ipfw在頻寬管理的部份 - BBS

By Catherine
at 2007-01-26T16:00

Table of Contents

想請教一下關於 ipfw 的頻寬管理部份:

目前使用一台主機當NAT,firewall,DHCP server

該主機安裝兩片網卡:rl0,rl1 (都是 RTL8139)

rl1是對外(連接ATU-R),rl0 是對內連接各Hub 提供內部共數十台PC上網

以下是 rc.firewall 設定檔

================================================================

myip="1.2.3.4"
outif="rl1"
inif="rl0"
/sbin/ipfw -f flush
# Throw away RFC 1918 networks
${ipfw} add deny ip from 10.0.0.0/8 to any in via ${oif}
${ipfw} add deny ip from 172.16.0.0/12 to any in via ${oif}
${ipfw} add deny ip from 192.168.0.0/16 to any in via ${oif}

/sbin/ipfw add 400 deny icmp from any to any
/sbin/ipfw add divert natd all from any to any via rl1

/sbin/ipfw pipe 20 config bw 24KBytes/s
/sbin/ipfw pipe 21 config bw 256KBytes/s
/sbin/ipfw add pipe 20 ip from 192.168.0.0/16 to any
/sbin/ipfw add pipe 21 ip from any to 192.168.0.0/16

/sbin/ipfw add check-state
/sbin/ipfw add 2000 allow udp from ${myip} to any keep-state
/sbin/ipfw add 2100 pass ip from ${myip} to any

/sbin/ipfw add 3000 pass tcp from any to ${myip} 22 in via ${outif}

/sbin/ipfw add 1200 add deny ip from ${myip}/24 to any in via ${oif}

/sbin/ipfw 65535 add deny all from any to any

======================================================

目前想改善的是

在使用 Internet 的 PC 數不多時

能夠讓每台 PC 分配到更多的頻寬

這樣子應該要怎麼改寫還是得用 pf?

謝謝了 :)

--
IE7 http://ie7.com

--

Tags: BBS

ipfw在頻寬管理的部份 - BBS

All Comments

Related Posts

唾ꮋ镦鲉蒽win32-codecs

有關於oxim的問題

有關於oxim的問題

Mysql51-server安裝問題...無基本sql資 …

Re: about samba