|
Focus on BSD
limiting (prioritizing) traffic with ipfw2 Dec 20 2002 03:32AM Miha Verlic (miha krneki org) (2 replies) RE: limiting (prioritizing) traffic with ipfw2 Dec 21 2002 01:10AM Roger Seielstad (roger wiredeuclid COM) (1 replies) Re: limiting (prioritizing) traffic with ipfw2 Dec 20 2002 07:42PM Damian Gerow (damian sentex net) (1 replies) Re: limiting (prioritizing) traffic with ipfw2 Dec 20 2002 10:49PM Peter van Dijk (peter dataloss nl) (1 replies) |
|
|
Privacy Statement |
>Not sure you're doing it correctly. Here's a config that works to limit
>traffic through the box, doing pretty much what you're doing. For
>purposes of this, subnet/24 is the internal network, and publicIP is the
>external interface of the fiewall
>
>${fwcmd} add pipe 11 ip from subnet/24 to any
>${fwcmd} add pipe 11 ip from publicip/32 to any
>${fwcmd} add pipe 12 ip from any to subnet/24
>${fwcmd} add pipe 12 ip from any to publicip/32
>${fwcmd} pipe 11 config bw 1536kbits/s de0
>${fwcmd} pipe 12 config bw 1536kbits/s de0
>
>This effectively creates an T1 speed connect maximum through the box,
>based on the external interface (DC0).
>
>Probably a good idea to add this too:
># Remaining
>${fwcmd} add pipe 16 ip from any to any
>${fwcmd} pipe 16 config bw 128kbits/s de0
>
>To force all unclassified traffic into another pipe, and rate limit it
>so you have to figure out what's wrong.
wrong!
this forces *all* traffic into another pipe, thus limiting *everything* to 128kbit/s
--Miha
---------------------------------------------------------------------
To unsubscribe, e-mail: focus-bsd-unsubscribe (at) securityfocus (dot) com [email concealed]
For additional commands, e-mail: focus-bsd-help (at) securityfocus (dot) com [email concealed]
[ reply ]