From owner-freebsd-ipfw@FreeBSD.ORG Sun Nov 8 15:34:38 2009 Return-Path: Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3FF86106568F; Sun, 8 Nov 2009 15:34:38 +0000 (UTC) (envelope-from gavin@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 1765E8FC12; Sun, 8 Nov 2009 15:34:38 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id nA8FYbxO037043; Sun, 8 Nov 2009 15:34:37 GMT (envelope-from gavin@freefall.freebsd.org) Received: (from gavin@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id nA8FYbDC037039; Sun, 8 Nov 2009 15:34:37 GMT (envelope-from gavin) Date: Sun, 8 Nov 2009 15:34:37 GMT Message-Id: <200911081534.nA8FYbDC037039@freefall.freebsd.org> To: sem@FreeBSD.org, gavin@FreeBSD.org, freebsd-ipfw@FreeBSD.org From: gavin@FreeBSD.org Cc: Subject: Re: kern/115755: [ipfw] [patch] unify message and add a rule number where limit was reached X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 08 Nov 2009 15:34:38 -0000 Synopsis: [ipfw] [patch] unify message and add a rule number where limit was reached State-Changed-From-To: patched->closed State-Changed-By: gavin State-Changed-When: Sun Nov 8 15:33:49 UTC 2009 State-Changed-Why: I can't see this ever being merged to 6.x now as it changes the format of the log file. http://www.freebsd.org/cgi/query-pr.cgi?pr=115755 From owner-freebsd-ipfw@FreeBSD.ORG Mon Nov 9 11:06:56 2009 Return-Path: Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 150C31065695 for ; Mon, 9 Nov 2009 11:06:56 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id EDC368FC0C for ; Mon, 9 Nov 2009 11:06:55 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id nA9B6tjY079032 for ; Mon, 9 Nov 2009 11:06:55 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id nA9B6tRt079030 for freebsd-ipfw@FreeBSD.org; Mon, 9 Nov 2009 11:06:55 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 9 Nov 2009 11:06:55 GMT Message-Id: <200911091106.nA9B6tRt079030@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-ipfw@FreeBSD.org X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Nov 2009 11:06:56 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/139581 ipfw [ipfw] "ipfw pipe" not limiting bandwidth o kern/139226 ipfw [ipfw] install_state: entry already present, done o kern/137346 ipfw [ipfw] ipfw nat redirect_proto is broken o kern/137232 ipfw [ipfw] parser troubles o kern/136695 ipfw [ipfw] [patch] fwd reached after skipto in dynamic rul o kern/135476 ipfw [ipfw] IPFW table breaks after adding a large number o o bin/134975 ipfw [patch] ipfw(8) can't work with set in rule file. o kern/132553 ipfw [ipfw] ipfw doesn't understand ftp-data port o kern/131817 ipfw [ipfw] blocks layer2 packets that should not be blocke o kern/131601 ipfw [ipfw] [panic] 7-STABLE panic in nat_finalise (tcp=0) o kern/131558 ipfw [ipfw] Inconsistent "via" ipfw behavior o bin/130132 ipfw [patch] ipfw(8): no way to get mask from ipfw pipe sho o kern/129103 ipfw [ipfw] IPFW check state does not work =( o kern/129093 ipfw [ipfw] ipfw nat must not drop packets o kern/129036 ipfw [ipfw] 'ipfw fwd' does not change outgoing interface n o kern/128260 ipfw [ipfw] [patch] ipfw_divert damages IPv6 packets o kern/127230 ipfw [ipfw] [patch] Feature request to add UID and/or GID l o kern/127209 ipfw [ipfw] IPFW table become corrupted after many changes o bin/125370 ipfw [ipfw] [patch] increase a line buffer limit o conf/123119 ipfw [patch] rc script for ipfw does not handle IPv6 o kern/122963 ipfw [ipfw] tcpdump does not show packets redirected by 'ip s kern/121807 ipfw [request] TCP and UDP port_table in ipfw o kern/121382 ipfw [dummynet]: 6.3-RELEASE-p1 page fault in dummynet (cor o kern/121122 ipfw [ipfw] [patch] add support to ToS IP PRECEDENCE fields o kern/118993 ipfw [ipfw] page fault - probably it's a locking problem o kern/117234 ipfw [ipfw] [patch] ipfw send_pkt() and ipfw_tick() don't s o bin/117214 ipfw ipfw(8) fwd with IPv6 treats input as IPv4 o kern/116009 ipfw [ipfw] [patch] Ignore errors when loading ruleset from o bin/115172 ipfw [patch] ipfw(8) list show some rules with a wrong form o docs/113803 ipfw [patch] ipfw(8) - don't get bitten by the fwd rule p kern/113388 ipfw [ipfw] [patch] Addition actions with rules within spec o kern/112708 ipfw [ipfw] ipfw is seems to be broken to limit number of c o kern/112561 ipfw [ipfw] ipfw fwd does not work with some TCP packets o kern/107305 ipfw [ipfw] ipfw fwd doesn't seem to work o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o kern/103454 ipfw [ipfw] [patch] [request] add a facility to modify DF b o kern/103328 ipfw [ipfw] [request] sugestions about ipfw table o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/95084 ipfw [ipfw] [regression] [patch] IPFW2 ignores "recv/xmit/v o kern/93300 ipfw [ipfw] ipfw pipe lost packets o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o kern/82724 ipfw [ipfw] [patch] [request] Add setnexthop and defaultrou s kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o bin/78785 ipfw [patch] ipfw(8) verbosity locks machine if /etc/rc.fir o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o kern/46159 ipfw [ipfw] [patch] [request] ipfw dynamic rules lifetime f a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau 63 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Tue Nov 10 13:10:17 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A2A98106568D for ; Tue, 10 Nov 2009 13:10:17 +0000 (UTC) (envelope-from it@hastigasht.com) Received: from gateway15.websitewelcome.com (gateway15.websitewelcome.com [69.93.82.23]) by mx1.freebsd.org (Postfix) with SMTP id 6360D8FC21 for ; Tue, 10 Nov 2009 13:10:16 +0000 (UTC) Received: (qmail 11368 invoked from network); 10 Nov 2009 12:57:18 -0000 Received: from integra.websitewelcome.com (67.18.3.194) by gateway15.websitewelcome.com with SMTP; 10 Nov 2009 12:57:18 -0000 Received: from [212.80.13.1] (port=2902 helo=nima) by integra.websitewelcome.com with esmtpa (Exim 4.69) (envelope-from ) id 1N7q4M-0006D9-Nu for freebsd-ipfw@freebsd.org; Tue, 10 Nov 2009 06:43:36 -0600 From: "Nima Mohammadi" To: Date: Tue, 10 Nov 2009 16:10:58 +0330 MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcpiAvAApWC/GGCJQyiEJp66dkQHoQ== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - integra.websitewelcome.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - hastigasht.com Message-Id: <20091110131017.A2A98106568D@hub.freebsd.org> X-Mailman-Approved-At: Tue, 10 Nov 2009 14:27:49 +0000 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: HELP ME X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Nov 2009 13:10:17 -0000 Hi i have a freebsd 7.1 with ipfw and dummynet and natd and all the things is good. but the i can not limite the upload to the internet with dummynet. the download limit works fine . when change the pipe2 (to me in ) to ( to any in) the internet connection of my client will be down vr0 : internal net : 192.168.10.0/24 nfe0: out net : 212.80.13.1 ,2 ,3 the upload is very high . HELP ME here is my ipfw config : pfw -q -f flush #Dedicate internet user and non internet user ############################################################################ # #charter 55 for ali shirali movaghat share with andishgar iuser="192.168.10.0/24{1,3,25, 27,31,42,48,50,53,54,55,63,69,81,84,88,92,98,100,105,118,128,131,134,135,137 ,140,155,165,171}" noiuser="192.168.10.0/24{44, 46}" ############################################################################ ## ##########################dummynet########################################## # #recive ipfw -q add pipe 1 ip from any to ${iuser} out via vr0 ipfw pipe 1 config bw 9KByte/s # queue 11 delay 100ms #send ipfw -q add pipe 2 ip from ${iuser} to me in via vr0 ipfw pipe 2 config bw 7KByte/s # queue 11 delay 100ms ############################################################################ # ##################################NAT####################################### ## ipfw -q add divert natd all from any to any via nfe0 ipfw -q add check-state ############################################################################ #block any to loopback ipfw -q add allow ip from any to any via lo0 ipfw -q add deny ip from any to 127.0.0.0/8 #########################END internet users################################## #web & ssl & yahoo messenger ###################WEB Accsess############################## ipfw -q add allow tcp from ${iuser} to any 80,443,5050 keep-state #allow all http to internal ipfw -q add allow tcp from any to any 80 in via nfe0 keep-state #charter 10 access on ghd24.net #ipfw -q add allow tcp from 192.168.10.64 to 66.49.211.210,94.182.197.230 80 keep-state ######################END Web Access######################### #aseman ipfw -q add allow tcp from any to any 7769 keep-state #amadeus ipfw -q add allow tcp from any to any 9876,10000 keep-state #air tour ipfw -q add allow tcp from any to any 1770 keep-state #ftp ipfw -q add allow ip from any to any 21 keep-state #ipfw -q add allow ip from any to any 1024-65535 keep-state ipfw -q add allow tcp from 192.168.10.69,192.168.10.1,192.168.10.9 to any 1024-65535 keep-state ipfw -q add allow tcp from any 1024-65535 to 192.168.10.1 keep-state #ipfw -q add check-state #DNS ipfw -q add allow ip from any to any 53 keep-state ipfw -q add allow ip from any 53 to any keep-state #remote ipfw -q add allow ip from any to any 35252,12114,3389 keep-state #mysql remote #ipfw -q add allow ip from any to any 3306,1433 keep-state #share #ipfw -q add allow tcp from any to me 139 #ipfw -q add allow tcp from any 139 to any #ping ipfw -q add allow icmp from any to any #cpanel #ipfw -q add allow ip from any to any 2082,2083,2095 keep-state #ssh ipfw -q add allow tcp from any to me 5432 keep-state ipfw -q add allow tcp from any 5432 to any keep-state #Out look pop3 ######################POP3 Access##################### ipfw -q add allow tcp from ${iuser},${noiuser} to any 25 keep-state ipfw -q add allow tcp from ${iuser},${noiuser} to any 110 keep-state ######################END POP3 Access################# #gmail #ipfw -q add allow tcp from any to any 995,465 keep-state #Ghost Surf ipfw -q add allow tcp from any to any 8888 keep-state #VPN TO EXTRENAL ipfw -q add allow gre from any to any keep-state ipfw -q add allow tcp from any to any 1723 keep-state #allow all to external ipfw -q add allow ip from any to any out via nfe0 #deny all in from external ipfw -q add deny all from any to any in via nfe0 From owner-freebsd-ipfw@FreeBSD.ORG Tue Nov 10 18:18:41 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 90EA2106566B for ; Tue, 10 Nov 2009 18:18:41 +0000 (UTC) (envelope-from chris.korcett@gmail.com) Received: from mail-px0-f186.google.com (mail-px0-f186.google.com [209.85.216.186]) by mx1.freebsd.org (Postfix) with ESMTP id 635E18FC19 for ; Tue, 10 Nov 2009 18:18:41 +0000 (UTC) Received: by pxi16 with SMTP id 16so197603pxi.29 for ; Tue, 10 Nov 2009 10:18:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:in-reply-to :references:date:x-google-sender-auth:message-id:subject:from:to:cc :content-type; bh=vTMxkN1qokYkNdma3TE/FLGGtPMXrumvDTUuGhYUAfY=; b=wxpVXL5RVuVS8f09MyxWO45EInOCKWeFD3FdokdAEjpH7YWXdSzWzRD2G9nhDvIY+E epp6YWZ53HdeGdAY+5lo1HACOON6HGjj3T81rnxvNJ6h37Cw2/wBsdix0AfsWCOZtwZ2 MK4Y5x12Vr5zBH7RmZiYxBWLxaDySJ680c8z8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type; b=Rvs5p7CDHDxLRXCn+L6I3wlOrQFpfG54+gL+RkT6KIzbfSZSjAwprosUmmo+z0DZaC FrgQDp5lb0fzhYGD9AEnLc4ayLp+i5aA5h2lmlefLe+7LGxCE0idBHH3Z1bZm/TSZp0m gwFxfgJhvvdWnr+xoENLPDztk22UmQGF0unLc= MIME-Version: 1.0 Sender: chris.korcett@gmail.com Received: by 10.142.6.11 with SMTP id 11mr39065wff.260.1257875773927; Tue, 10 Nov 2009 09:56:13 -0800 (PST) In-Reply-To: <20091110131017.A2A98106568D@hub.freebsd.org> References: <20091110131017.A2A98106568D@hub.freebsd.org> Date: Tue, 10 Nov 2009 11:56:13 -0600 X-Google-Sender-Auth: decd9993a2c9fda8 Message-ID: <5382554a0911100956p30224cc9n765c6207eb12348@mail.gmail.com> From: Chris Bowman To: Nima Mohammadi Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-ipfw@freebsd.org Subject: Re: HELP ME X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Nov 2009 18:18:41 -0000 On Tue, Nov 10, 2009 at 6:40 AM, Nima Mohammadi wrote: > Hi > i have a freebsd 7.1 with ipfw and dummynet and natd and all the things is > good. > but the i can not limite the upload to the internet with dummynet. > the download limit works fine . > > > > when change the pipe2 (to me in ) to ( to any in) the internet connection > of > my client will be down > vr0 : internal net : 192.168.10.0/24 > nfe0: out net : 212.80.13.1 ,2 ,3 > > the upload is very high . > HELP ME > > here is my ipfw config : > pfw -q -f flush > > #Dedicate internet user and non internet user > > ############################################################################ > # > #charter 55 for ali shirali movaghat share with andishgar > > iuser="192.168.10.0/24{1,3,25, > < > http://192.168.10.0/24%7B1,3,25,27,31,42,48,50,53,54,55,63,69,81,84,88,92,9 > 8,100,105,118,128,131,134,135,137,140,155,165,171%7D> > > 27,31,42,48,50,53,54,55,63,69,81,84,88,92,98,100,105,118,128,131,134,135,137 > ,140,155,165,171}" > > noiuser="192.168.10.0/24{44, 46}" > > ############################################################################ > ## > > > ##########################dummynet########################################## > # > #recive > ipfw -q add pipe 1 ip from any to ${iuser} out via vr0 > ipfw pipe 1 config bw 9KByte/s # queue 11 delay 100ms > > #send > ipfw -q add pipe 2 ip from ${iuser} to me in via vr0 > ipfw pipe 2 config bw 7KByte/s # queue 11 delay 100ms > > ############################################################################ > # > > > ##################################NAT####################################### > ## > ipfw -q add divert natd all from any to any via nfe0 > ipfw -q add check-state > > ############################################################################ > > #block any to loopback > ipfw -q add allow ip from any to any via lo0 > ipfw -q add deny ip from any to 127.0.0.0/8 > > #########################END internet > users################################## > > #web & ssl & yahoo messenger > ###################WEB Accsess############################## > ipfw -q add allow tcp from ${iuser} to any 80,443,5050 keep-state > > #allow all http to internal > ipfw -q add allow tcp from any to any 80 in via nfe0 keep-state > > #charter 10 access on ghd24.net > #ipfw -q add allow tcp from 192.168.10.64 to 66.49.211.210,94.182.197.230 > 80 > keep-state > ######################END Web Access######################### > > #aseman > ipfw -q add allow tcp from any to any 7769 keep-state > > #amadeus > ipfw -q add allow tcp from any to any 9876,10000 keep-state > > #air tour > ipfw -q add allow tcp from any to any 1770 keep-state > > #ftp > ipfw -q add allow ip from any to any 21 keep-state > #ipfw -q add allow ip from any to any 1024-65535 keep-state > ipfw -q add allow tcp from 192.168.10.69,192.168.10.1,192.168.10.9 to any > 1024-65535 keep-state > ipfw -q add allow tcp from any 1024-65535 to 192.168.10.1 keep-state > > #ipfw -q add check-state > > #DNS > ipfw -q add allow ip from any to any 53 keep-state > ipfw -q add allow ip from any 53 to any keep-state > > #remote > ipfw -q add allow ip from any to any 35252,12114,3389 keep-state > > #mysql remote > #ipfw -q add allow ip from any to any 3306,1433 keep-state > > #share > #ipfw -q add allow tcp from any to me 139 > #ipfw -q add allow tcp from any 139 to any > > #ping > ipfw -q add allow icmp from any to any > > #cpanel > #ipfw -q add allow ip from any to any 2082,2083,2095 keep-state > > #ssh > ipfw -q add allow tcp from any to me 5432 keep-state > ipfw -q add allow tcp from any 5432 to any keep-state > > #Out look pop3 > ######################POP3 Access##################### > > ipfw -q add allow tcp from ${iuser},${noiuser} to any 25 keep-state > ipfw -q add allow tcp from ${iuser},${noiuser} to any 110 keep-state > > ######################END POP3 Access################# > #gmail > #ipfw -q add allow tcp from any to any 995,465 keep-state > > #Ghost Surf > ipfw -q add allow tcp from any to any 8888 keep-state > > #VPN TO EXTRENAL > ipfw -q add allow gre from any to any keep-state > ipfw -q add allow tcp from any to any 1723 keep-state > > #allow all to external > ipfw -q add allow ip from any to any out via nfe0 > > #deny all in from external > ipfw -q add deny all from any to any in via nfe0 > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > Currently your IPFW rule for pipe 2 is only matching traffic sourced from 192.168.10.0/24 with a destination of "me", me being any IP interface on your box, so your rule would work only if traffic is destined to an IP on your box. Your IPFW rule for pipe 1 is matching on any and works, I'd look at applying the same logic to your pipe 2 rule :) From owner-freebsd-ipfw@FreeBSD.ORG Tue Nov 10 18:22:07 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 89F3F106566B for ; Tue, 10 Nov 2009 18:22:07 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from asmtpout020.mac.com (asmtpout020.mac.com [17.148.16.95]) by mx1.freebsd.org (Postfix) with ESMTP id 7816E8FC12 for ; Tue, 10 Nov 2009 18:22:07 +0000 (UTC) MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Received: from cswiger1.apple.com ([17.227.140.124]) by asmtp020.mac.com (Sun Java(tm) System Messaging Server 6.3-8.01 (built Dec 16 2008; 32bit)) with ESMTPSA id <0KSW00FQ9OBV4O20@asmtp020.mac.com> for freebsd-ipfw@freebsd.org; Tue, 10 Nov 2009 10:21:31 -0800 (PST) Message-id: <52FBC52C-5733-4CD1-996F-5E48189ECE12@mac.com> From: Chuck Swiger To: Nima Mohammadi In-reply-to: <20091110131017.A2A98106568D@hub.freebsd.org> Date: Tue, 10 Nov 2009 10:21:31 -0800 References: <20091110131017.A2A98106568D@hub.freebsd.org> X-Mailer: Apple Mail (2.936) Cc: freebsd-ipfw@freebsd.org Subject: Re: HELP ME X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Nov 2009 18:22:07 -0000 Hi-- On Nov 10, 2009, at 4:40 AM, Nima Mohammadi wrote: > i have a freebsd 7.1 with ipfw and dummynet and natd and all the > things is > good. but the i can not limite the upload to the internet with > dummynet. > the download limit works fine . > > when change the pipe2 (to me in ) to ( to any in) the internet > connection of > my client will be down Try something like: ipfw add pipe 2 ip from ${iuser} to any out via nfe0 Regards, -- -Chuck From owner-freebsd-ipfw@FreeBSD.ORG Thu Nov 12 18:09:52 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8BCEC106566B for ; Thu, 12 Nov 2009 18:09:52 +0000 (UTC) (envelope-from it@hastigasht.com) Received: from gateway09.websitewelcome.com (gateway09.websitewelcome.com [67.18.52.11]) by mx1.freebsd.org (Postfix) with SMTP id 4DE7F8FC18 for ; Thu, 12 Nov 2009 18:09:51 +0000 (UTC) Received: (qmail 29185 invoked from network); 12 Nov 2009 18:23:07 -0000 Received: from integra.websitewelcome.com (67.18.3.194) by gateway09.websitewelcome.com with SMTP; 12 Nov 2009 18:23:07 -0000 Received: from [79.127.25.15] (port=4760 helo=nima) by integra.websitewelcome.com with esmtpa (Exim 4.69) (envelope-from ) id 1N8e7D-00016s-1C for freebsd-ipfw@freebsd.org; Thu, 12 Nov 2009 12:09:51 -0600 From: "Nima Mohammadi" To: Date: Thu, 12 Nov 2009 21:39:07 +0330 MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcpiAvAApWC/GGCJQyiEJp66dkQHoQBv0vHAAAA9OcA= X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - integra.websitewelcome.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - hastigasht.com Message-Id: <20091112180952.8BCEC106566B@hub.freebsd.org> X-Mailman-Approved-At: Thu, 12 Nov 2009 18:14:00 +0000 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: FW: HELP ME X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Nov 2009 18:09:52 -0000 Hi Me again Sorry my good friend . I can`t config my ipfw very well . If you can send a sample ipfw config which is works fine you will give me a great help. Sample config with this type of pipe rule , and my ipfw deny everythin by default. $cmdfw pipe 30 config mask dst-ip 0x000000ff bw 1024Kbit/s queue 10KBytes $cmdfw pipe 31 config mask src-ip 0x000000ff bw 256Kbit/s queue 10KBytes $cmdfw add 1100 pipe 30 all from any to 192.168.6.0/24 in via $ext_if1 $cmdfw add 900 pipe 31 all from 192.168.6.0/24 to any out via $ext_if1 $cmdfw add 1000 divert natd ip from any to any via $ext_if1 Thanx a lot Regard