Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 16 Apr 2002 11:10:26 -0700
From:      Luigi Rizzo <rizzo@icir.org>
To:        Tony Saign <tony@saign.com>
Cc:        freebsd-ipfw@FreeBSD.ORG
Subject:   Re: Limiting bw w/ dummynet question.
Message-ID:  <20020416111026.A39063@iguana.icir.org>
In-Reply-To: <000001c1e50b$521826c0$1401a8c0@frankenmobl>
References:  <000001c1e50b$521826c0$1401a8c0@frankenmobl>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
likely the problem is that the "divert" rule changes
the source address of your packets to the one of the router box,
so rule 400 will never match.

Rule 450 does match because packets on the way in are translated
again to the original address (now destination).  So you either put
the address of the router box in rule 400 or (slightly trickier)
use net.inet.ip.fw.one_pass=0 and put the 'pipe 1' rule before rule
50 (and add an 'allow ip from any 192.168.1.19 in' rule after rule
450).

	cheers
	luigi

-----------------------------------+-------------------------------------
  Luigi RIZZO, luigi@iet.unipi.it  . Dip. di Ing. dell'Informazione
  http://www.iet.unipi.it/~luigi/  . Universita` di Pisa
  TEL/FAX: +39-050-568.533/522     . via Diotisalvi 2, 56126 PISA (Italy)
  Mobile   +39-347-0373137
-----------------------------------+-------------------------------------
On Mon, Apr 15, 2002 at 10:55:32PM -0700, Tony Saign wrote:
>  After reading the man page for dummynet, I'm confused!
> 
> xeon# ipfw pipe 1 config bw 384Kbit/s
> xeon# ipfw pipe 2 config bw 384Kbit/s
> xeon# ipfw add pipe 1 ip from 192.168.1.19 to any out
> 00400 pipe 1 ip from 192.168.1.19 to any out
> xeon# ipfw add pipe 2 ip from any to 192.168.1.19 in
> 00450 pipe 2 ip from any to 192.168.1.19 in
> 
> xeon# ipfw show
> 00050  827195  473961009 divert 8668 ip from any to any via fxp0
> 00100       0          0 allow ip from any to any via lo0
> 00200       0          0 deny ip from any to 127.0.0.0/8
> 00300       0          0 deny ip from 127.0.0.0/8 to any
> 00400       0          0 pipe 1 ip from 192.168.1.19 to any out
> 00450    4283    4567749 pipe 2 ip from any to 192.168.1.19 in
> 65000 1732420 1009118949 allow ip from any to any
> 65535       0          0 deny ip from any to any
> 
> xeon# ipfw pipe list
> 00001: 384.000 Kbit/s    0 ms   50 sl. 0 queues (1 buckets) droptail
>     mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
> 00002: 384.000 Kbit/s    0 ms   50 sl. 0 queues (1 buckets) droptail
>     mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
> 
> System is a router/dhcpd box. fxp0 is inet, fxp1 is internal
> 
> Shouldn't the above "cap" both directions @ 384?
> It appears to only cap download, but not upload.
> 
> -Tony
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-ipfw" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20020416111026.A39063>