Date: Tue, 13 Apr 2004 09:17:34 -0700 From: Luigi Rizzo <rizzo@icir.org> To: Ludo Koren <lk@tempest.sk> Cc: ipfw@freebsd.org Subject: Re: limiting bandwith Message-ID: <20040413091734.A98975@xorpc.icir.org> In-Reply-To: <200404131506.i3DF6G20031890@lk106.tempest.sk>; from lk@tempest.sk on Tue, Apr 13, 2004 at 05:06:16PM %2B0200 References: <200404131506.i3DF6G20031890@lk106.tempest.sk>
next in thread | previous in thread | raw e-mail | index | archive | help
i think it is pilot error. Be warned that dynamic rules only match addresses and ports, so once a rule is installed it will match traffic both in and out. If you want to select on other attributes you have to do it before you hit any keep-state or check-state rule. I don't know if it matches recent reports about dummynet on 5.2.1 giving half the bandwidth, but i just checked locally and it does work as expected -- the bandwidth is correct (with a correct ipfw config, that is :) cheers luigi On Tue, Apr 13, 2004 at 05:06:16PM +0200, Ludo Koren wrote: > > Hi. > > I am running ipfw on 5.2.1-RELEASE-p1. > > The relevant part of the ipfw configuration follows: > > add check-state > pipe 10 config bw 64Kbit/s > pipe 20 config bw 256Kbit/s > pipe 30 config bw 8Kbit/s > queue 10 config pipe 10 weight 100 > queue 20 config pipe 20 weight 1 > queue 30 config pipe 30 weight 1 > .... > > # Allow SMTP > add pass tcp from A to B 25 keep-state > add pass tcp from B to A dst-port 25 in via xl0 > add pass tcp from A 25 to B in recv xl1 > add pipe 20 tcp from B to A dst-port 25 out xmit xl1 keep-state > add pass tcp from C to B 25 keep-state > add pass tcp from B to C dst-port 25 in via xl0 > add pass tcp from C 25 to B in recv xl1 > add pipe 20 tcp from B to C dst-port 25 out xmit xl1 keep-state > > where the A,B,C addresses are not assigned to local interfaces. The > xl0 is on the local LAN, the xl1 is connected to the router and > WAN. If I watch packets (netstat -w 10 -I xl1) flowing through xl1, I > see numbers are correct (~32000 bytes per second). MRTG on the router > shows just half throughput, i.e. 128Kb/s. If I reconfigure pipe 20 to > 512Kbit/s or 0Kbit/s, the MRTG shows 256Kbit/s. > > Could you point to me what I did wrong? > > Thank you very much in advance. > > lk > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040413091734.A98975>