From owner-freebsd-ipfw Sat Apr 20 16:34:34 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from free.wgops.com (dsl092-002-178.sfo1.dsl.speakeasy.net [66.92.2.178]) by hub.freebsd.org (Postfix) with ESMTP id B80E137B41B for ; Sat, 20 Apr 2002 16:34:25 -0700 (PDT) Received: from wgops.com ([10.1.2.207]) by free.wgops.com (8.11.3/8.11.3) with ESMTP id g3KNYOR93507; Sat, 20 Apr 2002 16:34:24 -0700 (PDT) (envelope-from mloftis@wgops.com) Message-ID: <3CC1FB00.5040600@wgops.com> Date: Sat, 20 Apr 2002 16:34:24 -0700 From: Michael Loftis User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4.1) Gecko/20020314 Netscape6/6.2.2 X-Accept-Language: en-us MIME-Version: 1.0 To: saign Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: References: <200204161504.g3GF4aZ08740@cluster2.tfb.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG *blink* *blink* The problem is your NAT line. After 00050 there is no external IP on outbound packets. After the divert line everything coming in is converted to internal representation, and everything going out is converted to external representation. Therefore 00400 needs to be modified to have the external address instead of the internal (192.168.x.x) address. saign wrote: >After reading the man page for dummynet, I\'m confused! > >xeon# ipfw pipe 1 config bw 384Kbit/s >xeon# ipfw pipe 2 config bw 384Kbit/s >xeon# ipfw add pipe 1 ip from 192.168.1.19 to any out >00400 pipe 1 ip from 192.168.1.19 to any out >xeon# ipfw add pipe 2 ip from any to 192.168.1.19 in >00450 pipe 2 ip from any to 192.168.1.19 in > >xeon# ipfw show >00050 827195 473961009 divert 8668 ip from any to any via fxp0 >00100 0 0 allow ip from any to any via lo0 >00200 0 0 deny ip from any to 127.0.0.0/8 >00300 0 0 deny ip from 127.0.0.0/8 to any >00400 0 0 pipe 1 ip from 192.168.1.19 to any out >00450 4283 4567749 pipe 2 ip from any to 192.168.1.19 in >65000 1732420 1009118949 allow ip from any to any >65535 0 0 deny ip from any to any > >xeon# ipfw pipe list >00001: 384.000 Kbit/s 0 ms 50 sl. 0 queues (1 buckets) >droptail > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 >00002: 384.000 Kbit/s 0 ms 50 sl. 0 queues (1 buckets) >droptail > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 > >System is a router/dhcpd box. fxp0 is inet, fxp1 is internal > >Shouldn\'t the above \"cap\" both directions @ 384? >It appears to only cap download, but not upload. > >-Tony > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-ipfw" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message