Date: Fri, 24 Oct 2003 03:02:38 -0700 (PDT) From: Alhagie Puye <alhagiep@yahoo.com> To: Sean Hafeez <sahafeez@edgefocus.com>, freebsd-ipfw@freebsd.org Subject: Re: Shaping a lot of users... Message-ID: <20031024100238.77393.qmail@web20508.mail.yahoo.com> In-Reply-To: <2417D2D4-0589-11D8-BDAD-003065F1EE08@edgefocus.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I have a similar setup and this is what my firewall script look like: # EVERYBODY "DOWN" add queue 1 ip from any to 192.168.42.0/27 queue 1 config weight 1 pipe 1 mask dst-ip 0xffffffff pipe 1 config bw 1500Kbit/s # # EVERYBODY "UP" add queue 2 ip from 192.168.42.0/27 to any queue 2 config weight 1 pipe 2 mask src-ip 0xffffffff pipe 2 config bw 400Kbit/s The output looks like this: firewall# ipfw pipe list 00001: 1.500 Mbit/s 0 ms 50 sl. 0 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 00002: 400.000 Kbit/s 0 ms 50 sl. 0 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 q00001: weight 1 pipe 1 50 sl. 3 queues (256 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0xffffffff/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 79 ip 0.0.0.0/0 192.168.42.31/0 1 229 0 0 0 81 ip 0.0.0.0/0 192.168.42.1/0 103 6958 0 0 0 82 ip 0.0.0.0/0 192.168.42.2/0 95 27837 0 0 0 q00002: weight 1 pipe 2 50 sl. 2 queues (256 buckets) droptail mask: 0x00 0xffffffff/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 170 ip 192.168.42.1/0 0.0.0.0/0 68 10862 0 0 0 172 ip 192.168.42.2/0 0.0.0.0/0 164 13563 0 0 0 Hope this helps. Cheers, Alhagie. --- Sean Hafeez <sahafeez@edgefocus.com> wrote: > I am using the following: > > ipfw -f flush > /sbin/natd -interface rl0 > ipfw add 999 divert natd all from any to any via rl0 > ipfw add pipe 1 ip from any to any in recv rl1 > ipfw add pipe 2 ip from any to any out xmit rl1 > ipfw pipe 1 config mask src-ip 0xffffffff bw > 1024kbits/s > ipfw pipe 2 config mask dst-ip 0xffffffff bw > 1024kbits/s > > rl0 - outside > rl1 - inside > > and I have this is my sysctl.conf > > net.inet.ip.fw.one_pass=0 > net.inet.ip.dummynet.hash_size=512 > net.inet.ip.dummynet.max_chain_len=64 > > This seems to work great for limiting each user to a > max of 1 meg up > and down. > > What I want to know is how do I do the same thing > but shape the users > to have EQUAL bandwidth in times of load. What I > mean is this: > > Each unique IP address on the inside > (192.168.1.x/22) is limited to a > max of 1 meg. If there is a hugh load that exceeds > my internet > bandwidth (2 T1's - so 3 megs) I would like each > users to get the same > amount of bandwidth - 30 users all getting 100k. I > would like it to > adjust based on the load. > > I have looked at the docs and example but I am a bit > confused. > > Also we need to be careful not to shape the BSD box > itself - I have > seen some rules that screw things up because they > shape the shaping > box!! > > Thanks All! > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" __________________________________ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031024100238.77393.qmail>