Bandwidth filter with ipfw don't work
Edgardo Nuevo
darknighter at gmail.com
Tue Sep 25 01:35:16 PDT 2007
Hi
I have Freebsd 6,2 with 2 cards of network, vr1 (10.0.1.10 with access
to Internet), vr0 (192.168.1.1 internal network), I have configured
ipfw + dummynet, when I configure a PC with 192.168.1.x does not work,
but I put an IP type 10.0.1.x its works, what's error?
############### firewall.rules ###############
-f flush
add 0012 skipto 20 all from any to any not layer2 in via vr0
# Define MAC's users
add 0013 skipto 20 all from any to any { MAC 00:1b:24:3b:4f:xx any or
MAC any 00:1b:24:3b:4f:xx } layer2
add 0014 skipto 20 all from any to any { MAC 00:1b:24:25:yy:69 any or
MAC any 00:1b:24:25:yy:69 } layer2
#Deny MACs not defined
add 0019 deny log logamount 100 ip from any to any MAC any any layer2 via vr0
# Enable NAT
add 0020 divert natd all from any to any via vr1
# Define pipe per MAC's
add pipe 1 ip from any to any MAC 00:1b:24:3b:4f:xx any in via vr0
add pipe 2 ip from any to any MAC any 00:1b:24:3b:4f:xx in via vr0
add pipe 3 ip from any to any MAC 00:1b:24:25:yy:69 any
add pipe 4 ip from any to any MAC any 00:1b:24:25:yy:69
# Define bandwith per pipe
pipe 1 config bw 50Kbit/s
pipe 2 config bw 50Kbit/s
pipe 3 config bw 6Kbit/s
pipe 4 config bw 6Kbit/s
add 0500 allow all from any to any
#######################################################
############### sysctl.conf ###############
net.link.ether.bridge.enable=1
net.link.ether.bridge_cfg=vr1:1,vr0:2
net.link.ether.bridge_ipfw=1
net.ip.dummynet.debug=1
net.inet.ip.fw.enable=1
net.link.ether.ipfw=1
#######################################################
Thanks
Dark Night Rider
More information about the freebsd-questions
mailing list