assistance dummynet config

Bob Ababurko bob at phreakout.net
Wed Nov 3 13:10:16 PST 2004 

At 12:58 PM 11/1/2004, you wrote:
>Hello all-
>
>WHat I am trying to accomplish with this dummynet config is give priority 
>to udp traffic, namely dns and tcp ack's so that I can send mail to our 
>clients announcement list, as fast and efficient as possible without 
>congestion.  So basically, I need this machine to ba able to make dns 
>lookups with out a problem and I need the acks to get back to my machine 
>so that the SMTP conversation can take place with out latency.  I am not 
>sure if I have taken all that I need into consideration, but for now I 
>could use some constructive criticism in terms of making it better.
>
>Using FreeBSD 5.2.1, I have:
>
>/etc/sysctl.conf :
>net.inet.ip.fw.one_pass=0
>
>/etc/rc.conf :
>firewall_enable="YES"
>firewall_script="/etc/rc.dummynet"
>firewall_type="open"
>firewall_logging="YES"
>
>
>/etc/rc.dummynet :
>ipfw -f flush
>ipfw pipe 1 config bw 300kbits/s
>ipfw queue 1 config pipe 1 weight 100
>ipfw queue 2 config pipe 1 weight 1 mask all
>ipfw add 100 queue 1 udp from any to any out via fxp0
>ipfw add 101 skipto 1000 udp from any to any out via fxp0
>ipfw add 110 queue 1 tcp from any to any out via fxp0 tcpflags ack
>ipfw add 111 skipto 1000 tcp from any to any out via fxp0 tcpflags ack
>ipfw add queue 2 ip from any to any out via fxp0
>ipfw add 1000 allow all from any to any
>
>
>Can I make this better or am I even on the right road??  Thanks in advance 
>for your help.
>
>Regards,
>Bob
>
>_______________________________________________
>freebsd-ipfw at freebsd.org mailing list
>http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
>To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
I find myself responding to my own post....I noted in my initial post that 
I am using the dummynet on a machine that is sending mail, I am not sure 
that I need to let it be known, but I am not a spammer and the announcement 
list is a newsletter for an opt-in list.  We do hosting , but we just took 
on a client that has a newsletter and when it is deploying, the machine 
that it is on, is totally worthless to the rest of us at the shop. I am 
wondering why I am not getting any responses from the list and hope that 
this is the reason and it is not because people do not care, or do not 
bother to get the list.

I am also wondering if there is a way to do any limiting based on alias 
addresses.  I am thinking about putting the DNS, which is the service that 
we at the office are not able to access while the mail is being sent out on 
the machine.  Is there a way to designate a virtual interface in the 
dummynet config.  I came from a Solaris background and the virtual 
interface were addressed as hme0:1.  I know that FreeBSD does not use this 
notation, but is there a way to make rules for additional virtual
interface or aliases?

Thanks for the help in advance?  I hope.

peace,
Bob

More information about the freebsd-ipfw mailing list