- 论坛徽章:
- 0
|
同学们帮我看看 我做的freebsd7.0 ipfw+ipnat+dummynet
下面是IPFW的规则
#add deny log ip from any to any ipoptions rr
#add deny log ip from any to any ipoptions ts
#add deny log ip from any to any ipoptions ssrr
#add deny log ip from any to any ipoptions lsrr
#add deny tcp from any to any in tcpflags syn,fin
#########re1 == WAN
#########re0 == LAN
add divert 8668 ip from any to any via re1 #WAN PORT
#add allow tcp from any to me 80
#add allow tcp from any to me 443
#add allow tcp from any to me 25
#add allow tcp from any to me 110
#######dummynet
pipe 1 config bw 50KByte/s
pipe 2 config bw 50KByte/s
add pipe 1 ip from 192.168.1.191 to any out
add pipe 2 ip from any to 192.168.1.191 in
### 192.168.10.2 # 3-4#
pipe 3 config bw 50KByte/s
pipe 4 config bw 50KByte/s
add pipe 3 ip from 192.168.10.2 to any out
add pipe 4 ip from any to 192.168.10.2 in
### 192.168.10.3 # 5-6#
pipe 5 config bw 50KByte/s
pipe 6 config bw 50KByte/s
add pipe 5 ip from 192.168.10.3 to any out
add pipe 6 ip from any to 192.168.10.3 in
。。。。
。。。。
。。。。
#######private network
add allow all from any to any via lo0
############lan #############
############ dns ###########
add allow udp from any 53 to me in recv x10
add allow udp from any 53 to 124.193.200.70
add allow udp from any to any out
add allow udp from any to any in
############
add check-state
add allow tcp from any to any out setup keep-state
add allow tcp from any to any out
add allow udp from any to any out
add allow gre from any to any out setup keep-state
add allow gre from any to any out
add allow udp from any 53 to any
add allow icmp from any to any
add allow all from any to 192.168.10.0/24
add allow all from 192.168.10.0/24 to any
add 65534 deny all from any to any
#add allow icmp from any to any icmptypes 3,4
#add allow icmp from any to any icmptypes 8 out
#add allow icmp from any to any icmptypes 0,11 in
用公司其他机器测试,下载速度在50K左右,但打开某些网页速度很慢,而且还有没限制的机器上网也很慢,不知道是不是和规则有关,请高手指点 |
|
免费注册
发表于 2008-10-16 15:09
发表于 2008-10-16 17:49