ipnat and ipfw dummynet
Nelis Lamprecht
nelis at 8ball.co.za
Fri Jun 4 05:57:32 PDT 2004
Sorry, I failed to point out my current network configuration.
I have 2 internal networks which use NAT, one class C ( 192.96.48.0/24 )
and one rfc1918 ( 192.168.1.0/24 ).
The internal interface(bge1) is configured with the class c network and
I have added a route to bge1 for 192.168.1.0/24. All traffic on the
192.96.48.0/24 network internally is routed via the gateway to get to
the 192.168.1.0 network.
Hope that makes sense.
Nelis
On Fri, 2004-06-04 at 14:43, Nelis Lamprecht wrote:
> Hi,
>
> I'm interested to hear how people utilise dummynet in a NAT environment.
> How does one create a pipe for a NAT network without effecting the
> actual LAN speed ? For example, on the gateway:
>
> $fwcmd add pipe 1 ip from 192.168.1.0/24 to any out
> $fwcmd add pipe 2 ip from any to 192.168.1.0/24 in
> $fwcmd pipe 1 config bw 128Kbit/s
> $fwcmd pipe 2 config bw 128Kbit/s
>
> The above example would be fine if 192.168.1.0/24 were only talking to
> the internet but unfortunately it also effects the machines from talking
> to each other internally. The only interface you can specify is the
> internal interface(bge1) because this is the only time that ipfw will
> see the addresses before they are passed to NAT(ipnat) and will not be
> seen on the external interface(bge0). So basically the above example
> should be written as:
>
> $fwcmd add pipe 1 ip from 192.168.1.0/24 to any out via bge1
> $fwcmd add pipe 2 ip from any to 192.168.1.0/24 in via bge1
>
> This however will also give 192.168.1.0/24 an internal LAN speed of
> 128Kbit/s which is to say quite humorous ;-)
>
> What is the solution to this ? ..I'm obviously missing something. The
> internal interface is not firewalled.
>
>
> Many thanks,
--
Nelis Lamprecht
PGP: http://www.8ball.co.za/pgpkey/nelis.asc
"Unix IS user friendly.. It's just selective about who its friends are."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040604/11b4462a/attachment.bin
More information about the freebsd-questions
mailing list