I have the following setup:
|
| (67.95.100.16 - fxp4)
| (67.95.100.17 - fxp4)
----------------
| EXTERNAL |
| FIREWALL |
----------------
| (192.168.10.2 - fxp1)
(192.168.10.1) |
---------------- |
| WWW/FTP | |
| SERVER |--------+
----------------
The 67.95.100.17 IP address belongs to 'EXTERNAL FIREWALL' on fxp4.
The 67.95.100.16 IP address is an alias on fxp4 to redirect www/ftp
traffic to an internal server. I'd like to limit bandwidth to
67.95.100.16 depending on the protocol used.
Traffic navigates to 'WWW/FTP SERVER' via a rdr rule for the ftp
traffic (reverse ftp-proxy):
rdr pass log on fxp4 proto tcp from any to 67.95.100.16 \
port = http -> 192.168.10.1
rdr pass log on fxp4 proto tcp from any to 67.95.100.16 \
port = ftp -> 127.0.0.1 port 8022
The reverse ftp-proxy is running as:
# /usr/sbin/ftp-proxy -R 192.168.10.1 -p 8022
I created a queue to limit traffic on the internal interface
connecting 'EXTERNAL FIREWALL' to 'WWW/FTP SERVER':
altq on fxp1 cbq bandwidth 1.5Mb queue \
{ queue_std, queue_ftp, queue_http }
queue queue_std bandwidth 1.48Mb cbq(default)
queue queue_ftp bandwidth 10Kb
queue queue_http bandwidth 10Kb cbq(red)
And, the rules allowing traffic to 'WWW/FTP SERVER':
pass in log on fxp1 proto { tcp, udp } from any to any \
port = domain keep state
pass out log on fxp1 proto tcp from any to any \
port = http keep state queue queue_http
pass out log on fxp1 proto tcp from any to any \
port = ftp keep state queue queue_ftp
pass out log on fxp1 inet proto icmp all \
icmp-type $icmp_types keep state queue queue_std
>From an external server, I attempted to download a file with curl
using ftp and www from 'WWW/FTP SERVER' server. Curl reports that
downloading via ftp shows no bandwidth limiting. As for www, the
bandwidth seems limited to ~30Kb/s. Why isn't my 10Kb bandwidth being
honoured?
--
albert chin ([EMAIL PROTECTED])
