Date: Wed, 12 Mar 2008 18:05:19 -0300 From: AT Matik <asstec@matik.com.br> To: freebsd-ipfw@freebsd.org Cc: Wade Klaver <wadeklaver@itiva.com> Subject: Re: On the trail of a dummynet/bridge/ipfw bug. Message-ID: <200803121805.19918.asstec@matik.com.br> In-Reply-To: <1205343184.4032.44.camel@wade-linux.itiva.com> References: <1205343184.4032.44.camel@wade-linux.itiva.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 12 March 2008 14:33:04 Wade Klaver wrote: > PROBLEM DESCRIPTION > > I have a bridge set up on a 7.0 box and am attempting to use it to limit > HTTP connections outgoing from a box behind it to 192Kbit/s for testing. > During this testing I ran into some problems. At first, I found that > the number of simultaneous pipes was limited to 1024, allowing only 1024 > 192Kbit/s clients. Additional clients were simply blocked. I am using > a very simple firewall config: > > ipfw pipe 1 config bw 192Kbits/s mask all > ipfw add 00051 skipto 99 ip from 192.168.0.0/16 to 192.168.0.0/16 > ipfw add 00052 skipto 1000 ip from any to any > ipfw add 00100 pipe 1 ip from 192.168.10.88 80 to any via bridge0 > ipfw add 00200 pipe 1 ip from any 25111 to any via bridge > > Regardless of how many clients I threw at the box, I had the limit: > > [root@ibm3550b ~]# ipfw pipe show | wc -l > 1028 > you must have something wrong there, I just checked on one of my boxes: # ipfw pipe show | wc -l 1797 =2D-=20 Atenciosamente, J.M. Respons=E1vel Plant=E3o Site Support Matik Infomatik Internet Technology (18)3551.8155 =A0(18)8112.7007 http://info.matik.com.br A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura. Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200803121805.19918.asstec>