ipfw, dummynet and a large subnet to shape
Sean Hafeez
sahafeez at edgefocus.com
Mon Jun 16 08:22:03 PDT 2003
i have been reading thru all the links on google and the man pages and
facts and have come to realize that the information is quite - not
right.
here is what i need to do:
i have a network - 10.0.0.0/22 that is nat'd. the external interface
is rl0 and the internal is rl1. i want everyone shaped to 1024kbits/s.
when i say everyone i mean each unique user (ie, 10.0.0.23 or
10.0.1.77 or 10.0.2.32) to be limited to a total of 1024kbits/s down
and up.
here is what i got.
ipfw -f flush
/sbin/natd -interface rl0
ipfw add 999 divert natd all from any to any via rl0
ipfw add pipe 1 ip from any to any in via rl1
ipfw add pipe 2 ip from any to any in via rl0
ipfw pipe 1 config mask src-ip 0xffffffff bw 1024kbits/s
ipfw pipe 2 config mask dst-ip 0xffffffff bw 1024kbits/s
i have add:
net.inet.ip.fw.one_pass=0
net.inet.ip.dummynet.hash_size=256
net.inet.ip.dummynet.max_chain_len=64
to sysctl.conf.
does not seem to be working right. have i got this wrong?
thanks!
More information about the freebsd-ipfw
mailing list