Fwd: How to limit the nat's stream speed?

he ccjj heccjj1 at gmail.com
Wed Aug 17 04:02:36 GMT 2005

Good,I use your method to solute the problem,i do like this:
add dummynet_enabe="YES" to /boot/loader.conf
add these lines to /etc/rc.firewall:
       ${fwcmd} add pipe 1 ip from ${inet} to any out limit src-addr 400
       ${fwcmd} add pipe 2 ip from any to ${inet} in  limit src-addr 400
       ${fwcmd} pipe 1 config delay 2ms bw 10Mbit/s
       ${fwcmd} pipe 2 config delay 2ms bw 10Mbit/s
But the speed was limited to about 350KB/s when i download enven in LAN!
I changed scr-add and delay and bw,it's like that have no effect
except deleting delay 2ms(about 800KB/s without delay). The users of
LAN will hate me from now! :<

2005/8/10, Adi Pircalabu <apircalabu at bitdefender.com>:
> On Wed, 10 Aug 2005 13:31:28 +0800
> he ccjj <heccjj1 at gmail.com> wrote:
> > I use freebsd5.4+ipfw+natd to setup a box for sharing internet,it's
> > work fine.But i have a very serious problem:
> > Some computer of my inner user was attacked by virus,they make very
> > big volume of stream to internet,so the natd will occupy almost all
> > the cpu,the others can't visit internet at all !! Is there a solution
> > to limit the natd's cpu occupancy or limit every user's stream speed?
> You may take a look at ipfw(8) manpage and search for dummynet
> configuration.
> For example, if you know the offending IP, you can try something like
> this:
> kldload dummynet
> ipfw pipe ${pipe-num} config bw ${max-bw}
> ipfw add ${rule-num} pipe ${pipe-num} ip from ${offending-IP} to any
> It's a very simple example, take it as a starting point.
> Bye
> --
> Adi Pircalabu (PGP Key ID 0x04329F5E)
> --
> This message was scanned for spam and viruses by BitDefender.
> For more information please visit http://www.bitdefender.com/

More information about the freebsd-questions mailing list