Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 3 Feb 2010 01:08:23 -0500
From:      alexus <alexus@gmail.com>
To:        questions@freebsd.org
Subject:   FreeBSD Traffic Shaping
Message-ID:  <6ae50c2d1002022208x5551c062nc3f4bd365cee62@mail.gmail.com>
next in thread | raw e-mail | index | archive | help 
Hi

I'm trying to do traffic shaping with FreeBSD, here are my rules

su-3.2# ipfw pipe show
00001:   1.000 Mbit/s    0 ms   50 sl. 1 queues (1 buckets) droptail
    mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp
  0 tcp     64.237.55.83/60546 206.223.183.156/80    35704818
2711309193  0    0   0
00002:   1.000 Mbit/s    0 ms   50 sl. 1 queues (1 buckets) droptail
    mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp
  0 tcp  206.223.183.156/80       64.237.55.83/60546 46186238
55031603690  0    0 585064
su-3.2# ipfw show
00100  50878094  8828324288 allow ip from any to any via lo0
00200         0           0 deny ip from any to 127.0.0.0/8
00300         0           0 deny ip from 127.0.0.0/8 to any
08025   7985221  2441309667 allow tcp from any to any dst-port 25
08110   2921293   144559774 allow tcp from any to any dst-port 110
08143    207578    11273485 allow tcp from any to any dst-port 143
08381  35704746  2711287847 pipe 1 tcp from any to any dst-port 80 uid daemon
08382  46186754 55032183316 pipe 2 tcp from any 80 to any uid daemon
08993   1304764   130695084 allow tcp from any to any dst-port 993
08995    637970    56234323 allow tcp from any to any dst-port 995
65000 124980086 87768197494 allow ip from any to any
65535         0           0 deny ip from any to any
su-3.2#

first of all why when I run ipfw pipe 1 show i get same source and
destination ip, that doesnt seem like ever change yet total
packets/bytes increasing

and most important question, after donig all that I'm looking at my
MRTG stats and I see i'm very well over 1Mbit/s limit. main services
that i run on my box is web and mail

what am I doing wrong?

here is config file

su-3.2# cat /etc/ipfw.rules
flush
pipe flush
pipe 1 config bw 1Mbit/s mask src-port www
pipe 2 config bw 1Mbit/s mask src-port www
add 100 allow ip from any to any via lo0
add 200 deny ip from any to 127.0.0.0/8
add 300 deny ip from 127.0.0.0/8 to any
add 8381 pipe 1 tcp from any to any dst-port www uid daemon
add 8382 pipe 2 tcp from any to any src-port www uid daemon
add 8025 allow tcp from any to any dst-port smtp
add 8110 allow tcp from any to any dst-port pop3
add 8143 allow tcp from any to any dst-port imap
add 8993 allow tcp from any to any dst-port imaps
add 8995 allow tcp from any to any dst-port pop3s
add 65000 pass all from any to any
su-3.2# uptime
 6:06AM  up 25 days,  3:48, 1 user, load averages: 0.04, 0.03, 0.00
su-3.2# uname -rp
7.2-RELEASE-p6 amd64
su-3.2#


-- 
http://alexus.org/

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6ae50c2d1002022208x5551c062nc3f4bd365cee62>