[請益] ipfw在頻寬管理的部份

看板FreeBSD作者ilay (resolution)時間19年前 (2007/01/26 16:01)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/1

想請教一下關於 ipfw 的頻寬管理部份: 目前使用一台主機當NAT,firewall,DHCP server 該主機安裝兩片網卡:rl0,rl1 (都是 RTL8139) rl1是對外(連接ATU-R),rl0 是對內連接各Hub 提供內部共數十台PC上網以下是 rc.firewall 設定檔 ================================================================ myip="1.2.3.4" outif="rl1" inif="rl0" /sbin/ipfw -f flush # Throw away RFC 1918 networks ${ipfw} add deny ip from 10.0.0.0/8 to any in via ${oif} ${ipfw} add deny ip from 172.16.0.0/12 to any in via ${oif} ${ipfw} add deny ip from 192.168.0.0/16 to any in via ${oif} /sbin/ipfw add 400 deny icmp from any to any /sbin/ipfw add divert natd all from any to any via rl1 /sbin/ipfw pipe 20 config bw 24KBytes/s /sbin/ipfw pipe 21 config bw 256KBytes/s /sbin/ipfw add pipe 20 ip from 192.168.0.0/16 to any /sbin/ipfw add pipe 21 ip from any to 192.168.0.0/16 /sbin/ipfw add check-state /sbin/ipfw add 2000 allow udp from ${myip} to any keep-state /sbin/ipfw add 2100 pass ip from ${myip} to any /sbin/ipfw add 3000 pass tcp from any to ${myip} 22 in via ${outif} /sbin/ipfw add 1200 add deny ip from ${myip}/24 to any in via ${oif} /sbin/ipfw 65535 add deny all from any to any ====================================================== 目前想改善的是在使用 Internet 的 PC 數不多時能夠讓每台 PC 分配到更多的頻寬這樣子應該要怎麼改寫還是得用 pf? 謝謝了 :) -- IE7 http://ie7.com -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 220.142.196.251