From owner-freebsd-ipfw Wed Jan 29 12:50:33 2003 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 955AB37B401 for ; Wed, 29 Jan 2003 12:50:31 -0800 (PST) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2ABB043F43 for ; Wed, 29 Jan 2003 12:50:31 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.3/8.12.3) with ESMTP id h0TKoP8a062906; Wed, 29 Jan 2003 12:50:25 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.3/8.12.3/Submit) id h0TKoPnh062905; Wed, 29 Jan 2003 12:50:25 -0800 (PST) (envelope-from rizzo) Date: Wed, 29 Jan 2003 12:50:24 -0800 From: Luigi Rizzo To: Markus Weissmann Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: traffic shaping with ipfw? Message-ID: <20030129125024.A62382@xorpc.icir.org> References: <1C6134BC-33C3-11D7-9067-000393B7748C@gmx.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <1C6134BC-33C3-11D7-9067-000393B7748C@gmx.de>; from markus-weissmann@gmx.de on Wed, Jan 29, 2003 at 08:51:51PM +0100 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG one option would be to extend the "iplen" syntax to accommodate ranges. This should be trivial to implement. cheers luigi On Wed, Jan 29, 2003 at 08:51:51PM +0100, Markus Weissmann wrote: > Hi Folks! > > We've got a dsl-connection here with 768/128 KBit up/down. > The Probem is, when for example uploading lots of stuff, the > download goes down badly... > and more problematic: The responsiveness of ssh-connections > or the like go down to point of unuseability. > > Solution as far: > create dummy_net pipe with 90% of the upload bandwith and > stuff all traffic going out there; but before, take out > out the packets with small size (those are most propably the > syn/ack and ssh packets?) and let them pass. > > tun0 is the external device > --- > allow udp from any to any out xmit tun0 > allow icmp from any to any out xmit tun0 > allow tcp from any to any { iplen 32 or iplen 33 or iplen 34 or iplen > 35 or iplen 36 or iplen 37 or iplen 38 or iplen 39 or ... iplen 62 or > iplen 63 or iplen 64 } out xmit tun0 > queue 1 ip from any to any out xmit tun0 > --- > > any suggestions on this? (the 3rd line doesnt pleasure me too much...) > the responsiveness of ssh-sessions is only slightly improved > (hehe, a "allow tcp from any to any 22 out xmit tun0" wont do the > trick, cause > if someone does a 'scp' I'm doomed) > > > thanx in advance, > > Markus > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message