From owner-freebsd-pf@FreeBSD.ORG Wed Dec 3 07:46:09 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F19F71065673 for ; Wed, 3 Dec 2008 07:46:09 +0000 (UTC) (envelope-from rmaglasang@infoweapons.com) Received: from infoweapons.com (mail0.infoweapons.org [204.2.248.50]) by mx1.freebsd.org (Postfix) with ESMTP id 918478FC12 for ; Wed, 3 Dec 2008 07:46:09 +0000 (UTC) (envelope-from rmaglasang@infoweapons.com) Received: from ([58.71.34.146]) by mail0.infoweapons.com with ESMTP id 4321444.1423242; Wed, 03 Dec 2008 02:30:53 -0500 Received: from [10.3.1.41] ([10.3.1.41]) by cebexch01.cebu.infoweapons.com over TLS secured channel with Microsoft SMTPSVC(6.0.3790.3959); Wed, 3 Dec 2008 15:30:49 +0800 Message-ID: <493634DA.7000408@infoweapons.com> Date: Wed, 03 Dec 2008 15:27:22 +0800 From: "Ronnel P. Maglasang" User-Agent: Thunderbird 1.5 (X11/20060613) MIME-Version: 1.0 To: =?KOI8-R?Q?=E1=CC=C5=CB=D3=C1=CE=C4=D2_=FB=C5=D7=DE=C5=CE=CB=CF?= References: <76463C1E8CB14B958088F7E54C611560@ashevchenko> In-Reply-To: <76463C1E8CB14B958088F7E54C611560@ashevchenko> Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 8bit X-OriginalArrivalTime: 03 Dec 2008 07:30:49.0835 (UTC) FILETIME=[10A1C3B0:01C95519] Cc: freebsd-pf@freebsd.org Subject: Re: PF + ALTQ - Bandwidth per customer X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Dec 2008 07:46:10 -0000 Александр Шевченко wrote: > Using ipfw+dummynet you could easily limit bandwidth per ip: > > $IPFW pipe 4 config bw 50KByte/s mask dst-ip 0x000003ff > $IPFW pipe 7 config bw 50KByte/s mask src-ip 0x000003ff > $IPFW add pipe 4 ip from any to 172.16.16.0/22 via fxp0 in > $IPFW add pipe 7 ip from 172.16.16.0/22 to any via fxp0 out > > > Using pf+altq you could limit easily bandwith for all clients: > > altq on $int_if cbq bandwidth 1000Mb queue { powernet_local, powernet_inet } > queue powernet_local bandwidth 95% cbq(default) > queue powernet_inet bandwidth 40Mb > > pass out on $int_if from to queue > powernet_local > pass out on $int_if from ! to queue > powernet_inet > > But you could not limit bandwidth per ip using PF. > > why not? you create pf+altq equivalent rules for ipfw+dummynet rules. you may look at policy based filtering if needed. you just have to play with "tag" and "tagged" directives. > Ryan McBride wrote in > it.listserv.openbsd-pf(http://groups.google.com/group/bit.listserv.openbsd-p > f/msg/512d1eba9683cea6?hl=ru&dmode=source) > > >> P.S. By the way, no chance to shaping like ipfw(dummynet), by getting >> mask for all ip addresses? It's the last reason to stay with ipfw: >> > > No, there is nothing like this in PF right now. It's on my list of > things to look at, but that list grows faster than I can get things > done... > > -----Original Message----- > From: owner-freebsd-pf@freebsd.org [mailto:owner-freebsd-pf@freebsd.org] On > Behalf Of Andrei Kolu > Sent: Tuesday, December 02, 2008 11:42 AM > To: Peter Jeremy; freebsd-pf@freebsd.org; freebsd-isp@freebsd.org > Subject: Re: PF + ALTQ - Bandwidth per customer > > ipfw+dummynet is really ugly traffic "shaper" (let's face it there is no > shaping going on), because instead of limiting bandwidth it will drop > packets to simulate bad connection. I hear many years about "trivial" > configuration per user bandwidth limit with pf+altq but never saw ANY > code... You can't set bandwidth limit with PF like 3Mbit per 100 clients > if your lan card is 100Mbit. This is just lame- in reality clients never > use all bandwidth and never all clients are connected all the time. Even > Linux ipfilter does it for years with insane cryptic commandline but it > just works. > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >