Date: Thu, 15 Nov 2001 16:42:50 +0200 From: "Patrick O'Reilly" <patrick@mip.co.za> To: "Michael Aucoin" <maucoin01@mediaone.net>, <questions@FreeBSD.ORG> Subject: RE: natd and dummynet Message-ID: <NDBBIMKICMDGDMNOOCAIKEIMDOAA.patrick@mip.co.za> In-Reply-To: <3BF3C406.FEE1EC97@mediaone.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Michael,
I think it should be easy to fix....
> From: Michael Aucoin
> Sent: 15 November 2001 15:33
> To: questions@FreeBSD.ORG
> Subject: natd and dummynet
>
>
> I am running natd and just rebuilt my kernel to include dummynet.
> Dummynet seems not to be working. I do not see the anticipated latency
> in the packets. Natd is working fine (or else you would not get this
> E-mail). I built my kernel with the following options:
> IPFIREWALL
> IPFIREWALL_VERBOSE
> IPFIREWALL_VERBOSE_LIMIT
> DUMMYNET
>
so far so good...
> I have the following in my /etc/ipfirewall.rc file:
>
> ipfw -f flush
> ipfw add divert natd all from any to any via ep0
> ipfw add pass all from any to any
>
> ipfw add pipe 1 from any to any out
> ipfw add pipe 2 from any to any in
> ipfw pipe 1 config delay 200ms
> ipfw pipe 2 config delay 200ms
>
> Does anyone understand what I have done wrong?
>
If the above line are exactly like this in your script, then the problem is
that even though you have defined the DUMMYNET pipes, you are not using
them. IPFW processes the rules top-down, and when a packet matches a rule
it does not process any further rules. So, all your traffic is being passed
by the rule on line 3 ("ipfw add pass all from any to any"), and so nothing
is ever pushed into the pipes by lines 5 and 6. Try removing line 3 and you
should be OK.
PS: Another little trap: IPFW processes each packet twice, once on the
inbound interface, and once on the out-bound interface. So, you will
probably experience latency of 400ms rather than the 200ms you are hoping
for! You might want to change your lines 5 and 6 , and add line 7 like so:
> ipfw add pipe 1 from any to any out via fxp0
> ipfw add pipe 2 from any to any in via fxp0
> ipfw add pass all from any to any
This will only pass the packets to DUMMYNET as they traverse the interface
'fxp0'. You will obviously substitute 'fxp0' with your interface device
name. The last line handles the packets traversing the other interface
without pushing them through DUMMYNET.
I hope that helps.
Patrick.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?NDBBIMKICMDGDMNOOCAIKEIMDOAA.patrick>