|

»

HELP ME

View: New views

3 Messages — Rating Filter: Alert me

	HELP ME by Nima Mohammadi :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi i have a freebsd 7.1 with ipfw and dummynet and natd and all the things is good. but the i can not limite the upload to the internet with dummynet. the download limit works fine . when change the pipe2 (to me in ) to ( to any in) the internet connection of my client will be down vr0 : internal net : 192.168.10.0/24 nfe0: out net : 212.80.13.1 ,2 ,3 the upload is very high . HELP ME here is my ipfw config : pfw -q -f flush #Dedicate internet user and non internet user ############################################################################ # #charter 55 for ali shirali movaghat share with andishgar iuser="192.168.10.0/24{1,3,25, <http://192.168.10.0/24%7B1,3,25,27,31,42,48,50,53,54,55,63,69,81,84,88,92,9 8,100,105,118,128,131,134,135,137,140,155,165,171%7D> 27,31,42,48,50,53,54,55,63,69,81,84,88,92,98,100,105,118,128,131,134,135,137 ,140,155,165,171}" noiuser="192.168.10.0/24{44, <http://192.168.10.0/24%7B44,46%7D> 46}" ############################################################################ ## ##########################dummynet########################################## # #recive ipfw -q add pipe 1 ip from any to ${iuser} out via vr0 ipfw pipe 1 config bw 9KByte/s # queue 11 delay 100ms #send ipfw -q add pipe 2 ip from ${iuser} to me in via vr0 ipfw pipe 2 config bw 7KByte/s # queue 11 delay 100ms ############################################################################ # ##################################NAT####################################### ## ipfw -q add divert natd all from any to any via nfe0 ipfw -q add check-state ############################################################################ #block any to loopback ipfw -q add allow ip from any to any via lo0 ipfw -q add deny ip from any to 127.0.0.0/8 #########################END internet users################################## #web & ssl & yahoo messenger ###################WEB Accsess############################## ipfw -q add allow tcp from ${iuser} to any 80,443,5050 keep-state #allow all http to internal ipfw -q add allow tcp from any to any 80 in via nfe0 keep-state #charter 10 access on ghd24.net #ipfw -q add allow tcp from 192.168.10.64 to 66.49.211.210,94.182.197.230 80 keep-state ######################END Web Access######################### #aseman ipfw -q add allow tcp from any to any 7769 keep-state #amadeus ipfw -q add allow tcp from any to any 9876,10000 keep-state #air tour ipfw -q add allow tcp from any to any 1770 keep-state #ftp ipfw -q add allow ip from any to any 21 keep-state #ipfw -q add allow ip from any to any 1024-65535 keep-state ipfw -q add allow tcp from 192.168.10.69,192.168.10.1,192.168.10.9 to any 1024-65535 keep-state ipfw -q add allow tcp from any 1024-65535 to 192.168.10.1 keep-state #ipfw -q add check-state #DNS ipfw -q add allow ip from any to any 53 keep-state ipfw -q add allow ip from any 53 to any keep-state #remote ipfw -q add allow ip from any to any 35252,12114,3389 keep-state #mysql remote #ipfw -q add allow ip from any to any 3306,1433 keep-state #share #ipfw -q add allow tcp from any to me 139 #ipfw -q add allow tcp from any 139 to any #ping ipfw -q add allow icmp from any to any #cpanel #ipfw -q add allow ip from any to any 2082,2083,2095 keep-state #ssh ipfw -q add allow tcp from any to me 5432 keep-state ipfw -q add allow tcp from any 5432 to any keep-state #Out look pop3 ######################POP3 Access##################### ipfw -q add allow tcp from ${iuser},${noiuser} to any 25 keep-state ipfw -q add allow tcp from ${iuser},${noiuser} to any 110 keep-state ######################END POP3 Access################# #gmail #ipfw -q add allow tcp from any to any 995,465 keep-state #Ghost Surf ipfw -q add allow tcp from any to any 8888 keep-state #VPN TO EXTRENAL ipfw -q add allow gre from any to any keep-state ipfw -q add allow tcp from any to any 1723 keep-state #allow all to external ipfw -q add allow ip from any to any out via nfe0 #deny all in from external ipfw -q add deny all from any to any in via nfe0 _______________________________________________ freebsd-ipfw@... mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@..."
	Re: HELP ME by Chris Bowman-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Tue, Nov 10, 2009 at 6:40 AM, Nima Mohammadi <it@...> wrote: > Hi > i have a freebsd 7.1 with ipfw and dummynet and natd and all the things is > good. > but the i can not limite the upload to the internet with dummynet. > the download limit works fine . > > > > when change the pipe2 (to me in ) to ( to any in) the internet connection > of > my client will be down > vr0 : internal net : 192.168.10.0/24 > nfe0: out net : 212.80.13.1 ,2 ,3 > > the upload is very high . > HELP ME > > here is my ipfw config : > pfw -q -f flush > > #Dedicate internet user and non internet user > > ############################################################################ > # > #charter 55 for ali shirali movaghat share with andishgar > > iuser="192.168.10.0/24{1,3,25, > < > http://192.168.10.0/24%7B1,3,25,27,31,42,48,50,53,54,55,63,69,81,84,88,92,9 > 8,100,105,118,128,131,134,135,137,140,155,165,171%7D> > > 27,31,42,48,50,53,54,55,63,69,81,84,88,92,98,100,105,118,128,131,134,135,137 > ,140,155,165,171}" > > noiuser="192.168.10.0/24{44, <http://192.168.10.0/24%7B44,46%7D> 46}" > > ############################################################################ > ## > > > ##########################dummynet########################################## > # > #recive > ipfw -q add pipe 1 ip from any to ${iuser} out via vr0 > ipfw pipe 1 config bw 9KByte/s # queue 11 delay 100ms > > #send > ipfw -q add pipe 2 ip from ${iuser} to me in via vr0 > ipfw pipe 2 config bw 7KByte/s # queue 11 delay 100ms > > ############################################################################ > # > > > ##################################NAT####################################### > ## > ipfw -q add divert natd all from any to any via nfe0 > ipfw -q add check-state > > ############################################################################ > > #block any to loopback > ipfw -q add allow ip from any to any via lo0 > ipfw -q add deny ip from any to 127.0.0.0/8 > > #########################END internet > users################################## > > #web & ssl & yahoo messenger > ###################WEB Accsess############################## > ipfw -q add allow tcp from ${iuser} to any 80,443,5050 keep-state > > #allow all http to internal > ipfw -q add allow tcp from any to any 80 in via nfe0 keep-state > > #charter 10 access on ghd24.net > #ipfw -q add allow tcp from 192.168.10.64 to 66.49.211.210,94.182.197.230 > 80 > keep-state > ######################END Web Access######################### > > #aseman > ipfw -q add allow tcp from any to any 7769 keep-state > > #amadeus > ipfw -q add allow tcp from any to any 9876,10000 keep-state > > #air tour > ipfw -q add allow tcp from any to any 1770 keep-state > > #ftp > ipfw -q add allow ip from any to any 21 keep-state > #ipfw -q add allow ip from any to any 1024-65535 keep-state > ipfw -q add allow tcp from 192.168.10.69,192.168.10.1,192.168.10.9 to any > 1024-65535 keep-state > ipfw -q add allow tcp from any 1024-65535 to 192.168.10.1 keep-state > > #ipfw -q add check-state > > #DNS > ipfw -q add allow ip from any to any 53 keep-state > ipfw -q add allow ip from any 53 to any keep-state > > #remote > ipfw -q add allow ip from any to any 35252,12114,3389 keep-state > > #mysql remote > #ipfw -q add allow ip from any to any 3306,1433 keep-state > > #share > #ipfw -q add allow tcp from any to me 139 > #ipfw -q add allow tcp from any 139 to any > > #ping > ipfw -q add allow icmp from any to any > > #cpanel > #ipfw -q add allow ip from any to any 2082,2083,2095 keep-state > > #ssh > ipfw -q add allow tcp from any to me 5432 keep-state > ipfw -q add allow tcp from any 5432 to any keep-state > > #Out look pop3 > ######################POP3 Access##################### > > ipfw -q add allow tcp from ${iuser},${noiuser} to any 25 keep-state > ipfw -q add allow tcp from ${iuser},${noiuser} to any 110 keep-state > > ######################END POP3 Access################# > #gmail > #ipfw -q add allow tcp from any to any 995,465 keep-state > > #Ghost Surf > ipfw -q add allow tcp from any to any 8888 keep-state > > #VPN TO EXTRENAL > ipfw -q add allow gre from any to any keep-state > ipfw -q add allow tcp from any to any 1723 keep-state > > #allow all to external > ipfw -q add allow ip from any to any out via nfe0 > > #deny all in from external > ipfw -q add deny all from any to any in via nfe0 > > _______________________________________________ > freebsd-ipfw@... mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@..." > Currently your IPFW rule for pipe 2 is only matching traffic sourced from 192.168.10.0/24 <http://192.168.10.0/24 nfe0> with a destination of "me", me being any IP interface on your box, so your rule would work only if traffic is destined to an IP on your box. Your IPFW rule for pipe 1 is matching on any and works, I'd look at applying the same logic to your pipe 2 rule :) _______________________________________________ freebsd-ipfw@... mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@..."
	Re: HELP ME by Chuck Swiger-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi-- On Nov 10, 2009, at 4:40 AM, Nima Mohammadi wrote: > i have a freebsd 7.1 with ipfw and dummynet and natd and all the > things is > good. but the i can not limite the upload to the internet with > dummynet. > the download limit works fine . > > when change the pipe2 (to me in ) to ( to any in) the internet > connection of > my client will be down Try something like: ipfw add pipe 2 ip from ${iuser} to any out via nfe0 Regards, -- -Chuck _______________________________________________ freebsd-ipfw@... mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@..."