[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[altq:1722] Re: dmz traffic

To: wbx@luusa.org
Subject: [altq:1722] Re: dmz traffic
From: Kenjiro Cho <kjc@csl.sony.co.jp>
Date: Thu, 05 Dec 2002 14:20:28 +0900 (JST)
Cc: altq@csl.sony.co.jp
In-Reply-To: <20021204175832.GA2784@luusa.org>
References: <20021204175832.GA2784@luusa.org>
Sender: owner-altq@csl.sony.co.jp


Waldemar Brodkorb wrote:
> I have a problem to find a solution for following
> problem. 
> 
> OpenBSD 3.2 system configured as a bridge between 
> firewall (three interfaces) and LAN. 
> 
> I'm throttling all traffic into the LAN, every client
> gets 20 % of the line, including passive ftp.

[snip]

> But how I can configure altq to not shape traffic to
> our DMZ. I didn't find a possibility to negate source or
> destination addresses in the filter rules, nothing 
> mentioned in the manpage.
> DMZ is on the third firewall interface (10.0.0.0/8).

You can add a filter for the DMZ at the tail of the config.
For example,
	filter xl0 def_class 10.0.0.0 netmask 255.0.0.0 0 0 0 0
	filter xl0 def_class 0 0 10.0.0.0 netmask 255.0.0.0 0 0

-Kenjiro

References:
- [altq:1720] dmz traffic
  - From: Waldemar Brodkorb <wbx@luusa.org>
- [altq:1720] dmz traffic
  - From: Waldemar Brodkorb <wbx@luusa.org>

Prev by Date: [altq:1721] Re: Edonkey rules problem.
Next by Date: [altq:1723] Re: asking about altq.conf
Prev by thread: [altq:1720] dmz traffic
Next by thread: [altq:1723] Re: asking about altq.conf
Index(es):
- Date
- Thread