any problems using dummynet as a module?
Andy Firman
andy at firman.us
Tue Apr 26 20:08:18 PDT 2005
I need to traffic shape a remote box that runs IPF, and I
have taken the time to learn to use IPFW with dummynet,
and also that I can run IPFW wide open as IPF is the firewall.
The box is 5.4 stable (generic) and I can't get around doing a reboot,
from all the testing I have done. Must reboot unfortunately.
Loading the ipfw.ko and/or the dummynet.ko with kldload locks
me out of an identical test box which is bad news for me.
This box is in a colo center with just one ethernet interface.
So my procedure works, but I am wondering if I should just
suck it up and compile all this stuff into the kernel,
or if my procedure below is somewhat safe?
(it works, but I am looking for any hidden issues?)
========================================================
1. Add this to /boot/loader.conf
dummynet_load="YES"
2. Add this to rc.conf:
firewall_enable="YES"
firewall_quiet="YES"
firewall_logging="YES"
firewall_script="/etc/ipfw.rules"
3. Edit /etc/ipfw.rules with these entries:
------------------------------------------------
ipfw -q -f flush
ipfw -q add 100 pass all from any to any via lo0
ipfw -q add 200 deny all from any to 127.0.0.0/8
ipfw -q add 300 deny ip from 127.0.0.0/8 to any
ipfw -q add 65000 pass all from any to any
ipfw -q add 1 pipe 1 ip from any to any out xmit ed0
ipfw -q pipe 1 config bw 128kbits/s
-------------------------------------------------
REBOOT
...and the rate limiting works and I can also change the
speed on the fly which is a good thing....
========================================================
Thanks for any comments!
More information about the freebsd-questions
mailing list