ipfw + dummynet: bandwidth limiting not working

[Jason Kocol]

> Remove the line that says 'ipfw add pass all from any to any' and it
> should work.
>
> - Sten

No, removing that line causes all traffic to the outside to cease. 
Meaning I can no longer ping out, cannot connect to any machine via ftp,
http, etc.
Also some services on startup complain, like mountd and RCP are unable to
register.  So it looks like I need to leave that line in in order to have
a connection to the internet.

> Or atleast number your rules... so that it falls after the pipe config.
>
> And check out sysctl net.inet.ip.fw.one_pass
>
> bkw

Moving the rules around in the firewall script, or numbering them, did at
least solve the problem of not configuring the pipe to the desired
bitstream, but even doing that and setting net.inet.ip.fw.one_pass=0 still
does not limit the bandwidth.

Any other suggestions?

Thanks,
Jason

>> I am running FreeBSD 4.8 STABLE and am trying to use dummynet
>> with ipfw to
>> limit bandwidth on my DSL connection.  I have added the rules
>> for dummynet
>> to my existing firewall rules in rc.firewall (which are
>> pretty open as you
>> can see) in the last two lines below:
>>
>> ipfw -f flush
>> ipfw add divert natd all from any to any via vx0
>> ipfw add pass all from any to any
>> ipfw pipe 1 config bw 128K
>> ipfw add pipe 1 tcp from x.x.x.x to any
>>
>> (x.x.x.x being my public IP address, and vx0 in line 2 being
>> the interface
>> for this address)
>>
>> By those last two lines I would expect the outbound/inbound
>> traffic to be
>> limited to 128Kbps, yet I am still able to transfer data at my normal
>> broadband speeds (1.5Mb/768Kb).
>>
>> Anyone have any idea why this is not working the way I'd expect it to?