Date: Wed, 03 Dec 2008 15:27:22 +0800 From: "Ronnel P. Maglasang" <rmaglasang@infoweapons.com> To: =?KOI8-R?Q?=E1=CC=C5=CB=D3=C1=CE=C4=D2_=FB=C5=D7=DE=C5=CE=CB=CF?= <alexander.shevchenko@itv.ru> Cc: freebsd-pf@freebsd.org Subject: Re: PF + ALTQ - Bandwidth per customer Message-ID: <493634DA.7000408@infoweapons.com> In-Reply-To: <76463C1E8CB14B958088F7E54C611560@ashevchenko> References: <76463C1E8CB14B958088F7E54C611560@ashevchenko>
next in thread | previous in thread | raw e-mail | index | archive | help
Александр Шевченко wrote:
> Using ipfw+dummynet you could easily limit bandwidth per ip:
>
> $IPFW pipe 4 config bw 50KByte/s mask dst-ip 0x000003ff
> $IPFW pipe 7 config bw 50KByte/s mask src-ip 0x000003ff
> $IPFW add pipe 4 ip from any to 172.16.16.0/22 via fxp0 in
> $IPFW add pipe 7 ip from 172.16.16.0/22 to any via fxp0 out
>
>
> Using pf+altq you could limit easily bandwith for all clients:
>
> altq on $int_if cbq bandwidth 1000Mb queue { powernet_local, powernet_inet }
> queue powernet_local bandwidth 95% cbq(default)
> queue powernet_inet bandwidth 40Mb
>
> pass out on $int_if from <neighbors_net> to <internal_net> queue
> powernet_local
> pass out on $int_if from !<neighbors_net> to <internal_net> queue
> powernet_inet
>
> But you could not limit bandwidth per ip using PF.
>
>
why not? you create pf+altq equivalent rules for ipfw+dummynet rules.
you may look at policy based filtering if needed. you just have to play
with "tag" and "tagged" directives.
> Ryan McBride wrote in
> it.listserv.openbsd-pf(http://groups.google.com/group/bit.listserv.openbsd-p
> f/msg/512d1eba9683cea6?hl=ru&dmode=source)
>
>
>> P.S. By the way, no chance to shaping like ipfw(dummynet), by getting
>> mask for all ip addresses? It's the last reason to stay with ipfw:
>>
>
> No, there is nothing like this in PF right now. It's on my list of
> things to look at, but that list grows faster than I can get things
> done...
>
> -----Original Message-----
> From: owner-freebsd-pf@freebsd.org [mailto:owner-freebsd-pf@freebsd.org] On
> Behalf Of Andrei Kolu
> Sent: Tuesday, December 02, 2008 11:42 AM
> To: Peter Jeremy; freebsd-pf@freebsd.org; freebsd-isp@freebsd.org
> Subject: Re: PF + ALTQ - Bandwidth per customer
>
> ipfw+dummynet is really ugly traffic "shaper" (let's face it there is no
> shaping going on), because instead of limiting bandwidth it will drop
> packets to simulate bad connection. I hear many years about "trivial"
> configuration per user bandwidth limit with pf+altq but never saw ANY
> code... You can't set bandwidth limit with PF like 3Mbit per 100 clients
> if your lan card is 100Mbit. This is just lame- in reality clients never
> use all bandwidth and never all clients are connected all the time. Even
> Linux ipfilter does it for years with insane cryptic commandline but it
> just works.
>
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?493634DA.7000408>