FW: [5.2.1-RC, IPFW] Traffic Shaping

Lee Dilkie lee at dilkie.com
Wed Feb 4 05:54:52 PST 2004 

oops,

sent to wrong list....

-----Original Message-----
From: Lee Dilkie [mailto:lee at dilkie.com]
Sent: Wednesday, February 04, 2004 8:00 AM
To: 'Bjorn Eikeland'; 'Jaco van Tonder';
'owner-freebsd-questions at freebsd.org'
Subject: RE: [5.2.1-RC, IPFW] Traffic Shaping


>
> There isnt much you can really do as to shape incomming
> traffic, however
> you can limit how fast you accept the incomming data. (At
> least this is
> what im used to from my little experience with linux.)
>
> I tried* the following rule, and in theroy it sounds up to the job:
> ipfw add pipe 1 tcp from not me to me smtp
>
> *)when I say tried I really mean ipfw didnt complain, but no traffic
> actually saw it.
>
> Obviously you can replace 'me' with your actual ip and 'smtp'
> with 25, but
> I find its easier to read english.
>
> Feel free to try that though :)

I'm running IPFW on 4.9 and inbound traffic shaping does work, I've verified
that.

my rule section...

ipfw -f pipe flush
# do pipes first or later rules will tigger and pipes won't be used
# newfiechick in/out
ipfw pipe 1 config bw 100Kbit/s
ipfw pipe 2 config bw 60Kbit/s
# sendmail limits in/out
ipfw pipe 3 config bw 80Kbit/s
ipfw pipe 4 config bw 80Kbit/s
# testing
#ipfw pipe 5 config bw 80Kbit/s
#ipfw pipe 6 config bw 80Kbit/s
# bandwidth throttling
#ipfw add pipe 1 ip from any to newfiechick in
#ipfw add pipe 2 ip from newfiechick to any out
ipfw add pipe 3 tcp from any to spock smtp in
ipfw add pipe 3 tcp from any to spock pop3 in
ipfw add pipe 4 tcp from spock to any smtp out
ipfw add pipe 4 tcp from spock pop3 to any out
#ipfw add pipe 5 udp from any to 206.51.1.220 in
#ipfw add pipe 6 udp from 206.51.1.220 to any out

These come before any deny/allow rules.

The commented out testing rule was to an internet phone and i was able to
turn down the b/w and affect the voice quality in either direction so I'm
confident that this works.

-lee

>
> > Hi all,
> >
> > I am using FreeBSD 5.2.1-RC + IPFW2 + DUMMYNET to do
> traffic shaping.
> > This works well for my setup.
> > I have the following configuration:
> > The machine has 2 NIC's, xl0, dc0. The kernel is configured to do
> > bridging. The bridged
> > packets is passed to IPFW (net.link.ether.bridge.ipfw=1).
> >
> > I shape traffic this way:
> > The bridge is setup between a router and an internal mail server.
> > I am limiting bandwith using the following rules:
> > pipe 1 config bw 16KBytes/s
> > pipe 2 config bw 12KBytes/s
> >
> > and then:
> >
> > add pipe 1 tcp from any to any 25  (limit incoming traffic
> towards smtp)
> > add pipe 2 tcp from any 110 to any (limit outgoing traffic
> from pop3)
> >
> > Yesterday, while browsing through Absolute BSD by Michael
> Lucas I read
> > an interesting part:
> > You cannot shape incoming traffic the way that I do at the moment.
> >
> > Now, my question:
> > How can I limit the incoming traffic towards my smtp server
> properly?
> >
> > Any advice would be apreciated.
> >
> > Thank you,
> > Regards
> > Jaco van Tonder
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>

More information about the freebsd-questions mailing list