PF + ALTQ - Bandwidth per customer
Ronnel P. Maglasang
rmaglasang at infoweapons.com
Tue Dec 2 23:46:10 PST 2008
Александр Шевченко wrote:
> Using ipfw+dummynet you could easily limit bandwidth per ip:
>
> $IPFW pipe 4 config bw 50KByte/s mask dst-ip 0x000003ff
> $IPFW pipe 7 config bw 50KByte/s mask src-ip 0x000003ff
> $IPFW add pipe 4 ip from any to 172.16.16.0/22 via fxp0 in
> $IPFW add pipe 7 ip from 172.16.16.0/22 to any via fxp0 out
>
>
> Using pf+altq you could limit easily bandwith for all clients:
>
> altq on $int_if cbq bandwidth 1000Mb queue { powernet_local, powernet_inet }
> queue powernet_local bandwidth 95% cbq(default)
> queue powernet_inet bandwidth 40Mb
>
> pass out on $int_if from <neighbors_net> to <internal_net> queue
> powernet_local
> pass out on $int_if from !<neighbors_net> to <internal_net> queue
> powernet_inet
>
> But you could not limit bandwidth per ip using PF.
>
>
why not? you create pf+altq equivalent rules for ipfw+dummynet rules.
you may look at policy based filtering if needed. you just have to play
with "tag" and "tagged" directives.
> Ryan McBride wrote in
> it.listserv.openbsd-pf(http://groups.google.com/group/bit.listserv.openbsd-p
> f/msg/512d1eba9683cea6?hl=ru&dmode=source)
>
>
>> P.S. By the way, no chance to shaping like ipfw(dummynet), by getting
>> mask for all ip addresses? It's the last reason to stay with ipfw:
>>
>
> No, there is nothing like this in PF right now. It's on my list of
> things to look at, but that list grows faster than I can get things
> done...
>
> -----Original Message-----
> From: owner-freebsd-pf at freebsd.org [mailto:owner-freebsd-pf at freebsd.org] On
> Behalf Of Andrei Kolu
> Sent: Tuesday, December 02, 2008 11:42 AM
> To: Peter Jeremy; freebsd-pf at freebsd.org; freebsd-isp at freebsd.org
> Subject: Re: PF + ALTQ - Bandwidth per customer
>
> ipfw+dummynet is really ugly traffic "shaper" (let's face it there is no
> shaping going on), because instead of limiting bandwidth it will drop
> packets to simulate bad connection. I hear many years about "trivial"
> configuration per user bandwidth limit with pf+altq but never saw ANY
> code... You can't set bandwidth limit with PF like 3Mbit per 100 clients
> if your lan card is 100Mbit. This is just lame- in reality clients never
> use all bandwidth and never all clients are connected all the time. Even
> Linux ipfilter does it for years with insane cryptic commandline but it
> just works.
>
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>
More information about the freebsd-pf
mailing list