From owner-freebsd-ipfw@FreeBSD.ORG  Fri Oct 24 03:02:41 2003
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 03DA116A4B3
	for <freebsd-ipfw@freebsd.org>; Fri, 24 Oct 2003 03:02:41 -0700 (PDT)
Received: from web20508.mail.yahoo.com (web20508.mail.yahoo.com
	[216.136.226.143])
	by mx1.FreeBSD.org (Postfix) with SMTP id 1B50F43FA3
	for <freebsd-ipfw@freebsd.org>; Fri, 24 Oct 2003 03:02:38 -0700 (PDT)
	(envelope-from alhagiep@yahoo.com)
Message-ID: <20031024100238.77393.qmail@web20508.mail.yahoo.com>
Received: from [24.87.98.182] by web20508.mail.yahoo.com via HTTP;
	Fri, 24 Oct 2003 03:02:38 PDT
Date: Fri, 24 Oct 2003 03:02:38 -0700 (PDT)
From: Alhagie Puye <alhagiep@yahoo.com>
To: Sean Hafeez <sahafeez@edgefocus.com>, freebsd-ipfw@freebsd.org
In-Reply-To: <2417D2D4-0589-11D8-BDAD-003065F1EE08@edgefocus.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Subject: Re: Shaping a lot of users...
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Oct 2003 10:02:41 -0000

I have a similar setup and this is what my firewall
script look like:

# EVERYBODY "DOWN"
add queue 1 ip from any to 192.168.42.0/27
queue 1 config weight 1 pipe 1 mask dst-ip 0xffffffff
pipe 1 config bw 1500Kbit/s
#
# EVERYBODY "UP"
add queue 2 ip from 192.168.42.0/27 to any
queue 2 config weight 1 pipe 2 mask src-ip 0xffffffff
pipe 2 config bw 400Kbit/s

The output looks like this:

firewall# ipfw pipe list 
00001:   1.500 Mbit/s    0 ms   50 sl. 0 queues (1
buckets) droptail
    mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
00002: 400.000 Kbit/s    0 ms   50 sl. 0 queues (1
buckets) droptail
    mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
q00001: weight 1 pipe 1   50 sl. 3 queues (256
buckets) droptail
    mask: 0x00 0x00000000/0x0000 -> 0xffffffff/0x0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____
Tot_pkt/bytes Pkt/Byte Drp
 79 ip           0.0.0.0/0       192.168.42.31/0      
 1      229  0    0   0
 81 ip           0.0.0.0/0        192.168.42.1/0     
103     6958  0    0   0
 82 ip           0.0.0.0/0        192.168.42.2/0      
95    27837  0    0   0
q00002: weight 1 pipe 2   50 sl. 2 queues (256
buckets) droptail
    mask: 0x00 0xffffffff/0x0000 -> 0x00000000/0x0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____
Tot_pkt/bytes Pkt/Byte Drp
170 ip      192.168.42.1/0             0.0.0.0/0      
68    10862  0    0   0
172 ip      192.168.42.2/0             0.0.0.0/0     
164    13563  0    0   0

Hope this helps.

Cheers,
Alhagie.
--- Sean Hafeez <sahafeez@edgefocus.com> wrote:
> I am using the following:
> 
> ipfw -f flush
> /sbin/natd -interface rl0
> ipfw add 999 divert natd all from any to any via rl0
> ipfw add pipe 1 ip from any to any in recv rl1
> ipfw add pipe 2 ip from any to any out xmit rl1
> ipfw pipe 1 config mask src-ip 0xffffffff bw
> 1024kbits/s
> ipfw pipe 2 config mask dst-ip 0xffffffff bw
> 1024kbits/s
> 
> rl0 - outside
> rl1 - inside
> 
> and I have this is my sysctl.conf
> 
> net.inet.ip.fw.one_pass=0
> net.inet.ip.dummynet.hash_size=512
> net.inet.ip.dummynet.max_chain_len=64
> 
> This seems to work great for limiting each user to a
> max of 1 meg up 
> and down.
> 
> What I want to know is how do I do the same thing
> but shape the users 
> to have EQUAL bandwidth in times of load. What I
> mean is this:
> 
> Each unique IP address on the inside
> (192.168.1.x/22) is limited to a 
> max of 1 meg. If there is a hugh load that exceeds
> my internet 
> bandwidth (2 T1's - so 3 megs) I would like each
> users to get the same 
> amount of bandwidth - 30 users all getting 100k. I
> would like it to 
> adjust based on the load.
> 
> I have looked at the docs and example but I am a bit
> confused.
> 
> Also we need to be careful not to shape the BSD box
> itself - I have 
> seen some rules that screw things up because they
> shape the shaping 
> box!!
> 
> Thanks All!
> 
> _______________________________________________
> freebsd-ipfw@freebsd.org mailing list
>
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to
"freebsd-ipfw-unsubscribe@freebsd.org"


__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com