.48.0/24 )
and one rfc1918 ( 192.168.1.0/24 ).

The internal interface(bge1) is configured with the class c network and
I have added a route to bge1 for 192.168.1.0/24. All traffic on the
192.96.48.0/24 network internally is routed via the gateway to get to
the 192.168.1.0 network.

Hope that makes sense.

Nelis

On Fri, 2004-06-04 at 14:43, Nelis Lamprecht wrote:
> Hi,
> 
> I'm interested to hear how people utilise dummynet in a NAT environment.
> How does one create a pipe for a NAT network without effecting the
> actual LAN speed ? For example, on the gateway:
> 
> $fwcmd add pipe 1 ip from 192.168.1.0/24 to any out
> $fwcmd add pipe 2 ip from any to 192.168.1.0/24 in
> $fwcmd pipe 1 config bw 128Kbit/s
> $fwcmd pipe 2 config bw 128Kbit/s
> 
> The above example would be fine if 192.168.1.0/24 were only talking to
> the internet but unfortunately it also effects the machines from talking
> to each other internally. The only interface you can specify is the
> internal interface(bge1) because this is the only time that ipfw will
> see the addresses before they are passed to NAT(ipnat) and will not be
> seen on the external interface(bge0). So basically the above example
> should be written as:
> 
> $fwcmd add pipe 1 ip from 192.168.1.0/24 to any out via bge1
> $fwcmd add pipe 2 ip from any to 192.168.1.0/24 in via bge1
> 
> This however will also give 192.168.1.0/24 an internal LAN speed of
> 128Kbit/s which is to say quite humorous ;-)
> 
> What is the solution to this ? ..I'm obviously missing something. The
> internal interface is not firewalled.
> 
> 
> Many thanks,
-- 
Nelis Lamprecht
PGP: http://www.8ball.co.za/pgpkey/nelis.asc
"Unix IS user friendly.. It's just selective about who its friends are."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040604/11b4462a/attachment.bin


More information about the freebsd-questions mailing list