From owner-freebsd-questions@FreeBSD.ORG Wed Sep 20 12:50:24 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E6D2416A4D2 for ; Wed, 20 Sep 2006 12:50:24 +0000 (UTC) (envelope-from freebsd@meijome.net) Received: from sigma.octantis.com.au (ns2.octantis.com.au [207.44.189.124]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0BB6C43D8C for ; Wed, 20 Sep 2006 12:50:17 +0000 (GMT) (envelope-from freebsd@meijome.net) Received: (qmail 8764 invoked from network); 20 Sep 2006 22:50:17 +1000 Received: from 203-217-44-23.dyn.iinet.net.au (HELO localhost) (203.217.44.23) by sigma.octantis.com.au with (DHE-RSA-AES256-SHA encrypted) SMTP; 20 Sep 2006 22:50:17 +1000 Date: Wed, 20 Sep 2006 22:50:10 +1000 From: Norberto Meijome To: Nikos Vassiliadis Message-ID: <20060920225010.3eec8ef7@localhost> In-Reply-To: <200609201420.19407.nvass@teledomenet.gr> References: <20060920012401.3cfbb715@localhost> <200609201420.19407.nvass@teledomenet.gr> X-Mailer: Sylpheed-Claws 2.4.0 (GTK+ 2.8.20; i386-portbld-freebsd6.1) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: Packet loss simulation with ALTQ X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Sep 2006 12:50:25 -0000 On Wed, 20 Sep 2006 14:20:19 +0300 Nikos Vassiliadis wrote: > On Tuesday 19 September 2006 18:24, Norberto Meijome wrote: > > hi there :) > > I was planning to migrate a 4.11 firewall using a combo of ipf/ipnat and > > ipfw pipe/dummynets to pf + ALTQ. > > pf/ipf/ipfw & dummynet/ALTQ are available since 5.3-R if I recall correctly. Yes, of course - sorry, i meant to say 'I have a 4.11 which will be upgrading to 6.2' :) thanks for making me right. > > > One thing I haven't figured out how to do with pf is the plr option to the > > dummynet configuration - we use it to simulate modem connections or just > > simply bad links. > > pf.conf manual(6.1-STABLE) > > probability > A probability attribute can be attached to a rule, with a value set > between 0 and 1, bounds not included. In that case, the rule will > be honoured using the given probability value only. For example, > the following rule will drop 20% of incoming ICMP packets: > > block in proto icmp probability 20% > thanks :) i didn't realise it could be done this way :) > > > Also, is it definitely possibly to simulate the 'delay' option of dummynet > > with pf+ALTQ ? > > No, ALTQ cannot delay packets, you have to use dummynet for this. gotcha, so i may end up using 2 firewalls anyway... :-) I think I may go with ipfw and dummynet to keep it to one set.... I'll have to read on some comparisons before making up my mind... The alternative would be to use netgraph to add this delay... not sure if there is a ng_delay node ... thanks for your help, B _________________________ {Beto|Norberto|Numard} Meijome Q. How do you make God laugh? A. Tell him your plans. I speak for myself, not my employer. Contents may be hot. Slippery when wet. Reading disclaimers makes you go blind. Writing them is worse. You have been Warned.