Traffic Shapping (IPFW + DUMMYNET) Question
Timothy Radigan
tradigan at newrevolutions.net
Thu Apr 14 06:53:10 PDT 2005
Hi all,
I'm new to the entire idea of traffic shaping and I came up with some rules
for my BSD firewall/router/VoIP gateway and I just wanted to make sure that
what I am trying to accomplish is actually going to happen with these rules
in place. Currently, my broadband connection is a 4Mb down and 384Mb up
pipe. My VoIP service requires 90Kb up and down. I have 3 separate
internal networks at my house. I have my wired 100Mb switched LAN
(192.168.15.0/24), I have my IPSec enabled Wireless LAN (192.168.20.0/24),
and I have my VoIP LAN (192.168.10.0/30). What I want to do with these
traffic shaping rules, is dedicate 100Kb up and down to the VoIP LAN, and
then I want to have equally shared bandwidth (the remaining speeds of my
broadband connection) for the wired and wireless LANs. Here are the rules I
have come up with so far:
<----------------------- (START) /etc/ipfw.rules ------------------------>
# flush all rules
ipfw -f flush
# configure the pipe main pipes - have 4000kbits/s down 384kbits/s up
# define 200kbits/s for the voip pipes
ipfw pipe 1 config bw 100Kbits/s
ipfw pipe 2 config bw 100Kbits/s
# wired / wifi lans - get all but 100kbits/s for both up and down
ipfw pipe 3 config bw 3900Kbits/s
ipfw pipe 4 config bw 284Kbits/s
# wired/wifi LAN internal transmission
ipfw pipe 5 config bw 100Mbits/s mask dst-ip 0xffffffff
ipfw pipe 6 config bw 100Mbits/s mask dst-ip 0xffffffff
ipfw pipe 7 config bw 100Mbits/s mask dst-ip 0xffffffff
ipfw pipe 8 config bw 100Mbits/s mask dst-ip 0xffffffff
# make sure the voip gets all of the bandwidth for the pipes
ipfw add 1 pipe 1 ip from 192.168.10.2 to any
ipfw add 1 pipe 2 ip from any to 192.168.10.2
# make sure the wired and wifi lans get all of the bandwidth for those pipes
ipfw add 2 pipe 5 ip from 192.168.15.0/24 to 192.168.0.0/16
ipfw add 2 pipe 6 ip from 192.168.0.0/16 to 192.168.15.0/24
ipfw add 3 pipe 7 ip from 192.168.20.0/24 to 192.168.0.0/16
ipfw add 3 pipe 8 ip from 192.168.0.0/16 to 192.168.20.0/24
# the wired / wifi lans will split the up and down pipes
ipfw queue 3 config weight 50 pipe 3 mask dst-ip 0x000000ff
ipfw queue 4 config weight 50 pipe 3 mask dst-ip 0x000000ff
ipfw queue 5 config weight 50 pipe 4 mask dst-ip 0x000000ff
ipfw queue 6 config weight 50 pipe 4 mask dst-ip 0x000000ff
# add inbound/outbound queues for the wired lan
ipfw add 100 queue 3 ip from any to 192.168.15.0/24
ipfw add 105 queue 5 ip from 192.168.15.0/24 to any
# add inbound/outbound queues for the wifi lan
ipfw add 200 queue 4 ip from any to 192.168.20.0/24
ipfw add 205 queue 6 ip from 192.168.20.0/24 to any
<------------------------ (END) /etc/ipfw.rules ------------------------->
Does this seem like it will perform as I am thinking it will?
Thanks
--Tim
More information about the freebsd-questions
mailing list