From owner-freebsd-ipfw@FreeBSD.ORG Wed Jan 21 20:43:01 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D104216A4CE; Wed, 21 Jan 2004 20:43:01 -0800 (PST) Received: from smtp3.adl2.internode.on.net (smtp3.adl2.internode.on.net [203.16.214.203]) by mx1.FreeBSD.org (Postfix) with ESMTP id 52A6C43D41; Wed, 21 Jan 2004 20:42:57 -0800 (PST) (envelope-from doconnor@gsoft.com.au) Received: from midget.dons.net.au (ppp37-107.lns1.adl1.internode.on.net [150.101.37.107])i0M4grPv000237; Thu, 22 Jan 2004 15:12:54 +1030 (CST) Received: from chowder.gsoft.com.au (root@localhost.dons.net.au [127.0.0.1]) by midget.dons.net.au (8.12.9/8.12.9) with ESMTP id i0M4gonY095877; Thu, 22 Jan 2004 15:12:52 +1030 (CST) (envelope-from doconnor@gsoft.com.au) From: "Daniel O'Connor" To: Ganbold , freebsd-ipfw@freebsd.org Date: Thu, 22 Jan 2004 15:12:49 +1030 User-Agent: KMail/1.5.4 References: <6.0.1.1.2.20040122120552.0293bd20@202.179.0.80> In-Reply-To: <6.0.1.1.2.20040122120552.0293bd20@202.179.0.80> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200401221512.49260.doconnor@gsoft.com.au> X-Spam-Score: -5.3 () IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,SIGNATURE_SHORT_DENSE,SPAM_PHRASE_00_01,TO_LOCALPART_EQ_REAL,USER_AGENT,USER_AGENT_KMAIL X-Scanned-By: MIMEDefang 2.26 (www . roaringpenguin . com / mimedefang) cc: freebsd-hackers@freebsd.org Subject: Re: Bandwidth limiting for eMule ports X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Jan 2004 04:43:02 -0000 On Thursday 22 January 2004 14:49, Ganbold wrote: > Am I doing right? For what NIC should I implement filtering, outside or > inside interface? > When I see MRTG graphs for ipfw it still shows bandwidth more than it > supposed to:( A few points.. - The nic is not really relevant except as a way of selecting packets more accurately. - Incoming packets (from the outside world to you) are more difficult to limit because the other end sends them and the gateway can only do the limiting after they are already received. That said it DOES work but it tends to lag behind reality a little. I use dummynet to limit TCP traffic when playing games and I use the following rules.. ipfw pipe 1 config bw 1kbyte/sec queue 10kbytes ipfw pipe 2 config bw 5kbyte/sec queue 10kbytes ... ipfw add 01900 pipe 1 tcp from any to any out xmit tun0 ipfw add 02000 pipe 2 tcp from any to any in recv tun0 ... ie I limit incoming(downloads) to 5k/sec and outgoing(uploads) to 1k/sec. I use in/out because I only want to limit packets across my tun0 (PPPoE) interface. Hope that helps. -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 9A8C 569F 685A D928 5140 AE4B 319B 41F4 5D17 FDD5