FreeBSD Traffic Shaping
alexus
alexus at gmail.com
Wed Feb 3 06:31:31 UTC 2010
Hi
I'm trying to do traffic shaping with FreeBSD, here are my rules
su-3.2# ipfw pipe show
00001: 1.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail
mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp
0 tcp 64.237.55.83/60546 206.223.183.156/80 35704818
2711309193 0 0 0
00002: 1.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail
mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp
0 tcp 206.223.183.156/80 64.237.55.83/60546 46186238
55031603690 0 0 585064
su-3.2# ipfw show
00100 50878094 8828324288 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
08025 7985221 2441309667 allow tcp from any to any dst-port 25
08110 2921293 144559774 allow tcp from any to any dst-port 110
08143 207578 11273485 allow tcp from any to any dst-port 143
08381 35704746 2711287847 pipe 1 tcp from any to any dst-port 80 uid daemon
08382 46186754 55032183316 pipe 2 tcp from any 80 to any uid daemon
08993 1304764 130695084 allow tcp from any to any dst-port 993
08995 637970 56234323 allow tcp from any to any dst-port 995
65000 124980086 87768197494 allow ip from any to any
65535 0 0 deny ip from any to any
su-3.2#
first of all why when I run ipfw pipe 1 show i get same source and
destination ip, that doesnt seem like ever change yet total
packets/bytes increasing
and most important question, after donig all that I'm looking at my
MRTG stats and I see i'm very well over 1Mbit/s limit. main services
that i run on my box is web and mail
what am I doing wrong?
here is config file
su-3.2# cat /etc/ipfw.rules
flush
pipe flush
pipe 1 config bw 1Mbit/s mask src-port www
pipe 2 config bw 1Mbit/s mask src-port www
add 100 allow ip from any to any via lo0
add 200 deny ip from any to 127.0.0.0/8
add 300 deny ip from 127.0.0.0/8 to any
add 8381 pipe 1 tcp from any to any dst-port www uid daemon
add 8382 pipe 2 tcp from any to any src-port www uid daemon
add 8025 allow tcp from any to any dst-port smtp
add 8110 allow tcp from any to any dst-port pop3
add 8143 allow tcp from any to any dst-port imap
add 8993 allow tcp from any to any dst-port imaps
add 8995 allow tcp from any to any dst-port pop3s
add 65000 pass all from any to any
su-3.2# uptime
6:06AM up 25 days, 3:48, 1 user, load averages: 0.04, 0.03, 0.00
su-3.2# uname -rp
7.2-RELEASE-p6 amd64
su-3.2#
--
http://alexus.org/
More information about the freebsd-questions
mailing list