This is an old revision of the document!
[gate:~] # cat /etc/ipfw.conf pipe 1 config bw 100mbit/s pipe 2 config bw 64kbit/s mask dst-ip 0xffffffff add 10 pipe 1 ip from any to 192.168.100+X.2 add 20 pipe 2 ip from any to 192.168.100+X.0/24 add 100 allow ip from any to any [gate:~] # cat /etc/rc.conf ... dummynet_enable=yes firewall_enable="YES" firewall_type="/etc/ipfw.conf" ... [gate:~] # /etc/rc.d/ipfw start [gate:~] # ipfw pipe show
http://www.openbsd.org/faq/pf/pools.html
[gate:~] # cat /etc/pf.conf lan_net = "192.168.1X.0/24" int_if = "tap0" ext_if1 = "fxp0" ext_if2 = "rl0" ext_gw1 = "10.10.105.100" ext_gw2 = "172.16.7.2" nat on $ext_if1 from $lan_net to any -> ($ext_if1) nat on $ext_if2 from $lan_net to any -> ($ext_if2) pass in on $int_if route-to \ { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \ proto tcp from $lan_net to any flags S/SA modulate state pass in on $int_if route-to \ { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } round-robin \ proto { udp, icmp } from $lan_net to any keep state pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 \ to any pass out on $ext_if2 route-to ($ext_if1 $ext_gw1) from $ext_if1 \ to any