limiting bandwith

Luigi Rizzo rizzo at icir.org
Tue Apr 13 09:17:39 PDT 2004 

i think it is pilot error.

Be warned that dynamic rules only match addresses and ports,
so once a rule is installed it will match traffic both
in and out.
If you want to select on other attributes you have to do
it before you hit any keep-state or check-state rule.

I don't know if it matches recent reports about dummynet on 5.2.1
giving half the bandwidth, but i just checked locally and it
does work as expected -- the bandwidth is correct (with a correct
ipfw config, that is :)

	cheers
	luigi

On Tue, Apr 13, 2004 at 05:06:16PM +0200, Ludo Koren wrote:
> 
> Hi.
> 
> I am running ipfw on 5.2.1-RELEASE-p1.
> 
> The relevant part of the ipfw configuration follows:
> 
> add check-state
> pipe 10 config bw 64Kbit/s
> pipe 20 config bw 256Kbit/s
> pipe 30 config bw 8Kbit/s
> queue 10 config pipe 10 weight 100
> queue 20 config pipe 20 weight 1
> queue 30 config pipe 30 weight 1
> ....
> 
> # Allow SMTP
> add pass tcp from A to B 25 keep-state
> add pass tcp from B to A dst-port 25 in via xl0
> add pass tcp from A 25 to B in recv xl1
> add pipe 20 tcp from B to A dst-port 25 out xmit xl1 keep-state
> add pass tcp from C to B 25 keep-state
> add pass tcp from B to C dst-port 25 in via xl0
> add pass tcp from C 25 to B in recv xl1
> add pipe 20 tcp from B to C dst-port 25 out xmit xl1 keep-state
> 
> where the A,B,C addresses are not assigned to local interfaces. The
> xl0 is on the local LAN, the xl1 is connected to the router and
> WAN. If I watch packets (netstat -w 10 -I xl1) flowing through xl1, I
> see numbers are correct (~32000 bytes per second). MRTG on the router
> shows just half throughput, i.e. 128Kb/s. If I reconfigure pipe 20 to
> 512Kbit/s or 0Kbit/s, the MRTG shows 256Kbit/s.
> 
> Could you point to me what I did wrong?
> 
> Thank you very much in advance.
> 
> lk
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"

More information about the freebsd-ipfw mailing list