similar to: Policy routing with IPFW

I am trying to limit outgoing SMTP traffic to about 14 Mbps and these are the IPFW rules I am using. ${fwcmd} add pipe 1 tcp from 192.168.0.0/24 to any 25 out via dc0 ${fwcmd} pipe 1 config bw 14Mbit/s I've tried multiple tweaks to the pipe rule and I seem to be missing something. I only get about half the bandwidth I specify. Is this normal behavior? Is there something wrong

Dear All. I want to use 'not' for 2 addresses (for both) in ipfw2 rule. The only way that looks like what I need is # ipfw add count from IP1 to not IP2,IP3 But does this rule indeed makes what I want? Does it count all packets destined to addresses other then IP2 AND IP3?! No other syntax works. For example more logically correct not IP2 AND not IP3 or even not { IP2 or IP3 } are

Hi. We just opened a gaming center and have chosen to run a FreeBsd box for our firewall. IPFW is configured at it's very basic running natd through rl0 and allowing any to any connections from the lan to the outer world. Natd controls access to the lan. We have a 6.0 mb/s ADSL net connection for all the gaming clients to use, however if a gamer starts downloading a file, that file

Hi All, I''m a big user of the LARTC document but am currently stuck with a question around section 4.2 (http://lartc.org/howto/lartc.rpdb.multiple-links.html) in relation to "Routing for multiple uplinks/providers". I''m wanting to do a similar setup to the diagram where I have - lets just say for the moment - two uplink providers where I want to route over two

Hi there, Is there some way to configure ipfw to do traffic normalizing ("scrubbing", as in ipf for OpenBSD)? Is there any tool to do it for FreeBSD firewalling? I've heard that ipf was ported on current, anything else? TIA, /Dorin. __________________________________ Do you Yahoo!? Yahoo! Mail SpamGuard - Read only the mail you want. http://antispam.yahoo.com/tools

Hi, I have a little problem to setup iproute in my network It looks like this: ---- ----- ------ R1 R2 R3 ---- ----- ------ | | | | | | ------------------------------- ETH1 ETH2 ETH3 ETH0 ETH4 -------------> DMZ ------------------------------ | |

i´ve been searching for a load balance solution since a month ago... what i can say is that it simply doesn´t work. I was unable to find one guy that did it with sucess. When "load balance" is the subject of the message on the list, the message is simply ignored. So... if it doesn´t work... why LARTC don´t delete it from the HOW TO and answer us with some "it simply doesn´t

I have a simple script: #!/bin/bash # index=0 total=0 names=() ip=() while read -r LINE do NODENAME=` echo $LINE | cut -f 1 -d ','` IP=` echo $LINE | cut -f 2 -d ','` names[index]="$NODENAME" ip[index]="$IP" index=`expr index+1` total=`expr total+1` done <<< $(cat list.txt) simple file: more list.txt name1,ip1 name2,ip2 name3,ip3 output when

hy Hope everyone is fine, I have one issue coming in asterisk , What i am doing is i am generating a callback if some one calls at a specif access number on asterisk, Asterisk sends a busy signal to the calling party that he received a request from party and then sends the call back to the person from where asterisk received a request but in From field as you can see below astrisk is sending the

Hi, can I establish interdomain trust between two domains across NAT. If yes, please how??? Thank you, Sopik Bronislav

Hello I have a PC with 2 IPs publics IP1 in eth0 and IP2 in eth0:0 I want to do a redirection of IP2 to an other public IP IP3 in an other laptop (other network) - for all ports : IP2 ---> IP3 - for juste www : IP2:www --> IP3:www i tried many combination with shorewall-3.0.7-4, but no sucess no help from google, Thanks in advance Laurent

Hi all, is there a way to combine iptables parameters like: iptables -A OUTPUT -p UDP & -p TCP -d $IP1 & -d $IP2 ? Best Regards Marcus

Hi I want to use two dsl (or more) lines to increase my internet bandwidth. Our dsl lines are dhcp serviced. Both of them provide the same Def GW and different IPs for each ethernet interface (same subnet). ¿Is it possible to balance outgoing traffic "using" the interface as a criteria? No point on choosing gateway by IP. ¿Could someone give me a clue on how to deal with this? (first

HI All , I am running a FC6 box with two internet links with load balance . Every thing is working fine expect the MSN connection that failed and reconnect every time and SSL connections . I would link to know if with the nona howto I could fix that . I have been tried with no success to redirect that connection only to one link but its look like do not work . Here my configuration :

[ -netters, please Cc me or security@ with replies. ] I'm running into trouble integrating dynamic racoon-based IPSec into a network with ipfw and natd. I need to be able to allow VPN access from any address from authenticated clients. I've got the dynamic VPN working, with racoon negotiating SAs and installing SPs, but the problem is that I can't tell whether an incoming packet on

Hi, this might be a dumb question, but I''m not finding much information online. I''m trying to setup a 2.6 linux box to run nat across multiple upstream links as a simple way to aggregate bandwidth. I found the instructions in lartc section 4.2 (http://lartc.org/howto/lartc.rpdb.multiple-links.html) fairly clear and straightforward. I implemented those, and a couple of trivial

Hi all, I''ve a routing problem. I''m setting up a router based on debian (kernel 2.4). I need to setup routing to export an ftp service (ftp server is in dmz) to 2 wan (both). I setup prerouting ad forward rule with no problem. The problem is that reply packet use default gateway (default wan) even though they are enter using the other wan. I solved it marking packets in input

I'm not a master of the internet RFCs, but I do believe icmp messages have different types. Now to enable traceroute for IPFW, I might put in a rule like this: ipfw add pass icmp from any to me However, how would I make a rule to limit icmp messages to just those used by traceroute? Can the messages be distinguished as such? A dynamic rule that exists only for the duration of a traceroute

Hi Everybody in the list I have a situation like this ------ (IP1) linux |----eth0.40------ | router | | | box | (IP2) |------|Client Router ( Destiantion Net DNET) |----eth0.41------ | | /27 subnet ------ I just want to balance the load of bandwidth per packet based between the two vlan interfaces to Client Destination network

Hi, i''m a shorewall users and i have the following problem: I have one class C range of IP''s and i have three zones (net, dmz , loc) I need create one rule to dnat one valid ip address (but not in use in one computer) to one invalid host in my loc zone. How i do? I try this: DNAT net:200.200.200.200 dmz:200.193.137.38 tcp 137,138,139,445 -