From owner-freebsd-ipfw@FreeBSD.ORG Sat Nov 29 03:07:43 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 413D516A4CE for ; Sat, 29 Nov 2003 03:07:43 -0800 (PST) Received: from fed1mtao05.cox.net (fed1mtao05.cox.net [68.6.19.126]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4B8E943F85 for ; Sat, 29 Nov 2003 03:07:42 -0800 (PST) (envelope-from sahafeez@edgefocus.com) Received: from [192.168.64.100] ([68.4.168.164]) by fed1mtao05.cox.net (InterMail vM.5.01.06.05 201-253-122-130-105-20030824) with ESMTP id <20031129110715.VINU9968.fed1mtao05.cox.net@[192.168.64.100]> for ; Sat, 29 Nov 2003 06:07:15 -0500 Mime-Version: 1.0 (Apple Message framework v606) To: freebsd-ipfw@freebsd.org Message-Id: <3A04E74D-225C-11D8-98F0-003065F1EE08@edgefocus.com> From: Sean Hafeez Date: Sat, 29 Nov 2003 03:07:31 -0800 X-Mailer: Apple Mail (2.606) Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: MAN page example vs. this? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Nov 2003 11:07:43 -0000 the man pages has this example: ipfw add pipe 1 ip from 192.168.2.0/24 to any out ipfw add pipe 2 ip from any to 192.168.2.0/24 in ipfw pipe 1 config mask src-ip 0x000000ff bw 200Kbit/s queue 20Kbytes ipfw pipe 2 config mask dst-ip 0x000000ff bw 200Kbit/s queue 20Kbytes the man page say this does: ...is limiting the outbound traffic on a net with per-host limits, rather than per-network limits... my first question is this just outbound? seem to me that pipe 1 is the outbound limit and pipe 2 is an inbound limit? so this is a symmetric link? am i reading this wrong? second, the mask only applies to the last octet of the ip address (ff) - correct? so each host both out bound user and is upstream target (i.e. www.cnn.com)? now here is what i got from somewhere else. i am limiting each host (ip address) to 200kbits/s. rl1 is the internal interface to the users. ipfw add pipe 1 ip from any to any in recv rl1 ipfw add pipe 2 ip from any to any out xmit rl1 ipfw pipe 1 config mask src-ip 0xffffffff bw 200kbits/s ipfw pipe 2 config mask dst-ip 0xffffffff bw 200kbits/s are these 2 examples functionally the same? if not what is the difference? also in the first example, if the network was changed to 192.168.0.0/23, the mask would be 0x000003ff (255.255.254.0) ? it is a reverse mask like a cisco, right? thanks for your time!