HELP ME

[Nima Mohammadi]

Hi 
i have a freebsd 7.1 with ipfw and dummynet and natd and all the things is
good.
but the i can not limite the upload to the internet with dummynet. 
the download limit works fine . 



when change the pipe2 (to me in ) to ( to any in) the internet connection of
my client will be down
vr0 : internal net : 192.168.10.0/24
nfe0: out net : 212.80.13.1 ,2 ,3 

the upload is very high .
HELP ME

here is my ipfw config :
pfw -q -f flush

#Dedicate internet user and non internet user
############################################################################
#
#charter 55 for ali shirali movaghat share with andishgar

iuser="192.168.10.0/24{1,3,25,
<http://192.168.10.0/24%7B1,3,25,27,31,42,48,50,53,54,55,63,69,81,84,88,92,9
8,100,105,118,128,131,134,135,137,140,155,165,171%7D>
27,31,42,48,50,53,54,55,63,69,81,84,88,92,98,100,105,118,128,131,134,135,137
,140,155,165,171}"

noiuser="192.168.10.0/24{44, <http://192.168.10.0/24%7B44,46%7D> 46}"
############################################################################
##

##########################dummynet##########################################
#
#recive
ipfw -q add pipe 1 ip from any to ${iuser} out via vr0
ipfw pipe 1 config bw 9KByte/s # queue 11 delay 100ms

#send
ipfw -q add pipe 2 ip from ${iuser} to me in via vr0
ipfw pipe 2 config bw 7KByte/s # queue 11 delay 100ms
############################################################################
#

##################################NAT#######################################
##
ipfw -q add divert natd all from any to any via nfe0
ipfw -q add check-state 
############################################################################

#block any to loopback
ipfw -q add allow ip from any to any via lo0       
ipfw -q add deny ip from any to 127.0.0.0/8

#########################END internet
users##################################

#web & ssl & yahoo messenger
###################WEB Accsess##############################
ipfw -q add allow tcp from ${iuser} to any 80,443,5050 keep-state

#allow all http to internal
ipfw -q add allow tcp from any to any 80 in via nfe0 keep-state

#charter 10 access on ghd24.net 
#ipfw -q add allow tcp from 192.168.10.64 to 66.49.211.210,94.182.197.230 80
keep-state
######################END Web Access#########################

#aseman
ipfw -q add allow tcp from any to any 7769 keep-state
 
#amadeus
ipfw -q add allow tcp from any to any 9876,10000 keep-state

#air tour
ipfw -q add allow tcp from any to any 1770 keep-state

#ftp
ipfw -q add allow ip from any to any 21 keep-state
#ipfw -q add allow ip from any to any 1024-65535 keep-state
ipfw -q add allow tcp from 192.168.10.69,192.168.10.1,192.168.10.9 to any
1024-65535 keep-state
ipfw -q add allow tcp from any 1024-65535 to 192.168.10.1 keep-state

#ipfw -q add check-state

#DNS
ipfw -q add allow ip from any to any 53 keep-state
ipfw -q add allow ip from any 53 to any keep-state

#remote
ipfw -q add allow ip from any to any 35252,12114,3389 keep-state

#mysql remote
#ipfw -q add allow ip from any to any 3306,1433 keep-state

#share 
#ipfw -q add allow tcp from any to me 139
#ipfw -q add allow tcp from any 139 to any

#ping
ipfw -q add allow icmp from any to any

#cpanel
#ipfw -q add allow ip from any to any 2082,2083,2095 keep-state

#ssh
ipfw -q add allow tcp from any to me 5432 keep-state
ipfw -q add allow tcp from any 5432 to any keep-state

#Out look pop3
######################POP3 Access#####################

ipfw -q add allow tcp from ${iuser},${noiuser} to any 25 keep-state
ipfw -q add allow tcp from ${iuser},${noiuser} to any 110 keep-state

######################END POP3 Access#################
#gmail
#ipfw -q add allow tcp from any to any 995,465 keep-state

#Ghost Surf
ipfw -q add allow tcp from any to any 8888 keep-state

#VPN TO EXTRENAL
ipfw -q add allow gre from any to any keep-state
ipfw -q add allow tcp from any to any 1723 keep-state

#allow all to external
ipfw -q add allow ip from any to any out via nfe0

#deny all in from external
ipfw -q add deny all from any to any in via nfe0