IPFW:
remove any ipfw_nat_load=“NO” from /boot/loader.conf
add this to the end of /boot/loader.conf
dummynet_load="YES" ipfw_load="YES" ipfw_nat_load="YES"
add to /etc/rc.conf
firewall_enable="YES" firewall_quiet="NO" firewall_script="/etc/firewall" firewall_logging="YES"
add this to /etc/sysctl:
net.inet.ip.fw.one_pass=0
configure firewall:
vi /etc/firewall #!/bin/sh cmd="/sbin/ipfw -q" # external interface wan_if="if2" # internal interface lan_if="if1" # flush rules $cmd flush $cmd pipe flush #$cmd nat 1 config if $wan_if reset #$cmd add 14 nat 1 all from 192.168.11.0/24 to any via $wan_if out #$cmd add 15 nat 1 all from any to me via $wan_if in #$cmd add fwd 192.168.11.3,80 tcp from any to 37.152.160.244 dst-port 80 # allow traffic to and from router #$cmd add 20 allow ip from any to me #$cmd add 30 allow ip from me to any # download $cmd pipe 3 config bw 2048Kbit/s $cmd add 200 set 2 pipe 3 all from 192.168.11.3 to any out $cmd add 210 set 2 pipe 3 all from any to 192.168.11.3 in $cmd pipe 4 config bw 2048Kbit/s $cmd add 220 set 2 pipe 4 all from 192.168.11.2 to any out $cmd add 230 set 2 pipe 4 all from any to 192.168.11.2 in $cmd add 1200 allow ip from any to any
# table base traffic shaping
#!/bin/sh cmd="/sbin/ipfw -q" # external interface wan_if="if2" # internal interface lan_if="if1" #tables $cmd table 1 add 10.0.0.0/24 $cmd table 1 add 10.0.1.0/24 $cmd table 1 add 192.168.1.254 $cmd table 1 add 192.168.1.100 # flush rules $cmd flush $cmd pipe flush # 192.168.1.254 $cmd pipe 3 config bw 1024Kbit/s $cmd add 200 set 2 pipe 3 all from 192.168.1.254 to any out $cmd add 210 set 2 pipe 3 all from any to 192.168.1.254 in # table 1 $cmd pipe 4 config bw 4096Kbit/s $cmd add 220 set 2 pipe 4 all from 'table(1)' to any out $cmd add 230 set 2 pipe 4 all from any to 'table(1)' in # 37.152.184.26 $cmd pipe 5 config bw 2048Kbit/s $cmd add 240 set 2 pipe 5 all from 37.152.184.26 to any out $cmd add 250 set 2 pipe 5 all from any to 37.152.184.26 in $cmd add 1200 allow ip from any to any
how to start, stop, restart?
service ipfw stop service ipfw start service ipfw restart
By: Mehdi Sadighian
Contact: mehdi.sadighian@hotmail.com
TAG: ipfw, traffic shaping, bandwidth limit, freebsd traffic control