Date: Fri, 24 Oct 2003 03:02:38 -0700 (PDT) From: Alhagie Puye <alhagiep@yahoo.com> To: Sean Hafeez <sahafeez@edgefocus.com>, freebsd-ipfw@freebsd.org Subject: Re: Shaping a lot of users... Message-ID: <20031024100238.77393.qmail@web20508.mail.yahoo.com> In-Reply-To: <2417D2D4-0589-11D8-BDAD-003065F1EE08@edgefocus.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I have a similar setup and this is what my firewall
script look like:
# EVERYBODY "DOWN"
add queue 1 ip from any to 192.168.42.0/27
queue 1 config weight 1 pipe 1 mask dst-ip 0xffffffff
pipe 1 config bw 1500Kbit/s
#
# EVERYBODY "UP"
add queue 2 ip from 192.168.42.0/27 to any
queue 2 config weight 1 pipe 2 mask src-ip 0xffffffff
pipe 2 config bw 400Kbit/s
The output looks like this:
firewall# ipfw pipe list
00001: 1.500 Mbit/s 0 ms 50 sl. 0 queues (1
buckets) droptail
mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
00002: 400.000 Kbit/s 0 ms 50 sl. 0 queues (1
buckets) droptail
mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
q00001: weight 1 pipe 1 50 sl. 3 queues (256
buckets) droptail
mask: 0x00 0x00000000/0x0000 -> 0xffffffff/0x0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____
Tot_pkt/bytes Pkt/Byte Drp
79 ip 0.0.0.0/0 192.168.42.31/0
1 229 0 0 0
81 ip 0.0.0.0/0 192.168.42.1/0
103 6958 0 0 0
82 ip 0.0.0.0/0 192.168.42.2/0
95 27837 0 0 0
q00002: weight 1 pipe 2 50 sl. 2 queues (256
buckets) droptail
mask: 0x00 0xffffffff/0x0000 -> 0x00000000/0x0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____
Tot_pkt/bytes Pkt/Byte Drp
170 ip 192.168.42.1/0 0.0.0.0/0
68 10862 0 0 0
172 ip 192.168.42.2/0 0.0.0.0/0
164 13563 0 0 0
Hope this helps.
Cheers,
Alhagie.
--- Sean Hafeez <sahafeez@edgefocus.com> wrote:
> I am using the following:
>
> ipfw -f flush
> /sbin/natd -interface rl0
> ipfw add 999 divert natd all from any to any via rl0
> ipfw add pipe 1 ip from any to any in recv rl1
> ipfw add pipe 2 ip from any to any out xmit rl1
> ipfw pipe 1 config mask src-ip 0xffffffff bw
> 1024kbits/s
> ipfw pipe 2 config mask dst-ip 0xffffffff bw
> 1024kbits/s
>
> rl0 - outside
> rl1 - inside
>
> and I have this is my sysctl.conf
>
> net.inet.ip.fw.one_pass=0
> net.inet.ip.dummynet.hash_size=512
> net.inet.ip.dummynet.max_chain_len=64
>
> This seems to work great for limiting each user to a
> max of 1 meg up
> and down.
>
> What I want to know is how do I do the same thing
> but shape the users
> to have EQUAL bandwidth in times of load. What I
> mean is this:
>
> Each unique IP address on the inside
> (192.168.1.x/22) is limited to a
> max of 1 meg. If there is a hugh load that exceeds
> my internet
> bandwidth (2 T1's - so 3 megs) I would like each
> users to get the same
> amount of bandwidth - 30 users all getting 100k. I
> would like it to
> adjust based on the load.
>
> I have looked at the docs and example but I am a bit
> confused.
>
> Also we need to be careful not to shape the BSD box
> itself - I have
> seen some rules that screw things up because they
> shape the shaping
> box!!
>
> Thanks All!
>
> _______________________________________________
> freebsd-ipfw@freebsd.org mailing list
>
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to
"freebsd-ipfw-unsubscribe@freebsd.org"
__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031024100238.77393.qmail>