From owner-freebsd-questions@FreeBSD.ORG Thu Jan 22 07:41:39 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D940D10656E6 for ; Thu, 22 Jan 2009 07:41:39 +0000 (UTC) (envelope-from sebastian.mellmann@net.t-labs.tu-berlin.de) Received: from mail.net.t-labs.tu-berlin.de (mail.net.t-labs.tu-berlin.de [130.149.220.252]) by mx1.freebsd.org (Postfix) with ESMTP id 970C48FC19 for ; Thu, 22 Jan 2009 07:41:39 +0000 (UTC) (envelope-from sebastian.mellmann@net.t-labs.tu-berlin.de) Received: from anubis.getmyip.com (anubis.getmyip.com [78.46.33.178]) by mail.net.t-labs.tu-berlin.de (Postfix) with ESMTP id 1EBF470015D8 for ; Thu, 22 Jan 2009 08:10:09 +0100 (CET) Received: from 62.206.221.107 (SquirrelMail authenticated user smellmann) by anubis.getmyip.com with HTTP; Thu, 22 Jan 2009 08:10:09 +0100 (CET) Message-ID: <5648.62.206.221.107.1232608209.squirrel@anubis.getmyip.com> Date: Thu, 22 Jan 2009 08:10:09 +0100 (CET) From: "Sebastian Mellmann" To: freebsd-questions@freebsd.org User-Agent: SquirrelMail/1.4.9a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: IPFW DUMMYNET: Several pipes after each other X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: sebastian.mellmann@net.t-labs.tu-berlin.de List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Jan 2009 07:41:40 -0000 Hi! I'm using FreeBSD 7.0 with IPFW DUMMYNET enabled. I've got a problem with creating a ruleset which allows me to limit the overall bandwidth of a link and afterwards pass the packets to another pipe for processing. So far I've got those rules: in_if="em0" out_if="em1" management_if="em2" in_ip="100.100.100.1" out_ip="200.200.200.1" management_ip="172.16.0.201" client1_subnet="192.168.5.0/26" client2_subnet="192.168.6.0/26" server_subnet="192.168.7.0/24" download_bandwidth="6144Kbit/s" upload_bandwidth="1024Kbit/s" delay="0" queue_size="10" cmd="ipfw" $cmd add 10 allow all from any to any via lo0 $cmd pipe 100 config mask src-ip 0xffffffff bw $upload_bandwidth queue $queue_size delay $delay $cmd pipe 200 config mask dst-ip 0xffffffff bw $download_bandwidth queue $queue_size $cmd add pipe 100 all from $client1_subnet to $server_subnet in via $in_if $cmd add pipe 200 all from $server_subnet to $client1_subnet out via $in_if $cmd add pipe 100 all from $client2_subnet to $server_subnet in via $in_if $cmd add pipe 200 all from $server_subnet to $client2_subnet out via $in_if $cmd add 10000 allow all from any to any via $management_if $cmd add 20000 allow all from any to any via $in_if $cmd add 30000 allow all from any to any via $out_if --- What I want to add now, is the possibility to limit the bandwidth of the whole link, e.g. 100Mbit/s. I've tried to add a pipe: $cmd pipe 50 config bw 100Mbit/s queue $queue_size $cmd add pipe 50 all from any to any via $in_if But when I have a look at the pipes with 'ipfw show' I can only see packets go through the pipe 50 and nothing goes through the other pipes (which makes sense actually since IPFW work that way?). Any help is much appreciated. Thanks in advance. Sebastian M.