Date: Wed, 12 Mar 2008 18:05:19 -0300 From: AT Matik <asstec@matik.com.br> To: freebsd-ipfw@freebsd.org Cc: Wade Klaver <wadeklaver@itiva.com> Subject: Re: On the trail of a dummynet/bridge/ipfw bug. Message-ID: <200803121805.19918.asstec@matik.com.br> In-Reply-To: <1205343184.4032.44.camel@wade-linux.itiva.com> References: <1205343184.4032.44.camel@wade-linux.itiva.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 12 March 2008 14:33:04 Wade Klaver wrote:
> PROBLEM DESCRIPTION
>
> I have a bridge set up on a 7.0 box and am attempting to use it to limit
> HTTP connections outgoing from a box behind it to 192Kbit/s for testing.
> During this testing I ran into some problems. At first, I found that
> the number of simultaneous pipes was limited to 1024, allowing only 1024
> 192Kbit/s clients. Additional clients were simply blocked. I am using
> a very simple firewall config:
>
> ipfw pipe 1 config bw 192Kbits/s mask all
> ipfw add 00051 skipto 99 ip from 192.168.0.0/16 to 192.168.0.0/16
> ipfw add 00052 skipto 1000 ip from any to any
> ipfw add 00100 pipe 1 ip from 192.168.10.88 80 to any via bridge0
> ipfw add 00200 pipe 1 ip from any 25111 to any via bridge
>
> Regardless of how many clients I threw at the box, I had the limit:
>
> [root@ibm3550b ~]# ipfw pipe show | wc -l
> 1028
>
you must have something wrong there, I just checked on one of my boxes:
# ipfw pipe show | wc -l
1797
=2D-=20
Atenciosamente, J.M.
Respons=E1vel Plant=E3o Site Support Matik
Infomatik Internet Technology
(18)3551.8155 =A0(18)8112.7007
http://info.matik.com.br
A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura.
Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200803121805.19918.asstec>