Bandwith limitations, NAT and transparent proxy
Hi ! I have FreeBSD 4.8 installed. There is IPFIREWALL, IPFIREWALL_FORWARD, IPDIVERT and DUMMYNET in my kernel configration. On my FBSD gateway to the Internet I would like to use NAT (of course :-))) ), transparent proxy and limit the outgoing traffic. xl0 (62.169.170.166/30) is the public interface, xl1 (192.168.1.1/24) is the private one. If my firewall rules look like: ipfw pipe 1 config bw 256Kbit/s queue 40Kbytes ipfw add 47 pipe 1 ip from any to any out via xl0 ipfw add 48 allow ip from 192.168.1.1 to any ipfw add 49 fwd 192.168.1.1,3128 tcp from 192.168.1.0/24 to any 80 ipfw add 50 divert 8668 ip from any to any via xl0 ... (the rest of OPEN firewall rules) nothing except http (because of transparent proxy, I think) goes through the gateway from the local net. If my firewall rules look like: ipfw pipe 1 config bw 256Kbit/s queue 40Kbytes ipfw add 47 pipe 1 ip from 62.169.170.166 to any out via xl0 ipfw add 48 allow ip from 192.168.1.1 to any ipfw add 49 fwd 192.168.1.1,3128 tcp from 192.168.1.0/24 to any 80 ipfw add 50 divert 8668 ip from any to any via xl0 ... (the rest of OPEN firewall rules) everything works fine except except the bandwith limitation. Do you have any ideas, how to get these three things (bandwith limitation, nat, transparent proxy) work together ? Thanks a lot in advance. GIGI ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Quotas on /usr filesystem
Thanks for your answer ! On Mon, Jun 02, 2003 at 02:57:14PM +0200, Uncle GIGI wrote: I have a problem with filesystem quotas enabled on the /usr filesystem. It causes the system (FreeBSD 4.8 STABLE) to freeze. Is it because the quotas utilities are on the /usr filesystem as well ? Thanks a lot for any suggestions. That shouldn't matter, unless you've gone completely mad and restricted root's quota so much that it can't install all of the required system files under the /usr filesystem. :-))) No, I'm not mad, don't worry. :-))) However, I'm at a loss as to why you would want to run quotas on the /usr filesystem. Typically you only want quotas enabled on partitions where generic users have write privileges. That might include /home or /var, but preferably shouldn't include /usr. For example on /usr/local/www/data/users/..., but doesn't matter. (I know your answer, but that's not the problem) Let's try to enable quotas on /usr filesystem and you'll see. What do: % mount % repquota -a return? One thing I've run afoul of in the past is that if you've got an old unix system that can NFS mount your drives and that system has the nobody UID set to -1, it can cause havoc with quotas. On the old system, the UID is a short integer, so '-1' is effectively the same as '65534'. However on FreeBSD, the UID field is 4 byte integer value, so that the '-1' UID effectively maps onto '4294967295'. Not a huge problem in itself, but realise that the quota system will try and install a quota file with enough room for 4294967295 entries, and that's going to take up a fair chunk of your filesystem. It also takes forever for quotacheck(8) to run on boot up under those circumstances. You're unlikely to see this nowadays --- the last time I ran into this, the "old unix" was a NeXT box, circa 1998. Cheers, Matthew ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Quotas on /usr filesystem
Hi ! I have a problem with filesystem quotas enabled on the /usr filesystem. It causes the system (FreeBSD 4.8 STABLE) to freeze. Is it because the quotas utilities are on the /usr filesystem as well ? Thanks a lot for any suggestions. GIGI ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
