Good,I use your method to solute the problem,i do like this: add dummynet_enabe="YES" to /boot/loader.conf then add these lines to /etc/rc.firewall: ${fwcmd} add pipe 1 ip from ${inet} to any out limit src-addr 400 ${fwcmd} add pipe 2 ip from any to ${inet} in limit src-addr 400 ${fwcmd} pipe 1 config delay 2ms bw 10Mbit/s ${fwcmd} pipe 2 config delay 2ms bw 10Mbit/s yeah! But the speed was limited to about 350KB/s when i download enven in LAN! I changed scr-add and delay and bw,it's like that have no effect except deleting delay 2ms(about 800KB/s without delay). The users of LAN will hate me from now! :<
2005/8/10, Adi Pircalabu <[EMAIL PROTECTED]>: > On Wed, 10 Aug 2005 13:31:28 +0800 > he ccjj <[EMAIL PROTECTED]> wrote: > > > I use freebsd5.4+ipfw+natd to setup a box for sharing internet,it's > > work fine.But i have a very serious problem: > > Some computer of my inner user was attacked by virus,they make very > > big volume of stream to internet,so the natd will occupy almost all > > the cpu,the others can't visit internet at all !! Is there a solution > > to limit the natd's cpu occupancy or limit every user's stream speed? > > You may take a look at ipfw(8) manpage and search for dummynet > configuration. > For example, if you know the offending IP, you can try something like > this: > > kldload dummynet > ipfw pipe ${pipe-num} config bw ${max-bw} > ipfw add ${rule-num} pipe ${pipe-num} ip from ${offending-IP} to any > > It's a very simple example, take it as a starting point. > Bye > > -- > Adi Pircalabu (PGP Key ID 0x04329F5E) > > > -- > This message was scanned for spam and viruses by BitDefender. > For more information please visit http://www.bitdefender.com/ > > _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"