Hi together,
for quite a while I have been looking around for a way to limit the bandwith
for each IP that accesses my server. I want to slow down any connektion
to 128 KBit/s.
The only thing I found was Dummynet in combination with ipfw. I am using
ipf as firewall an for IP-accounting. It does a
Am 16.01.2001 um 17:38:46 schrieb Martin Eggen:
Hi Martin,
thanks a lot for your hints.
> You might want to take a look at ALTQ[0] from the KAME people, or just use
> ipfw with a default pass all rule (or IPFIREWALL_DEFAULT_ACCEPT), so that
> it's only used for bw limiting. (The packets will th
Am 16.01.2001 um 09:54:55 schrieb Luigi Rizzo:
Hi Luigi,
first thanks for your hints,
> > so it is definitely impossible that a packet that passes ipfw (as every
> > packet does) enters the system even if ipf says "no", right?
>
> you have to look at the order of invokation of ipfw and ipfw
>
Am 16.01.2001 um 10:22:23 schrieb Luigi Rizzo:
Hi Luigi,
hopefully you are not nerved by my continuing question, but there is still one
thing I did not dompletely understand.
> if ipf says no it says no. you just want tobe sure that
> the packet actually passes through both things.
I just do
Hi,
I want to use ipfw & dummynet. I recompiled the kernel accordingly
(options DUMMYNET is in) and the firewall works. But as soon as I try to
set a pipe according to the manpage like this:
ipfw add pipe 1 ip from any to any out
I get the following error:
ipfw: getsockopt(IP_FW_ADD): Invalid
Am 18.01.2001 um 13:28:22 schrieb Clemens Hermann:
Hi,
problem solved, one should not forget make clean before recompiling ;-)
/ch
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message
Hi again,
I want to limit the bandwith for each IP accessing my computer to
128KBit/s (2*ISDN). So I added the following rules to ipfw:
ipfw add pipe 1 ip from any to any
ipfw add pipe 2 tcp from any to any
ipfw add pipe 3 udp from any to any
ipfw add pipe 4 icmp from any to any
ipfw pipe 1 conf
Am 18.01.2001 um 11:41:40 schrieb Luigi Rizzo:
Hi Luigi,
thanks again for your help
> KB stands for kbytes not bits. "ipfw pipe show" should tell
> you what is going wrong
it shows the following:
0001: 128.000 kbit/s 0 ms 10 sl. 0 queues (1 buckets) droptail
maks: 0x00 0x/0x
Am 18.01.2001 um 11:57:51 schrieb Luigi Rizzo:
Hi Luigi,
> apparently no traffic is matching the pipe.
that's the point. I rearranged the rules - Now it works ;-).
Is there a way to limit just *any* traffic so that you have not to
specify the protocol (ip/tcp/udp/icmp).
I did not find anything
Hi,
are there any recommandationions how to get IP-accounting to work on
FreeBSD? I have switched from ipf to ipfw so now I need a new way do
keep track of the IP-traffic passing my machine.
I have a machine with 30 IP-aliases.
The least thing I need is monthly summary of the full amount of
IP-Tr
Hi,
Is there a way to get natd to reload the config-file without terminating?
The only way I found is to stop natd and then start it again.
As the natd-config changes frequently here (we are changing the used network
and we misuse natd to help us) I expect problems when just shuting down natd
in
Am 27.01.2002 um 00:41:23 schrieb Rogier R. Mulhuijzen:
Hi Roger,
> What sort of changes are you talking about here? Maybe there's a different
> way of going about it.
I want to move an existing network from 91.0.0.0/8 to 172.16.0.0/16.
Furthermore name resolution changes from wins to dns and
Am 27.01.2002 um 02:11:30 schrieb Matthew Emmerton:
Hi Matt,
> Here's the patch that I wrote some time ago.
thanks a lot!
Did you send-pr the patch? It seems quite necessary to be added.
greetz
/ch
--
"Contrary to popular belief, Unix is user friendly.
It just happens to be selective abou
Am 27.01.2002 um 18:43:11 schrieb Andre Oppermann:
Hi Andre,
> Have a look at IPFILTER where IPNAT is part of. It does everything in
> the kernel.
to come back to my initial question: is there a way to modify ipnat
rules without breaking existing connections?
tia
/ch
--
"Contrary to popula
Am 27.01.2002 um 09:59:14 schrieb Matthew Emmerton:
Hi Matthew,
> Why not just add an IP alias for the "new" network on each machine? Each
> system will respond to packets directed to either network, but without the
> complexity of a NAT box in the middle. Once you've got everything switched,
15 matches
Mail list logo
