ipfw -q pipe 1 config bw 8192Kbit/s queue 10 режет скорость до 2-х мегабит приблизительно.
вот конфиг ipfw
Код: Выделить всё
ipfw -q -f flush
ipfw -q -f pipe flush
ipfw -f queue flush
FwCMD="ipfw -q add"
LanOut="rl0" #внешня сетевая
NetOut="194.187.230.16/28"
IpOut="ХХХХХХХХ" # внешняя IP
LanIn="sk0"
IpIn="192.168.0.1"
NetIn="192.168.0.0/25" #setka
Ip_Lan="192.168.0"
CityNet="194.187.228.0/22"
${FwCMD} 007 skipto 199 ip from ${CityNet} to ${NetIn} out via ${LanIn} # внутрення сеть провайдера, большая скорость незачем делть
${FwCMD} 008 skipto 199 ip from ${NetIn} to ${CityNet} in via ${LanIn}
${FwCMD} 009 skipto 199 ip from ${IpIn} to ${NetIn} out via ${LanIn} # штобы не резалса тарафик к ресурсам сервера фтп, самба
${FwCMD} 010 skipto 199 ip from ${NetIn} to ${IpIn} in via ${LanIn}
${FwCMD} 011 tee 10001 ip from any to any via sk0 # копия пакетов для считалки ipacctd
ipfw -q pipe 1 config bw 7785Kbit/s queue 10 # сдесть должно стоять чуть меньше 2 мегабита, но ето число только режит до необходимой скорости
ipfw -q queue 1 config pipe 1 weight 50 mask dst-ip 0xffffffff
ipfw -q queue 2 config pipe 1 weight 30 mask dst-ip 0xffffffff
ipfw -q queue 3 config pipe 1 weight 20 mask dst-ip 0xffffffff
${FwCMD} 014 queue 1 ip from any 22,27015-27020 to ${NetIn} via ${LanIn} out #приоретизацыя трафика, может сдесь начудил, возможно ${NetIn} надо на me заменить
${FwCMD} 016 queue 1 icmp from not ${NetIn} to ${NetIn} via ${LanIn} out
${FwCMD} 021 queue 2 ip from not ${NetIn} to ${NetIn} via ${LanIn} out # нунжно поделить трафик поровну по ір
${FwCMD} 020 queue 3 ip from not ${NetIn} to 192.168.0.51,192.168.0.81,192.168.0.82 via ${LanIn} out
${FwCMD} 150 skipto 410 ip from any to any not layer2 #филтрацыя по мак
${FwCMD} 151 allow ip from any to any layer2 not via ${LanIn}
${FwCMD} 201 allow all from any to any mac any 00:1b:11:16:1d:27 via ${LanIn}
${FwCMD} 207 allow all from any to any mac any 00:1B:FC:EC:DA:DС via ${LanIn}
${FwCMD} 263 allow all from any to any mac any 00:1c:b3:52:ae:a8 via ${LanIn}
${FwCMD} 392 skipto 402 ip from any to ${IpIn},${IpOut} layer2 in via ${LanIn}
${FwCMD} 401 deny all from ${NetIn} to not ${NetIn} mac any any
${FwCMD} 402 allow ip from any to any layer2 via ${LanIn}
${FwCMD} 405 check-state # стандартные настройки
${FwCMD} 410 allow all from any to any via lo0
${FwCMD} 420 deny ip from any to 127.0.0.0/8
${FwCMD} 430 deny ip from 127.0.0.0/8 to any
${FwCMD} 440 deny ip from ${NetIn} to any in via ${LanOut}
${FwCMD} 441 deny ip from ${NetOut} to any in via ${LanIn}
${FwCMD} 451 deny ip from any to 172.16.0.0/12 in via ${LanOut}
${FwCMD} 452 deny ip from any to 192.168.0.0/16 in via ${LanOut}
${FwCMD} 453 deny ip from any to 0.0.0.0/8 in via ${LanOut}
${FwCMD} 454 deny ip from any to 169.254.0.0/16 in via ${LanOut}
${FwCMD} 455 deny ip from any to 224.0.0.0/4 in via ${LanOut}
${FwCMD} 456 deny ip from any to 240.0.0.0/4 in via ${LanOut}
${FwCMD} 457 deny icmp from any to any frag
${FwCMD} 458 deny log icmp from any to 255.255.255.255 in via ${LanOut}
${FwCMD} 460 deny log icmp from any to 255.255.255.255 out via ${LanOut}
${FwCMD} 465 fwd 127.0.0.1,3128 tcp from ${NetIn} to any 80 out via ${LanOut}
${FwCMD} 470 divert natd ip from any to ${IpOut} in via ${LanOut}
${FwCMD} 471 divert natd ip from ${NetIn} to any out via ${LanOut}
${FwCMD} 481 deny ip from 172.16.0.0/12 to any out via ${LanOut}
${FwCMD} 482 deny ip from 192.168.0.0/16 to any out via ${LanOut}
${FwCMD} 483 deny ip from 0.0.0.0/8 to any out via ${LanOut}
${FwCMD} 484 deny ip from 169.254.0.0/16 to any out via ${LanOut}
${FwCMD} 485 deny ip from 224.0.0.0/4 to any out via ${LanOut}
${FwCMD} 486 deny ip from 240.0.0.0/4 to any out via ${LanOut}
${FwCMD} 490 allow icmp from any to any icmptypes 0,8,11
${FwCMD} 496 skipto 600 ip from ${NetIn} to any 3128 in via ${LanIn}
${FwCMD} 510 allow tcp from any to any established
${FwCMD} 520 allow udp from any to ${IpOut} 53 in via ${LanOut}
${FwCMD} 521 allow udp from ${IpOut} 53 to any out via ${LanOut}
${FwCMD} 522 allow udp from any 53 to ${IpOut} in via ${LanOut}
${FwCMD} 523 allow udp from ${IpOut} to any 53 out via ${LanOut}
${FwCMD} 531 allow tcp from any to ${IpOut} 6067,6667 in via ${LanOut} setup
${FwCMD} 532 allow tcp from any to ${IpOut} 80 in via ${LanOut} setup
${FwCMD} 535 allow tcp from any to ${IpOut} 22 in via ${LanOut} setup
${FwCMD} 542 allow udp from not ${NetIn} to ${IpOut} 27000-27020 in via ${LanOut}
${FwCMD} 543 allow udp from ${IpOut} 27000-27020 to not ${NetIn} out via ${LanOut}
${FwCMD} 544 allow tcp from not ${NetIn} to ${IpOut} 27015-27050 in via ${LanOut} setup
${FwCMD} 550 allow udp from any 27015-27025 to ${NetIn} in via ${LanOut}
${FwCMD} 551 allow udp from any 27015-27025 to ${NetIn} out via ${LanIn}
${FwCMD} 552 allow udp from ${NetIn} to any 27015-27025 in via ${LanIn}
${FwCMD} 553 allow udp from ${IpOut} to any 27015-27025 out via ${LanOut}
${FwCMD} 554 allow udp from ${IpOut} to any 27015-27025 out via ${LanOut}
${FwCMD} 560 deny log all from any to ${IpOut} in via ${LanOut} setup
${FwCMD} 570 allow tcp from ${IpOut} to any out via ${LanOut} setup
${FwCMD} 571 allow tcp from any to ${IpOut} in via ${LanIn} setup
${FwCMD} 580 allow ip from ${NetIn} to ${NetIn} in via ${LanIn}
${FwCMD} 581 allow ip from ${NetIn} to ${NetIn} out via ${LanIn}
${FwCMD} 582 allow ip from ${NetIn} to not ${NetIn} in via ${LanIn}
${FwCMD} 583 allow all from not ${NetIn} to ${NetIn} out via ${LanIn}
${FwCMD} 600 deny all from any to any