Bandwith limitations, NAT and transparent proxy

[Alexandre Fedotov]

Здравствуйте, freebsd-questions.

You need to add queue's and forward all you inside subnets to those
queues

smthing like this
${fwcmd} pipe 1 config bw 128Kbit/s queue 20Kbytes
${fwcmd} queue 1 config pipe 1 weight 50 queue 20 mask dst-ip 0xffffffff
${fwcmd} queue 2  config pipe 1 weight 50 queue 20 mask src-ip 0xfffffff
${fwcmd} add 40000 queue 1 ip from any to 192.168.1.128/25 via em0
${fwcmd} add 40001 queue 2 ip from 192.168.1.128/25 to any via em0
> Hi !
> 
> I have FreeBSD 4.8 installed.
> There is IPFIREWALL, IPFIREWALL_FORWARD, IPDIVERT and DUMMYNET in my 
> kernel configration.
> On my FBSD gateway to the Internet I would like to use NAT (of course 
> :-))) ), transparent proxy and limit the outgoing traffic.
> xl0 (62.169.170.166/30) is the public interface, xl1 (192.168.1.1/24) is 
> the private one.
> 
> If my firewall rules look like:
> ipfw pipe 1 config bw 256Kbit/s queue 40Kbytes
> ipfw add 47 pipe 1 ip from any to any out via xl0
> ipfw add 48 allow ip from 192.168.1.1 to any
> ipfw add 49 fwd 192.168.1.1,3128 tcp from 192.168.1.0/24 to any 80
> ipfw add 50 divert 8668 ip from any to any via xl0
> ... (the rest of OPEN firewall rules)
> nothing except http (because of transparent proxy, I think) goes through 
> the gateway from the local net.
> 
> If my firewall rules look like:
> ipfw pipe 1 config bw 256Kbit/s queue 40Kbytes
> ipfw add 47 pipe 1 ip from 62.169.170.166 to any out via xl0
> ipfw add 48 allow ip from 192.168.1.1 to any
> ipfw add 49 fwd 192.168.1.1,3128 tcp from 192.168.1.0/24 to any 80
> ipfw add 50 divert 8668 ip from any to any via xl0
> ... (the rest of OPEN firewall rules)
> everything works fine except except the bandwith limitation.
> 
> Do you have any ideas, how to get these three things (bandwith 
> limitation, nat, transparent proxy) work together ?
> 
> Thanks a lot in advance.
> 
> GIGI


--
С уважением,
Alexandre Fedotov
Management Training Center
www.mtcenter.ru
mailto:alex at mtcenter.ru