Pontus
June 24th, 2003, 18:30
Hi all!
I have been looking at pf examples all day now, and im still not sure how to configure my firewall...
My network looks like this..
I have an ADSL connection with 2.5Mbits down and 0.8Mbits up, and only one IP (xl0 = the external interface)...
Then I have 192.168.1.0/24 (on interface xl1) for my lan. And 192.168.2.0/24 (on interface xl2) for my DMZ...
So my pf.conf looks like this (so far)...
ext_if="xl0"
int_if="xl1"
dmz_if="xl2"
ext_addr="x.x.x.x"
webserver="192.168.2.2"
nat on xl0 from 192.168.1.0/24 to any -> $ext_addr
nat on xl0 from 192.168.2.0/24 to any -> $ext_addr
rdr on xl0 proto tcp from any to $ext_addr port 80 -> $webserver port 80
rdr on xl1 proto tcp from any to $ext_addr port 80 -> $webserver port 80
pass in all keep state
pass out all keep state
The thing is that I would like to make bandwidth control, so that my webserver (and other servers that I will put in my DMZ later) always should have atleast 1Mbit down and 0.4Mbit up.... And I should be able to borrow that bandwidht if my servers doesnt need it...
Then... Soon I will add and Mailserver on ip 192.168.2.3 and an DNS on ip 192.168.2.4...
So I will have:
192.168.2.2 www/ftp
192.168.2.3 pop3/imap/smtp
192.168.2.4 dns
These three servers should have 33% each of the bandwidht assigned for my dmz, and the www traffic should have higher priority than the ftp traffic to the www server...
Kind of an mess huh?
Any guru out there who thinks he/she could help me out? Or have links to already written pf.conf's with dmz, that uses bandwidth limits this way (with one queue for incomming trafic, and one for outgoing, since there is different speeds on up/down)...
Thanks in advance! // Pontus
I have been looking at pf examples all day now, and im still not sure how to configure my firewall...
My network looks like this..
I have an ADSL connection with 2.5Mbits down and 0.8Mbits up, and only one IP (xl0 = the external interface)...
Then I have 192.168.1.0/24 (on interface xl1) for my lan. And 192.168.2.0/24 (on interface xl2) for my DMZ...
So my pf.conf looks like this (so far)...
ext_if="xl0"
int_if="xl1"
dmz_if="xl2"
ext_addr="x.x.x.x"
webserver="192.168.2.2"
nat on xl0 from 192.168.1.0/24 to any -> $ext_addr
nat on xl0 from 192.168.2.0/24 to any -> $ext_addr
rdr on xl0 proto tcp from any to $ext_addr port 80 -> $webserver port 80
rdr on xl1 proto tcp from any to $ext_addr port 80 -> $webserver port 80
pass in all keep state
pass out all keep state
The thing is that I would like to make bandwidth control, so that my webserver (and other servers that I will put in my DMZ later) always should have atleast 1Mbit down and 0.4Mbit up.... And I should be able to borrow that bandwidht if my servers doesnt need it...
Then... Soon I will add and Mailserver on ip 192.168.2.3 and an DNS on ip 192.168.2.4...
So I will have:
192.168.2.2 www/ftp
192.168.2.3 pop3/imap/smtp
192.168.2.4 dns
These three servers should have 33% each of the bandwidht assigned for my dmz, and the www traffic should have higher priority than the ftp traffic to the www server...
Kind of an mess huh?
Any guru out there who thinks he/she could help me out? Or have links to already written pf.conf's with dmz, that uses bandwidth limits this way (with one queue for incomming trafic, and one for outgoing, since there is different speeds on up/down)...
Thanks in advance! // Pontus