Date: Sun, 12 Oct 2003 01:16:54 +0200 From: Artur Pydo <artur@pydo.org> To: freebsd-stable@freebsd.org Subject: Re: ipfw2/dummynet + ipfilter not working together ? Message-ID: <3F888F66.4080805@pydo.org> In-Reply-To: <6.0.0.22.0.20031011121357.071b4bd8@209.112.4.2> References: <3F8818EA.9040802@pydo.org> <6.0.0.22.0.20031011121357.071b4bd8@209.112.4.2>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Mike Tancsa wrote: > I was seeing some strange things in a very similar setup --userland PPP > to do PPPoE, ipnat for inbound and outbound NAT and then ipfw2. Even > though I didnt use it, adding IPDIVERT to the kernel made the problem > box stable again. It does not work better with IPDIVERT option in the kernel. My IPFW/Dummynet testing rules are quite simple : pipe 1 config bw 125Kbit/s queue 10 pipe 2 config bw 125Kbit/s queue 10 queue 10 config queue 16kByte weight 100 pipe 1 mask all queue 11 config queue 24kByte weight 1 pipe 1 gred 0.02/3/6/0.06 queue 20 config queue 16kByte weight 100 pipe 2 mask all queue 21 config queue 24kByte weight 1 pipe 2 gred 0.02/3/6/0.06 add 10 queue 21 tcp from any to apydo.nerim.net 80 out via tun0 add 20 queue 20 ip from any to any out via tun0 add 30 queue 11 tcp from apydo.nerim.net 80 to any in via tun0 add 40 queue 10 ip from any to any in via tun0 Ipfilter rules are more complex but it's something like that : block in log all block out log all pass out quick on tun0 proto tcp from any to any flags S keep state keep frags pass out quick on tun0 proto udp from any to any keep state keep frags I have tcpdump and ipfilter logs of a failing tcp connection if somebody would like to see how the packets are dropped. -- Best regards, Artur Pydo.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F888F66.4080805>