From owner-freebsd-pf@FreeBSD.ORG Tue Dec 2 10:30:26 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 542C31065670 for ; Tue, 2 Dec 2008 10:30:26 +0000 (UTC) (envelope-from alexander.shevchenko@itv.ru) Received: from msk.itvgroup.ru (msk.itvgroup.ru [77.108.83.146]) by mx1.freebsd.org (Postfix) with ESMTP id 8C63F8FC21 for ; Tue, 2 Dec 2008 10:30:25 +0000 (UTC) (envelope-from alexander.shevchenko@itv.ru) Received: (qmail 83463 invoked by uid 2550); 2 Dec 2008 10:03:43 -0000 Received: from 10.0.0.166 by msk.itvgroup.ru (envelope-from , uid 2550) with qmail-scanner-2.02st (clamdscan: 0.91.1/5924. spamassassin: 3.2.4. perlscan: 2.02st. Clear:RC:1(10.0.0.166):. Processed in 0.042144 secs); 02 Dec 2008 10:03:43 -0000 Received: from unknown (HELO ashevchenko) (alexander.shevchenko@[10.0.0.166]) (envelope-sender ) by msk.itvgroup.ru (qmail-ldap-1.03) with RC4-MD5 encrypted SMTP for ; 2 Dec 2008 10:03:43 -0000 From: =?koi8-r?B?4czFy9PBzsTSIPvF197FzsvP?= To: Date: Tue, 2 Dec 2008 13:03:43 +0300 Message-ID: <76463C1E8CB14B958088F7E54C611560@ashevchenko> MIME-Version: 1.0 Content-Type: text/plain; charset="koi8-r" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512 Thread-Index: AclUXikafeqGa47jSwuskopzgIvsEQAAIh0gAAGfSLA= Subject: RE: PF + ALTQ - Bandwidth per customer X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Dec 2008 10:30:26 -0000 Using ipfw+dummynet you could easily limit bandwidth per ip: $IPFW pipe 4 config bw 50KByte/s mask dst-ip 0x000003ff $IPFW pipe 7 config bw 50KByte/s mask src-ip 0x000003ff $IPFW add pipe 4 ip from any to 172.16.16.0/22 via fxp0 in $IPFW add pipe 7 ip from 172.16.16.0/22 to any via fxp0 out Using pf+altq you could limit easily bandwith for all clients: altq on $int_if cbq bandwidth 1000Mb queue { powernet_local, powernet_inet } queue powernet_local bandwidth 95% cbq(default) queue powernet_inet bandwidth 40Mb pass out on $int_if from to queue powernet_local pass out on $int_if from ! to queue powernet_inet But you could not limit bandwidth per ip using PF. Ryan McBride wrote in it.listserv.openbsd-pf(http://groups.google.com/group/bit.listserv.openbsd-p f/msg/512d1eba9683cea6?hl=ru&dmode=source) > P.S. By the way, no chance to shaping like ipfw(dummynet), by getting > mask for all ip addresses? It's the last reason to stay with ipfw: No, there is nothing like this in PF right now. It's on my list of things to look at, but that list grows faster than I can get things done... -----Original Message----- From: owner-freebsd-pf@freebsd.org [mailto:owner-freebsd-pf@freebsd.org] On Behalf Of Andrei Kolu Sent: Tuesday, December 02, 2008 11:42 AM To: Peter Jeremy; freebsd-pf@freebsd.org; freebsd-isp@freebsd.org Subject: Re: PF + ALTQ - Bandwidth per customer ipfw+dummynet is really ugly traffic "shaper" (let's face it there is no shaping going on), because instead of limiting bandwidth it will drop packets to simulate bad connection. I hear many years about "trivial" configuration per user bandwidth limit with pf+altq but never saw ANY code... You can't set bandwidth limit with PF like 3Mbit per 100 clients if your lan card is 100Mbit. This is just lame- in reality clients never use all bandwidth and never all clients are connected all the time. Even Linux ipfilter does it for years with insane cryptic commandline but it just works.