« SONY typeP | Main | iCalとgoogleカレンダーを同期する »

ipfw+ipfilterによる帯域制限

ipfw+ipfilterによるブリッジを作成した。
いくつか苦労した点をメモして置く。
ipfwのfwdで透過プロキシ(port rediect)を作れるが宛先のIPアドレスを変更できないため多くの場合利用できない。
FreeBSDのnatdは私の環境では動作が不安定だったのでipfilter(ipnat)をつかった。
gateway=YESを設定しておくとクライアントからつながることを確認。
/dev/ipnat: open: No such file or directoryはipl.koがカーネルにロードされていない場合表示される。
事前にkldload iplとしておくこと。
そのうえで、以下のように設定する。


[root@blue]# vi /etc/ipnat.rules
#map lnc0 192.168.143.0/24 -> 192.168.100.204/32 proxy port ftp ftp/tcp
#map lnc0 192.168.143.0/24 -> 192.168.100.204/32 portmap tcp/udp auto
#map lnc0 192.168.143.0/24 -> 192.168.100.204/32
rdr lnc0 192.168.100.204/32 port 80 -> 192.168.143.206 port 80 tcp
[root@blue]# ipnat -C -F -f /etc/ipnat.rules
[root@blue]# ipnat -l
List of active MAP/Redirect filters:
rdr lnc0 192.168.100.204/32 port 80 -> 192.168.143.206 port 80 tcp
[root@blue]# vi /usr/local/sbin/bandwidth.sh
#!/bin/sh
# 下り回線
#ipfw add 10100 pipe 1 ip from any to 192.168.143.0/24 out via lnc1
#ipfw pipe 1 config bw 2000kbit/s
# 上り回線
ipfw add 10200 pipe 2 ip from 192.168.143.0/24 to any out
ipfw pipe 2 config bw 300kbit/s
[root@blue]# chmod 755 /usr/local/sbin/bandwidth.sh
[root@blue]# /usr/local/sbin/bantwidth.sh
[root@blue]# ipfw -a list
10200 0 0 pipe 1 ip from 192.168.143.0/24 to any out
65535 37483229 36250189181 allow ip from any to any

http://www.wakhok.ac.jp/~kanayama/summer/02/site/node58.html

|
|

« SONY typeP | Main | iCalとgoogleカレンダーを同期する »

「UNIX」カテゴリの記事

Comments

Thank yyou a loot for shgaring this with all of us youu actually uunderstand what you are speakjng about! Bookmarked. Please also discuss with mmy website =). We could have a link exchange arrangement between us

Posted by: designerhandbagsplaza.com | October 17, 2013 at 08:49 AM

Appreciate the recommendation. Will try it out.

Posted by: investments rich homie quan bass boosted | August 01, 2014 at 05:40 PM

Pretty section of content. I just stumbled upon your blog and in accession capital to assert that I acquire in fact enjoyed account your blog posts. Anyway I will be subscribing to your augment and even I achievement you access consistently quickly.

Posted by: Candice | May 21, 2015 at 09:36 PM

It basically implies they made a decent attempt and fizzled simply like other people who have the fantasy of owning their own organization. On an average, young people will rack up 10 thousand hours of gaming by the time they reach the age of 21. People like Sunil Vaswani are fit for getting the trust of their associates by listening to their considerations and concerns.

Posted by: clash of clans hack no survey | August 05, 2015 at 11:32 PM

Post a comment



(Not displayed with comment.)




TrackBack

TrackBack URL for this entry:
http://app.cocolog-nifty.com/t/trackback/45549/44018564

Listed below are links to weblogs that reference ipfw+ipfilterによる帯域制限:

« SONY typeP | Main | iCalとgoogleカレンダーを同期する »