Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 27 Jan 2010 18:40:45 +0200
From:      =?windows-1251?B?yu7t/Oru4iDF4uPl7ejp?= <kes-kes@yandex.ru>
To:        Martin Schweizer <lists_freebsd@bluewin.ch>
Cc:        Martin Schweizer <office@pc-service.ch>, freebsd-questions@freebsd.org
Subject:   Re: ipfw: limit bandwidth
Message-ID:  <181688930.20100127184045@yandex.ru>
In-Reply-To: <20100127045446.GG28438@saturn.pcs.ms>
References:  <20100127045446.GG28438@saturn.pcs.ms>
next in thread | previous in thread | raw e-mail | index | archive | help 
Hello, Martin.

First of all you must decide you want your shaper rule act as allow
rule or not:
kes# sysctl -a | grep one_pass
net.inet.ip.fw.one_pass: 0 or 1

man ipfw
     pipe pipe_nr
             Pass packet to a dummynet(4) ``pipe'' (for bandwidth limitation,
             delay, etc.).  See the TRAFFIC SHAPER (DUMMYNET) CONFIGURATION
             Section for further information.  The search terminates; however,
             on exit from the pipe and if the sysctl(8) variable
             net.inet.ip.fw.one_pass is not set, the packet is passed again to
             the firewall code starting from the next rule.

Second you do not need to put packet to pipe and to queue at same
time.

use pipe to just limit rate or use queue to limit rate and process
groups of packets in round robin manner. packets are grouped my mask

pipe is like this:
http://www.mikrotik.com/testdocs/ros/2.9/img/queue_fifo.jpg

queue is like this:
http://www.mikrotik.com/testdocs/ros/2.9/img/queue_pcq.jpg

some doc:
http://kes.net.ua/softdev/advanced_firewall.html
translated by google:
http://translate.google.com/translate?js=y&prev=_t&hl=ru&ie=UTF-8&layout=2&eotf=1&swap=1&u=http%3A%2F%2Fkes.net.ua%2Fsoftdev%2Fadvanced_firewall.html&sl=ru&tl=en



MS> Hello

MS> I use FreeBSD 7.2 on a amd64. I want to limit the bandwidth thru
MS> this machine. Here is the relevante part of /etc/rc.firewall

MS> [snip]
MS> $ipfwcmd pipe 1 config bw 80kByte/s
MS> $ipfwcmd add pipe 1 ip from any to 192.168.10.0/24{100-254} via em1

MS> $ipfwcmd queue 1 config pipe 1 weight 1 mask dst-ip 0xffffffff
MS> $ipfwcmd add queue 1 all from any to 192.168.10.0/24{100-254} via em1
MS> [snip]

MS> I generate this from different sources but it seems that it is not working. What do I'm wrong?

MS> Here the part from ipfw show:

MS> 00100       0          0 check-state
MS> 00200   24327    1497881 pipe 1 ip from any to 192.168.10.0/24{100-254} via em1
MS> 00300       0          0 queue 1 ip from any to 192.168.10.0/24{100-254} via em1
MS> [snip]


MS> Regards,



-- 
С уважением,
 Коньков                          mailto:kes-kes@yandex.ru

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?181688930.20100127184045>