From owner-freebsd-ipfw Tue Apr 16 11:10:46 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from iguana.icir.org (iguana.icir.org [192.150.187.36]) by hub.freebsd.org (Postfix) with ESMTP id 2C8E337B400 for ; Tue, 16 Apr 2002 11:10:42 -0700 (PDT) Received: (from rizzo@localhost) by iguana.icir.org (8.11.6/8.11.3) id g3GIAQL39113; Tue, 16 Apr 2002 11:10:26 -0700 (PDT) (envelope-from rizzo) Date: Tue, 16 Apr 2002 11:10:26 -0700 From: Luigi Rizzo To: Tony Saign Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Limiting bw w/ dummynet question. Message-ID: <20020416111026.A39063@iguana.icir.org> References: <000001c1e50b$521826c0$1401a8c0@frankenmobl> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <000001c1e50b$521826c0$1401a8c0@frankenmobl> User-Agent: Mutt/1.3.23i Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG likely the problem is that the "divert" rule changes the source address of your packets to the one of the router box, so rule 400 will never match. Rule 450 does match because packets on the way in are translated again to the original address (now destination). So you either put the address of the router box in rule 400 or (slightly trickier) use net.inet.ip.fw.one_pass=0 and put the 'pipe 1' rule before rule 50 (and add an 'allow ip from any 192.168.1.19 in' rule after rule 450). cheers luigi -----------------------------------+------------------------------------- Luigi RIZZO, luigi@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL/FAX: +39-050-568.533/522 . via Diotisalvi 2, 56126 PISA (Italy) Mobile +39-347-0373137 -----------------------------------+------------------------------------- On Mon, Apr 15, 2002 at 10:55:32PM -0700, Tony Saign wrote: > After reading the man page for dummynet, I'm confused! > > xeon# ipfw pipe 1 config bw 384Kbit/s > xeon# ipfw pipe 2 config bw 384Kbit/s > xeon# ipfw add pipe 1 ip from 192.168.1.19 to any out > 00400 pipe 1 ip from 192.168.1.19 to any out > xeon# ipfw add pipe 2 ip from any to 192.168.1.19 in > 00450 pipe 2 ip from any to 192.168.1.19 in > > xeon# ipfw show > 00050 827195 473961009 divert 8668 ip from any to any via fxp0 > 00100 0 0 allow ip from any to any via lo0 > 00200 0 0 deny ip from any to 127.0.0.0/8 > 00300 0 0 deny ip from 127.0.0.0/8 to any > 00400 0 0 pipe 1 ip from 192.168.1.19 to any out > 00450 4283 4567749 pipe 2 ip from any to 192.168.1.19 in > 65000 1732420 1009118949 allow ip from any to any > 65535 0 0 deny ip from any to any > > xeon# ipfw pipe list > 00001: 384.000 Kbit/s 0 ms 50 sl. 0 queues (1 buckets) droptail > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 > 00002: 384.000 Kbit/s 0 ms 50 sl. 0 queues (1 buckets) droptail > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 > > System is a router/dhcpd box. fxp0 is inet, fxp1 is internal > > Shouldn't the above "cap" both directions @ 384? > It appears to only cap download, but not upload. > > -Tony > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message