Date: Tue, 2 Dec 2003 18:28:20 -0800 From: Sean Hafeez <sahafeez@edgefocus.com> To: Jon Simola <jon@abccom.bc.ca> Cc: freebsd-ipfw@freebsd.org Subject: Re: MAN page example vs. this? Message-ID: <5C6FE088-2538-11D8-AE73-003065F1EE08@edgefocus.com> In-Reply-To: <20031201154231.M38868-100000@tyberius.abccom.bc.ca> References: <20031201154231.M38868-100000@tyberius.abccom.bc.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
Thank you for the info. One or 2 questions if I could? On Dec 1, 2003, at 4:03 PM, Jon Simola wrote: >> >> ipfw add pipe 1 ip from any to any in recv rl1 >> ipfw add pipe 2 ip from any to any out xmit rl1 >> ipfw pipe 1 config mask src-ip 0xffffffff bw 200kbits/s >> ipfw pipe 2 config mask dst-ip 0xffffffff bw 200kbits/s >> >> are these 2 examples functionally the same? if not what is the >> difference? > > You're forcing the interface. Be careful, as packets may flow through > in > ways you don't expect. > Such as? There are 2 interfaces, rl0 & rl1. rl0 is the internet side, rl1 the internal. What could I miss? >> also in the first example, if the network was changed to >> 192.168.0.0/23, the mask would be 0x000003ff (255.255.254.0) ? it is a >> reverse mask like a cisco, right? > > That mask has nothing to do with a network mask. It's a simple bitmask, > used to pick out the bits in the src/dst ip/port combinations that are > used to hash the packets into a unique bucket. > > If you used "mask src-ip 0x00000001" you would be sorting the packets > into > buckets (and queues) based on whether the source IP's last octet was > even > or odd. So 0xffffffff would match one user to one website, etc...? In doing what I am doing am I limiting each user (IP) to a total of 200kbits or 200kbits for each user for every pipe they open? Thanks!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5C6FE088-2538-11D8-AE73-003065F1EE08>