MAN page example vs. this?
Sean Hafeez
sahafeez at edgefocus.com
Tue Dec 2 18:28:23 PST 2003
Thank you for the info. One or 2 questions if I could?
On Dec 1, 2003, at 4:03 PM, Jon Simola wrote:
>>
>> ipfw add pipe 1 ip from any to any in recv rl1
>> ipfw add pipe 2 ip from any to any out xmit rl1
>> ipfw pipe 1 config mask src-ip 0xffffffff bw 200kbits/s
>> ipfw pipe 2 config mask dst-ip 0xffffffff bw 200kbits/s
>>
>> are these 2 examples functionally the same? if not what is the
>> difference?
>
> You're forcing the interface. Be careful, as packets may flow through
> in
> ways you don't expect.
>
Such as? There are 2 interfaces, rl0 & rl1. rl0 is the internet side,
rl1 the internal. What could I miss?
>> also in the first example, if the network was changed to
>> 192.168.0.0/23, the mask would be 0x000003ff (255.255.254.0) ? it is a
>> reverse mask like a cisco, right?
>
> That mask has nothing to do with a network mask. It's a simple bitmask,
> used to pick out the bits in the src/dst ip/port combinations that are
> used to hash the packets into a unique bucket.
>
> If you used "mask src-ip 0x00000001" you would be sorting the packets
> into
> buckets (and queues) based on whether the source IP's last octet was
> even
> or odd.
So 0xffffffff would match one user to one website, etc...?
In doing what I am doing am I limiting each user (IP) to a total of
200kbits or 200kbits for each user for every pipe they open?
Thanks!
More information about the freebsd-ipfw
mailing list