Hi people, I'm setting up my home network, and want to use ipnat for NPAT (as I've used it before) but also want to dabble with ipfw to do a little bandwidth sharing.
ipnat on it's own works wonderfully.. I just need someone to sanity check my IPFW to make sure the two will work. ipnat.conf: map rl0 192.168.0.0/24 -> <external IP> portmap tcp/udp 30000:50000 ipfw.conf: ipfw pipe 1 config bw 0 ipfw pipe 2 config bw 0 ipfw add pipe 1 tcp from any to any xmit rl0 out ipfw add pipe 2 tcp from any to any recv rl0 in ipfw add queue 1 tcp from any 22 to any ipfw add queue 2 tcp from any 25,80 to any ipfw add queue 3 tcp from any to any 22 ipfw add queue 4 tcp from any to any 25,80 ipfw add queue 5 tcp from any to any 30000-50000 ipfw queue 1 config pipe 1 weight 32 ipfw queue 2 config pipe 1 weight 1 ipfw queue 3 config pipe 2 weight 32 So as you can see, I figured it would be much easier if I used the portmap keyword with ipnat and hit those ports against ipfw, rather than doing ipfw on multiple interfaces etc etc. Does this sound sane? Will ipfw pipe my packets before ipnet does it's business? ipf and ipfw are both compiled into the kernel on a FreeBSD 4-STABLE machine (world as of Nov 28th)
