Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 24 May 2006 08:32:53 -0600
From:      G-der <gderama@gmail.com>
To:        freebsd-questions@freebsd.org
Subject:   Traffic shaping with ipfw/DUMMYNET when using natd
Message-ID:  <63cefb5c0605240732j264748bwa358ba904164d3f1@mail.gmail.com>
next in thread | raw e-mail | index | archive | help 
I've been setting up ipfw and DUMMYNET to do some traffic shaping on my
network.  Right now to test things out I've basicly put everything into two
categories.  There's traffic from 10.0.10.10 which is lower priority (this
is a download machine) and then there's everything else.

The biggest problem I've runinto is that because natd gets the packets firs=
t
thing the only way to catch outgoing traffic is on the internal network
interface.  That is if you want to limit based on which internal machine is
generating the traffic like in my case.  After the divert rule for natd the
src-ip field gets changed to my external ip address.  This has a side effec=
t
of limiting all the traffic on that internal interface, even stuff that is
not bound for the internet.

I've tried playing around a little bit with the bridged, diverted, and
diverted-output commands but can't get any of them to catch the packets.

Is there  a way to limit outgoing traffic based on which machine owns the
traffic internally that doesn't have to be done on the internal interface?
Would it be better practice to scan outgoing traffic before the divert rule=
s
for natd?

        extif=3D"rl0"
        intif=3D"rl1"

        #INCOMING TRAFFIC
        #Tested max incoming at 5914Kbit/s

        ${fwcmd} pipe 1 config bw 5800Kbit/s
        ${fwcmd} queue 1 config pipe 1 weight 2         #for torrent traffi=
c
        ${fwcmd} queue 5 config pipe 1 weight 10        #for everything els=
e

        ${fwcmd} add 1000 queue 1 ip from any to 10.0.10.10 in via ${extif}
        ${fwcmd} add 5000 queue 5 ip from any to any in via ${extif}


        #OUTGOING TRAFFIC
        #Tested max outgoing at 390Kbit/s

        ${fwcmd} pipe 2 config bw 360Kbit/s
        ${fwcmd} queue 6 config pipe 2 weight 2
        ${fwcmd} queue 10 config pipe 2 weight 10
        ${fwcmd} add 6000 queue 6 ip from 10.0.10.10 to any in via ${intif}
        ${fwcmd} add 8000 queue 10 ip from any to any in via ${intif}

Here's the rules, I appreciate the assistance.  Please cc me on reply, I'm
not a regular subscriber.

Thank you

Gene Dinkey

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?63cefb5c0605240732j264748bwa358ba904164d3f1>