From owner-freebsd-ipfw Mon Dec 10 2:29:52 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from mix.premierbank.dp.ua (premierbank.atlantis.dp.ua [193.108.46.78]) by hub.freebsd.org (Postfix) with SMTP id 6EE5037B405 for ; Mon, 10 Dec 2001 02:29:11 -0800 (PST) Received: (qmail 6697 invoked by uid 85); 10 Dec 2001 10:28:44 -0000 Received: from kot@premierbank.dp.ua by mix.premierbank.dp.ua with qmail-scanner-1.01 (. Clean. Processed in 0.363278 secs); 10 Dec 2001 10:28:44 -0000 Received: from kot.premierbank.dp.ua (HELO kot) (192.168.2.136) by mix.premierbank.dp.ua with SMTP; 10 Dec 2001 10:28:43 -0000 Message-ID: <002c01c18165$71512d70$8802a8c0@premierbank.dp.ua> From: "Konstantin Reznichenko" To: Cc: , Subject: IPsec & dummynet - HELP! Date: Mon, 10 Dec 2001 12:28:43 +0200 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 Disposition-Notification-To: "Konstantin Reznichenko" X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello, All. I do not know already where to dig! Is IPSec the tunnel through dial-up, on it(him) with the help UUCP the file exchange is organized. IPSEC.CONF: #!/bin/sh flush; spdflush; add 10.0.0.51 10.0.0.50 esp 0x10051 -m tunnel -E 3des-cbc "123456789012345678901234" -A hmac-sha1 "12345678901234567890"; add 10.0.0.50 10.0.0.51 esp 0x10050 -m tunnel -E 3des-cbc "123456789012345678901234" -A hmac-sha1 "12345678901234567890"; spdadd 192.168.2.0/24 192.168.3.0/24 any -P out ipsec esp/tunnel/10.0.0.50-10.0.0.51/require; spdadd 192.168.3.0/24 192.168.2.0/24 any -P in ipsec esp/tunnel/10.0.0.51-10.0.0.50/require; RC.CONF: gif_interfaces = "gif0" gifconfig_gif0 = " 10.0.0.50 10.0.0.51" ifconfig_gif0 = " inet 192.168.2.249 192.168.3.212 netmask 255.255.255.0" static_routes = "0" route_0 = "-net 192.168.3.0 192.168.3.212 -netmask 255.255.255.0" ipsec_enable = "YES" I try to organize restriction of the traffic in the tunnel through gif0: IPFW pipe 10 config bw 33600bit/s out IPFW queue 1 config pipe 10 weight 50 IPFW add 60100 queue 1 tcp from any 540 to any via gif0 Under this rule any package does not get, TCPDUMP on gif0 - is silent. On seen IPsec packages do not reach up to ipfw, and at once get in the tunnel. The search in the Internet has not brought expected results. In OpenBSD there is a special device "enc" intended specially for these purposes (through him(it) passes all traffic before that how to get in the tunnel). Really on FreeBSD it cannot be realized? Somebody decided(solved) similar tasks? I shall be grateful for any information! Kot. PS: I am sorry for bad English To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Mon Dec 10 5:24:31 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from vitalstatistix.cs.uoregon.edu (vitalstatistix.cs.uoregon.edu [128.223.4.19]) by hub.freebsd.org (Postfix) with ESMTP id 6477B37B405 for ; Mon, 10 Dec 2001 05:24:27 -0800 (PST) Received: from ix.cs.uoregon.edu (ix.cs.uoregon.edu [128.223.4.21]) by vitalstatistix.cs.uoregon.edu (8.11.0/8.11.0) with ESMTP id fBADOPj14406 for ; Mon, 10 Dec 2001 05:24:26 -0800 (PST) From: Mark Steven Baker Received: (from msbaker@localhost) by ix.cs.uoregon.edu (8.9.1a/8.9.1) id FAA26264 for freebsd-ipfw@FreeBSD.ORG; Mon, 10 Dec 2001 05:24:25 -0800 (PST) Message-Id: <200112101324.FAA26264@ix.cs.uoregon.edu> Subject: ipfw.8 in RELENG_4 has .DD February 16, 2000 To: freebsd-ipfw@FreeBSD.ORG Date: Mon, 10 Dec 2001 05:24:25 -0800 (PST) X-Mailer: ELM [version 2.4ME+ PL95 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, I was looking at the latest version of the ipfw.8 man page in FreeBSD 4-stable from the web interface to the CVS repository and the version on my local source tree that was CVSUPed yesterday. The source file has a .DD macro indicating Febuary 16, 2000, yet there were a number of substantial revisions and additions made in the last 6 weeks (Revisions 1.63.2.16 and 1.63.2.17) to this man page and the ipfw implementation. When viewing man pages, this makes it confusing whether the man page has been updated to reflect the latest version changes to the ipfw.c (Revision 1.80.2.20, for example). Thanks, -Steve Steven Baker msbaker@cs.uoregon.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Tue Dec 11 11: 1:44 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from snipe.prod.itd.earthlink.net (snipe.mail.pas.earthlink.net [207.217.120.62]) by hub.freebsd.org (Postfix) with ESMTP id 8F55A37B405 for ; Tue, 11 Dec 2001 11:01:30 -0800 (PST) Received: from user-38lc2vk.dialup.mindspring.com ([209.86.11.244] helo=gohan.cjclark.org) by snipe.prod.itd.earthlink.net with esmtp (Exim 3.33 #1) id 16Ds9h-0002up-00; Tue, 11 Dec 2001 11:01:30 -0800 Received: (from cjc@localhost) by gohan.cjclark.org (8.11.6/8.11.1) id fBAMsV002062; Mon, 10 Dec 2001 14:54:31 -0800 (PST) (envelope-from cjc) Date: Mon, 10 Dec 2001 14:54:31 -0800 From: "Crist J. Clark" To: Mark Steven Baker Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: ipfw.8 in RELENG_4 has .DD February 16, 2000 Message-ID: <20011210145431.A1922@gohan.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <200112101324.FAA26264@ix.cs.uoregon.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200112101324.FAA26264@ix.cs.uoregon.edu>; from msbaker@cs.uoregon.edu on Mon, Dec 10, 2001 at 05:24:25AM -0800 X-URL: http://people.freebsd.org/~cjc/ Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Dec 10, 2001 at 05:24:25AM -0800, Mark Steven Baker wrote: > Hi, > > I was looking at the latest version of the ipfw.8 man page in FreeBSD > 4-stable from the web interface to the CVS repository and the version on my > local source tree that was CVSUPed yesterday. The source file has a .DD > macro indicating Febuary 16, 2000, yet there were a number of substantial > revisions and additions made in the last 6 weeks (Revisions 1.63.2.16 and > 1.63.2.17) to this man page and the ipfw implementation. When viewing > man pages, this makes it confusing whether the man page has been > updated to reflect the latest version changes to the ipfw.c > (Revision 1.80.2.20, for example). The date on manpages should be updated whenever non-trivial changes (mark-up, spelling, and grammar fixes are trivial) are made to the content of the page. However, developers often forget or do not realize they should do this. I think ipfw(8) is in sync with the code (at the moment). Please submit PRs if you find it otherwise. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Wed Dec 12 6:40:29 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from mail.webjogger.net (www.webjogger.net [208.29.192.4]) by hub.freebsd.org (Postfix) with ESMTP id 5DF8F37B50D for ; Wed, 12 Dec 2001 06:40:17 -0800 (PST) Date: Wed, 12 Dec 2001 09:40:09 -0500 Message-Id: <200112120940.AA27197778@mail.webjogger.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii From: "dino " Reply-To: To: Subject: limiting Bandwidth X-Mailer: Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I am running 4.4-STABLE FreeBSD with IPFW built into the kernel. The firewall and NAT job is being done by ipfilter v3.4.21. The machine has two interfaces: fxp0 and xl0. fxp0 is connected the private segment.(192.168.1.0) xl0 goes to internet. I am testing these set of rules: # pipe 10 config bw 1544kbit/s pipe 20 config bw 1544kbit/s add 1000 pipe 10 all from 192.168.1.0/26 to any out via xl0 add 1100 pipe 20 all from any to 192.168.1.0/26 in via xl0 Pipe 20 is shaping the traffic,limiting the speed to 1544 kbits/s. But pipe 10 is not limiting the speed (client stations uploading files to internet). What should I adjust or check to make it work? Any Ideas? Regards Mario Antonio Garcia To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Wed Dec 12 7:55:53 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx.snet.ru (mx.snet.ru [212.48.150.248]) by hub.freebsd.org (Postfix) with ESMTP id 15E5837B416 for ; Wed, 12 Dec 2001 07:55:51 -0800 (PST) Received: from oper.snet.ru ([212.48.150.230] helo=user90) by mx.snet.ru with smtp (Exim 3.30 #1) id 16EBk1-0005Va-00; Wed, 12 Dec 2001 18:56:18 +0300 Message-ID: <001201c18325$8207ea70$e69630d4@akm.ru> From: "Nikolaev D./" To: , References: <200112120940.AA27197778@mail.webjogger.net> Subject: Re: limiting Bandwidth Date: Wed, 12 Dec 2001 18:56:06 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG "The firewall and NAT job is being done by ipfilter v3.4.21." : Outgoing trafic posibly have real ip. Try this: add 1000 pipe 10 all from 192.168.1.0/26 to any in via fxp0 add 1100 pipe 20 all from any to 192.168.1.0/26 out via fxp0 ----- Original Message ----- From: "dino " To: Sent: Wednesday, December 12, 2001 5:40 PM Subject: limiting Bandwidth > I am running 4.4-STABLE FreeBSD with IPFW built into the kernel. > The firewall and NAT job is being done by ipfilter v3.4.21. > The machine has two interfaces: fxp0 and xl0. > fxp0 is connected the private segment.(192.168.1.0) > xl0 goes to internet. > > I am testing these set of rules: > # > pipe 10 config bw 1544kbit/s > pipe 20 config bw 1544kbit/s > add 1000 pipe 10 all from 192.168.1.0/26 to any out via xl0 > add 1100 pipe 20 all from any to 192.168.1.0/26 in via xl0 > > Pipe 20 is shaping the traffic,limiting the speed to 1544 kbits/s. But pipe 10 is not limiting the speed (client stations uploading files to internet). > > > What should I adjust or check to make it work? > > Any Ideas? > > > Regards > > Mario Antonio Garcia > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message