Date: Fri, 29 Jan 2010 14:16:58 +0100 From: Martin Schweizer <office@pc-service.ch> To: =?UTF-8?B?0JrQvtC90YzQutC+0LIg0JXQstCz0LXQvdC40Lk=?= <kes-kes@yandex.ru> Cc: freebsd-questions@freebsd.org Subject: Re: ipfw: limit bandwidth Message-ID: <4B62DFCA.3030402@pc-service.ch> In-Reply-To: <181688930.20100127184045@yandex.ru> References: <20100127045446.GG28438@saturn.pcs.ms> <181688930.20100127184045@yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Sorry for the delay. I read again the man page an used the example which is described there and, how every, now it works as expected (I tried it many, many times). Thank again. Regards, Êîíüêîâ Åâãåíèé schrieb: > Hello, Martin. > > First of all you must decide you want your shaper rule act as allow > rule or not: > kes# sysctl -a | grep one_pass > net.inet.ip.fw.one_pass: 0 or 1 > > man ipfw > pipe pipe_nr > Pass packet to a dummynet(4) ``pipe'' (for bandwidth limitation, > delay, etc.). See the TRAFFIC SHAPER (DUMMYNET) CONFIGURATION > Section for further information. The search terminates; however, > on exit from the pipe and if the sysctl(8) variable > net.inet.ip.fw.one_pass is not set, the packet is passed again to > the firewall code starting from the next rule. > > Second you do not need to put packet to pipe and to queue at same > time. > > use pipe to just limit rate or use queue to limit rate and process > groups of packets in round robin manner. packets are grouped my mask > > pipe is like this: > http://www.mikrotik.com/testdocs/ros/2.9/img/queue_fifo.jpg > > queue is like this: > http://www.mikrotik.com/testdocs/ros/2.9/img/queue_pcq.jpg > > some doc: > http://kes.net.ua/softdev/advanced_firewall.html > translated by google: > http://translate.google.com/translate?js=y&prev=_t&hl=ru&ie=UTF-8&layout=2&eotf=1&swap=1&u=http%3A%2F%2Fkes.net.ua%2Fsoftdev%2Fadvanced_firewall.html&sl=ru&tl=en > > > > MS> Hello > > MS> I use FreeBSD 7.2 on a amd64. I want to limit the bandwidth thru > MS> this machine. Here is the relevante part of /etc/rc.firewall > > MS> [snip] > MS> $ipfwcmd pipe 1 config bw 80kByte/s > MS> $ipfwcmd add pipe 1 ip from any to 192.168.10.0/24{100-254} via em1 > > MS> $ipfwcmd queue 1 config pipe 1 weight 1 mask dst-ip 0xffffffff > MS> $ipfwcmd add queue 1 all from any to 192.168.10.0/24{100-254} via em1 > MS> [snip] > > MS> I generate this from different sources but it seems that it is not working. What do I'm wrong? > > MS> Here the part from ipfw show: > > MS> 00100 0 0 check-state > MS> 00200 24327 1497881 pipe 1 ip from any to 192.168.10.0/24{100-254} via em1 > MS> 00300 0 0 queue 1 ip from any to 192.168.10.0/24{100-254} via em1 > MS> [snip] > > > MS> Regards, > > > -- Martin Schweizer PC-Service M. Schweizer GmbH; Bannholzstrasse 6; Postfach 132; CH-8608 Bubikon; Tel. +41 55 243 30 00; Fax: +41 55 243 33 22; http://www.pc-service.ch
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B62DFCA.3030402>