From owner-freebsd-ipfw@FreeBSD.ORG Wed Dec 3 08:41:41 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A146116A4CE for ; Wed, 3 Dec 2003 08:41:41 -0800 (PST) Received: from mail.1wisp.com (uslec-66-255-6-131.cust.uslec.net [66.255.6.131]) by mx1.FreeBSD.org (Postfix) with ESMTP id 086E643FD7 for ; Wed, 3 Dec 2003 08:41:39 -0800 (PST) (envelope-from tscrum@1wisp.com) Received: from 1wispadmin ([192.168.1.94]) (authenticated) by mail.1wisp.com (8.11.6/8.11.6) with ESMTP id hB3Gex212370; Wed, 3 Dec 2003 11:41:00 -0500 Message-ID: <0ccd01c3b9bc$3e42c7e0$5e01a8c0@1wispadmin> From: "Thomas S. Crum - 1WISP, Inc." To: "Sean Hafeez" , References: <20031201154231.M38868-100000@tyberius.abccom.bc.ca> <5C6FE088-2538-11D8-AE73-003065F1EE08@edgefocus.com> Date: Wed, 3 Dec 2003 11:40:58 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Subject: Re: MAN page example vs. this? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Dec 2003 16:41:41 -0000 0xffffffff is simply matching all ips that it sees. So what it is doing is saying to any ip, yes you mtach my rule then it is putting it into the pipe and the bandwidth you specify. If only 1 ip is using it then it would have what you are specifying for speed, but also EVERY other ip would be forced into the same rule as well. If you are planning to have multiple ips, i would suggest queuing the traffic first then have the queue run through the pipe. This way all ips would shre evenly. Best, Tom Crum ----- Original Message ----- From: "Sean Hafeez" To: "Jon Simola" Cc: Sent: Tuesday, December 02, 2003 9:28 PM Subject: Re: MAN page example vs. this? > Thank you for the info. One or 2 questions if I could? > On Dec 1, 2003, at 4:03 PM, Jon Simola wrote: > >> > >> ipfw add pipe 1 ip from any to any in recv rl1 > >> ipfw add pipe 2 ip from any to any out xmit rl1 > >> ipfw pipe 1 config mask src-ip 0xffffffff bw 200kbits/s > >> ipfw pipe 2 config mask dst-ip 0xffffffff bw 200kbits/s > >> > >> are these 2 examples functionally the same? if not what is the > >> difference? > > > > You're forcing the interface. Be careful, as packets may flow through > > in > > ways you don't expect. > > > > Such as? There are 2 interfaces, rl0 & rl1. rl0 is the internet side, > rl1 the internal. What could I miss? > > >> also in the first example, if the network was changed to > >> 192.168.0.0/23, the mask would be 0x000003ff (255.255.254.0) ? it is a > >> reverse mask like a cisco, right? > > > > That mask has nothing to do with a network mask. It's a simple bitmask, > > used to pick out the bits in the src/dst ip/port combinations that are > > used to hash the packets into a unique bucket. > > > > If you used "mask src-ip 0x00000001" you would be sorting the packets > > into > > buckets (and queues) based on whether the source IP's last octet was > > even > > or odd. > > So 0xffffffff would match one user to one website, etc...? > > In doing what I am doing am I limiting each user (IP) to a total of > 200kbits or 200kbits for each user for every pipe they open? > > Thanks! > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" >