Focus on BSD
limiting (prioritizing) traffic with ipfw2 Dec 20 2002 03:32AM
Miha Verlic (miha krneki org) (2 replies)
RE: limiting (prioritizing) traffic with ipfw2 Dec 21 2002 01:10AM
Roger Seielstad (roger wiredeuclid COM) (1 replies)
RE: limiting (prioritizing) traffic with ipfw2 Dec 22 2002 12:11AM
Miha Verlic (miha krneki org)

>Not sure you're doing it correctly. Here's a config that works to limit
>traffic through the box, doing pretty much what you're doing. For
>purposes of this, subnet/24 is the internal network, and publicIP is the
>external interface of the fiewall
>
>${fwcmd} add pipe 11 ip from subnet/24 to any
>${fwcmd} add pipe 11 ip from publicip/32 to any
>${fwcmd} add pipe 12 ip from any to subnet/24
>${fwcmd} add pipe 12 ip from any to publicip/32
>${fwcmd} pipe 11 config bw 1536kbits/s de0
>${fwcmd} pipe 12 config bw 1536kbits/s de0
>
>This effectively creates an T1 speed connect maximum through the box,
>based on the external interface (DC0).
>
>Probably a good idea to add this too:
># Remaining
>${fwcmd} add pipe 16 ip from any to any
>${fwcmd} pipe 16 config bw 128kbits/s de0
>
>To force all unclassified traffic into another pipe, and rate limit it
>so you have to figure out what's wrong.

wrong!
this forces *all* traffic into another pipe, thus limiting *everything* to 128kbit/s

--Miha

---------------------------------------------------------------------
To unsubscribe, e-mail: focus-bsd-unsubscribe (at) securityfocus (dot) com [email concealed]
For additional commands, e-mail: focus-bsd-help (at) securityfocus (dot) com [email concealed]

[ reply ]
Re: limiting (prioritizing) traffic with ipfw2 Dec 20 2002 07:42PM
Damian Gerow (damian sentex net) (1 replies)
Re: limiting (prioritizing) traffic with ipfw2 Dec 20 2002 10:49PM
Peter van Dijk (peter dataloss nl) (1 replies)
Re: limiting (prioritizing) traffic with ipfw2 Dec 22 2002 12:19AM
Miha Verlic (miha krneki org)


 

Privacy Statement
Copyright 2010, SecurityFocus