Date: Tue, 19 Jul 2016 14:38:27 -0600 From: John Nielsen <lists@jnielsen.net> To: Rick van der Zwet <info@rickvanderzwet.nl> Cc: freebsd-ipfw@freebsd.org Subject: Re: Dummynet combined upload en download bandwidth limit per client Message-ID: <DFFB7658-6D15-45CC-BA59-A6F8E5B7C26C@jnielsen.net> In-Reply-To: <0ed020c5-aa22-4c33-216f-a6dc52720c68@rickvanderzwet.nl> References: <0ed020c5-aa22-4c33-216f-a6dc52720c68@rickvanderzwet.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Jun 20, 2016, at 6:50 AM, Rick van der Zwet =
<info@rickvanderzwet.nl> wrote:
>=20
> I would like to be able to limit bandwidth (upload + download) per
> client using dummynet. Yet I fail to create dynamic pipes which =
matches
> both upload and download at the same time. re2 is the interface on =
which
> the the clients are connected in network 192.168.0.0/24.
>=20
> I am able to limit download (300Mbit/s) with dynamic pipes using:
> ${fwcmd} pipe 1 config bw 300Kbit/s mask dst-ip 0xffffffff
> ${fwcmd} add 60000 pipe 1 ip from not me to 192.168.0.0/24 via re2 =
out
>=20
> I am able to limit upload (300Mbit/s) with dynamic pipes using:
> ${fwcmd} pipe 1 config bw 300Kbit/s mask src-ip 0xffffffff
> ${fwcmd} add 60000 pipe 1 ip from 192.168.0.0/24 to not me via re2 =
in
>=20
> I am able to limit upload+download (total 300Mbit/s) for single
> (192.168.0.10) IP using:
> ${fwcmd} pipe 1 config bw 300Kbit/s
> ${fwcmd} add 60000 pipe 1 ip from not me to 192.168.0.10/32 via re2 =
out
> ${fwcmd} add 60000 pipe 1 ip from 192.168.0.10/32 to not me via re2 =
in
>=20
> Yet duplicating the last one for all client IPs addresses 'feels' =
wrong
> and is a bit verbose. Am I able to limit upload+download bandwidth for
> multiple IPs without pre-creation of 1 pipe per client and the =
required
> rules?
You can create a per-IP pipe using the "mask" keyword when defining the =
pipe, e.g.:
ipfw pipe 1 config bw 300Kbit/s mask src-ip 0xffffffff
However, that would create different pipes based on source IP only =
(regardless of direction). I'm not sure there's a way to handle both =
directions in a single pipe other than creating a static pipe per IP as =
you've outlined above.
JN
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DFFB7658-6D15-45CC-BA59-A6F8E5B7C26C>