From owner-freebsd-ipfw Mon Aug 27 2:48: 8 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from hotmail.com (f225.law8.hotmail.com [216.33.241.225]) by hub.freebsd.org (Postfix) with ESMTP id 6BAD637B403 for ; Mon, 27 Aug 2001 02:48:05 -0700 (PDT) (envelope-from j_massier@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Mon, 27 Aug 2001 02:48:05 -0700 Received: from 62.22.84.43 by lw8fd.law8.hotmail.msn.com with HTTP; Mon, 27 Aug 2001 09:48:04 GMT X-Originating-IP: [62.22.84.43] From: "John Massier" To: rizzo@aciri.org Cc: freebsd-ipfw@FreeBSD.ORG Subject: setsockopt / ipfirewall example Date: Mon, 27 Aug 2001 11:48:04 +0200 Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1; format=flowed Message-ID: X-OriginalArrivalTime: 27 Aug 2001 09:48:05.0195 (UTC) FILETIME=[5E8BB9B0:01C12EDD] Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, I´m a newbie in ipfw and I need urgently (if possible) a simple example on how to use setsockopt (ipfirewall(4)) to add a rule to IPFIREWALL. For example, how would it be the way to add the following rule?: 7000 allow tcp from 193.10.0.0:255.255.0.0 1021-1023 to any out via lnc0 uid user_name or if someone has a good example that shows every detail of a ipfw rule, I´ll thank you very much. _________________________________________________________________ Descargue GRATUITAMENTE MSN Explorer en http://explorer.msn.es/intl.asp To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Mon Aug 27 3:43:45 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from elvis.mu.org (elvis.mu.org [216.33.66.196]) by hub.freebsd.org (Postfix) with ESMTP id 9616637B406 for ; Mon, 27 Aug 2001 03:43:36 -0700 (PDT) (envelope-from billf@elvis.mu.org) Received: by elvis.mu.org (Postfix, from userid 1098) id 93C3D81D01; Mon, 27 Aug 2001 05:43:36 -0500 (CDT) Date: Mon, 27 Aug 2001 05:43:36 -0500 From: Bill Fumerola To: John Massier Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: setsockopt / ipfirewall example Message-ID: <20010827054336.J2759@elvis.mu.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: ; from j_massier@hotmail.com on Mon, Aug 27, 2001 at 11:48:04AM +0200 X-Operating-System: FreeBSD 4.3-FEARSOME-20010712 i386 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Aug 27, 2001 at 11:48:04AM +0200, John Massier wrote: > Hi, I´m a newbie in ipfw and I need urgently (if possible) a simple example > on how to use setsockopt (ipfirewall(4)) to add a rule to IPFIREWALL. For > example, how would it be the way to add the following rule?: > > 7000 allow tcp from 193.10.0.0:255.255.0.0 1021-1023 to any out via lnc0 uid > user_name > > or if someone has a good example that shows every detail of a ipfw rule, > I´ll thank you very much. src/sbin/ipfw.c:add() shows how to contruct a rule and add it. you have to fill a rule structure and then getsockopt(..., IP_FW_ADD, rule, sizeof(rule)); ipfw(4) will copyout the rule back into 'rule'. src/sys/netinet/ip_fw.c:{ip_fw_ctl(),add_entry()} are the backend behind this operation. -- - bill fumerola / fumerola@yahoo-inc.com / billf@FreeBSD.org / billf@mu.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Mon Aug 27 5:25:37 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from news.apex.dp.ua (bagira.apex.dp.ua [195.24.128.88]) by hub.freebsd.org (Postfix) with ESMTP id AFCAF37B406 for ; Mon, 27 Aug 2001 05:25:27 -0700 (PDT) (envelope-from valik@apex.dp.ua) Received: from apex.dp.ua (IDENT:root@bridge.apex.dp.ua [192.168.1.117]) by news.apex.dp.ua (8.9.3/8.9.3) with ESMTP id PAA06686 for ; Mon, 27 Aug 2001 15:25:25 +0300 (EEST) (envelope-from valik@apex.dp.ua) Message-ID: <3B8A3E9D.D5471CBC@apex.dp.ua> Date: Mon, 27 Aug 2001 15:35:41 +0300 From: Valentine Zaretsky Organization: Apex NCC, Dnepropetrovsk, Ukraine X-Mailer: Mozilla 4.72 [en] (X11; U; Linux 2.2.14-12bc i686) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-ipfw@FreeBSD.ORG Subject: Additional fields in ipfw Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi! I'm interested in using of type-of-service field in ipfw rules. I was going to write such an extension myself but I found out that it's already done in CURRENT ;) (already 10 months ago) When merge of this feature to STABLE is planned? -- WBR, Valentine Zaretsky To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Tue Aug 28 2:28:27 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from mip.co.za (puck.mip.co.za [209.212.106.44]) by hub.freebsd.org (Postfix) with ESMTP id 00A2637B407 for ; Tue, 28 Aug 2001 02:28:02 -0700 (PDT) (envelope-from patrick@mip.co.za) Received: from patrick (patrick.mip.co.za [10.3.13.181]) by mip.co.za (8.9.3/8.9.3) with SMTP id LAA18364 for ; Tue, 28 Aug 2001 11:27:30 +0200 (SAST) (envelope-from patrick@mip.co.za) From: "Patrick O'Reilly" To: "FreeBSD IPFW List" Subject: DUMMYNET Date: Tue, 28 Aug 2001 11:29:21 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi all. I am using DUMMYNET for some bandwidth management - it's great. I'm now trying something new with it, and I'm not sure how it is behaving. I want to allow all users on the LAN to browse (ports 80,443) outside of working hours, but during working hours this should be stopped. Originally I added jobs in cron to add and remove the "ipfw add pipe x from $lanip to any 80,443" rule at certain times of day, and re-instate it at other times. It worked fine, but then I would lose the counter values from those ipfw rules. Now I have changed cron to simply change the pipe config on the fly :"ipfw pipe x config bw 32Kbit/s" to open it up, and :"ipfw pipe x config bw 1bit/s" to shut it down. This way my counter values continue to accumulate - GREAT! The problem is that the pipe seems to dislike the idea of running at 1 bit per second. Obviously this is rather extreme! Any suggestions on how I should best address this? Is there perhaps a practical limit to the minimum bandwidth which DUMMYNET is comfortable to work with? PS: you probably think I'm crazy fighting with such tiny numbers, but down in the South of Africa bandwidth is still a very expensive commodity! Regards, Patrick. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Tue Aug 28 5:37: 2 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from elm.phenome.org (elm.phenome.org [194.153.169.3]) by hub.freebsd.org (Postfix) with ESMTP id DE6A337B40A for ; Tue, 28 Aug 2001 05:36:51 -0700 (PDT) (envelope-from joshua@roughtrade.net) Received: from localhost (joshua@localhost [127.0.0.1]) by localhost (8.12.0.Beta19/8.12.0.Beta19/Debian 8.12.0.Beta19) with ESMTP id f7SCajvR025504; Tue, 28 Aug 2001 13:36:50 +0100 Date: Tue, 28 Aug 2001 13:36:45 +0100 (BST) From: Joshua Goodall X-X-Sender: To: "Patrick O'Reilly" Cc: Subject: Re: DUMMYNET In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 28 Aug 2001, Patrick O'Reilly wrote: > I want to allow all users on the LAN to browse (ports 80,443) outside of > working hours, but during working hours this should be stopped. Originally > I added jobs in cron to add and remove the "ipfw add pipe x from $lanip to > any 80,443" rule at certain times of day, and re-instate it at other times. > It worked fine, but then I would lose the counter values from those ipfw > rules. Why not just insert/remove an appropriate deny rule above the pipe instead? You'll keep your counter values on the pipe that way. This is my best suggestion, having never attempted to tune dummynet precisely. The dummynet(4) manpage talks about kernel option HZ which doesn't bode well for extreme settings. Joshua To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Tue Aug 28 5:53:49 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from mip.co.za (puck.mip.co.za [209.212.106.44]) by hub.freebsd.org (Postfix) with ESMTP id 1AC1237B407 for ; Tue, 28 Aug 2001 05:53:24 -0700 (PDT) (envelope-from patrick@mip.co.za) Received: from patrick (patrick.mip.co.za [10.3.13.181]) by mip.co.za (8.9.3/8.9.3) with SMTP id OAA22626; Tue, 28 Aug 2001 14:52:27 +0200 (SAST) (envelope-from patrick@mip.co.za) From: "Patrick O'Reilly" To: "Joshua Goodall" Cc: Subject: RE: DUMMYNET Date: Tue, 28 Aug 2001 14:54:19 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal In-Reply-To: Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > Why not just insert/remove an appropriate deny rule above the pipe > instead? You'll keep your counter values on the pipe that way. D-oh! I think I could not see the wood for the trees! Thanks for removing my blinkers! Anyway, perhaps someone with more experience will have some interesting info on the "bw 1bit/s", but if not, I do have a good workable solution! Thanks Joshua. Regards, Patrick. -----Original Message----- From: owner-freebsd-ipfw@FreeBSD.ORG [mailto:owner-freebsd-ipfw@FreeBSD.ORG]On Behalf Of Joshua Goodall Sent: 28 August 2001 14:37 To: Patrick O'Reilly Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: DUMMYNET On Tue, 28 Aug 2001, Patrick O'Reilly wrote: > I want to allow all users on the LAN to browse (ports 80,443) outside of > working hours, but during working hours this should be stopped. Originally > I added jobs in cron to add and remove the "ipfw add pipe x from $lanip to > any 80,443" rule at certain times of day, and re-instate it at other times. > It worked fine, but then I would lose the counter values from those ipfw > rules. Why not just insert/remove an appropriate deny rule above the pipe instead? You'll keep your counter values on the pipe that way. This is my best suggestion, having never attempted to tune dummynet precisely. The dummynet(4) manpage talks about kernel option HZ which doesn't bode well for extreme settings. Joshua To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Tue Aug 28 15:51:14 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from hotmail.com (f247.law11.hotmail.com [64.4.17.247]) by hub.freebsd.org (Postfix) with ESMTP id 4C1AC37B406 for ; Tue, 28 Aug 2001 15:51:11 -0700 (PDT) (envelope-from thisisjoel@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 28 Aug 2001 15:51:11 -0700 Received: from 65.205.209.162 by lw11fd.law11.hotmail.msn.com with HTTP; Tue, 28 Aug 2001 22:51:10 GMT X-Originating-IP: [65.205.209.162] From: "Joel Rosenberg" To: freebsd-ipfw@freebsd.org Subject: Forwarding packets from the internal network Date: Tue, 28 Aug 2001 22:51:10 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 28 Aug 2001 22:51:11.0022 (UTC) FILETIME=[EEB1B4E0:01C13013] Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I'm in the process of setting up a network and have run into some problems. I have two devices on my network (IP's 192.168.1.20 and 192.168.1.21) that are accessed via port 80 (non changeable). Right now, I have all traffic sent to my firewall (I only have one real IP) on port 80 forwarded to 192.168.1.20:80 and all the traffic to 81 sent to 192.168.1.21:80 via natd. The problem is, when a connection from the outside is made to 192.168.1.21, it responds by trying to open a new connection on port 80. When the outside computer connects, the firewall forwards the now-port-80 connection to 192.168.1.20, leaving no way of reaching 192.168.1.21. I've tried forwarding traffic from higher ports to internal machines (ie ssh) with success, so I can only assume that when 192.168.1.21 gets a request, in opens up a new connection, thereby losing the original :81->192.168.1.21:80 forwarding. Is there any way I can set up the firewall so that all outgoing traffic from 192.168.1.21:80 leaves the firewall on port 81? Thanks Joel Rosenberg _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Tue Aug 28 17:40:53 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from cody.jharris.com (cody.jharris.com [205.238.128.83]) by hub.freebsd.org (Postfix) with ESMTP id 2978537B403 for ; Tue, 28 Aug 2001 17:40:49 -0700 (PDT) (envelope-from nick@rogness.net) Received: from localhost (nick@localhost) by cody.jharris.com (8.11.1/8.9.3) with ESMTP id f7T0el567767; Tue, 28 Aug 2001 19:40:47 -0500 (CDT) (envelope-from nick@rogness.net) Date: Tue, 28 Aug 2001 19:40:47 -0500 (CDT) From: Nick Rogness X-Sender: nick@cody.jharris.com To: Joel Rosenberg Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Forwarding packets from the internal network In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Tue, 28 Aug 2001, Joel Rosenberg wrote: This message belongs on freebsd-questions, answering there... > I'm in the process of setting up a network and have run into some > problems. I have two devices on my network (IP's 192.168.1.20 and > 192.168.1.21) that are accessed via port 80 (non changeable). Right > now, I have all traffic sent to my firewall (I only have one real IP) > on port 80 forwarded to 192.168.1.20:80 and all the traffic to 81 sent > to 192.168.1.21:80 via natd. The problem is, when a connection from > the outside is made to 192.168.1.21, it responds by trying to open a > new connection on port 80. When the outside computer connects, the > firewall forwards the now-port-80 connection to 192.168.1.20, leaving > no way of reaching 192.168.1.21. I've tried forwarding traffic from > higher ports to internal machines (ie ssh) with success, so I can only > assume that when 192.168.1.21 gets a request, in opens up a new > connection, thereby losing the original :81->192.168.1.21:80 > forwarding. > Is there any way I can set up the firewall so that all outgoing traffic > from 192.168.1.21:80 leaves the firewall on port 81? Nick Rogness - Keep on Routing in a Free World... "FreeBSD: The Power to Serve!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Wed Aug 29 12:20:54 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from iguana.aciri.org (iguana.aciri.org [192.150.187.36]) by hub.freebsd.org (Postfix) with ESMTP id E571F37B403 for ; Wed, 29 Aug 2001 12:20:50 -0700 (PDT) (envelope-from rizzo@iguana.aciri.org) Received: (from rizzo@localhost) by iguana.aciri.org (8.11.3/8.11.1) id f7TJISr23873; Wed, 29 Aug 2001 12:18:28 -0700 (PDT) (envelope-from rizzo) From: Luigi Rizzo Message-Id: <200108291918.f7TJISr23873@iguana.aciri.org> Subject: Re: DUMMYNET In-Reply-To: from "Patrick O'Reilly" at "Aug 28, 2001 11:29:21 am" To: patrick@mip.co.za (Patrick O'Reilly) Date: Wed, 29 Aug 2001 12:18:28 -0700 (PDT) Cc: freebsd-ipfw@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > Now I have changed cron to simply change the pipe config on the fly :"ipfw > pipe x config bw 32Kbit/s" to open it up, and :"ipfw pipe x config bw > 1bit/s" to shut it down. This way my counter values continue to > accumulate - GREAT! > > The problem is that the pipe seems to dislike the idea of running at 1 bit > per second. Obviously this is rather extreme! Any suggestions on how I as someone suggested, adding a rule in front of the pipe solves your problem more elegantly. But what is wrong with the pipe at 1 bit/s other than leaving packets go out albeit veeeeeery slooooooowly ? BTW changing HZ has no observable effect as such low speeds. cheers luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Wed Aug 29 16:34:28 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from avocet.mail.pas.earthlink.net (avocet.mail.pas.earthlink.net [207.217.121.50]) by hub.freebsd.org (Postfix) with ESMTP id 1EECE37B405 for ; Wed, 29 Aug 2001 16:34:26 -0700 (PDT) (envelope-from cjc@earthlink.net) Received: from dialup-209.245.135.198.dial1.sanjose1.level3.net ([209.245.135.198] helo=blossom.cjclark.org) by avocet.mail.pas.earthlink.net with esmtp (Exim 3.32 #2) id 15cEpt-0004Qc-00; Wed, 29 Aug 2001 16:33:38 -0700 Received: (from cjc@localhost) by blossom.cjclark.org (8.11.4/8.11.3) id f7TNVb210841; Wed, 29 Aug 2001 16:31:37 -0700 (PDT) (envelope-from cjc) Date: Wed, 29 Aug 2001 16:31:37 -0700 From: "Crist J. Clark" To: Valentine Zaretsky Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Additional fields in ipfw Message-ID: <20010829163137.E9807@blossom.cjclark.org> Reply-To: cjclark@alum.mit.edu References: <3B8A3E9D.D5471CBC@apex.dp.ua> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3B8A3E9D.D5471CBC@apex.dp.ua>; from valik@apex.dp.ua on Mon, Aug 27, 2001 at 03:35:41PM +0300 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Aug 27, 2001 at 03:35:41PM +0300, Valentine Zaretsky wrote: > Hi! > > I'm interested in using of type-of-service field in ipfw rules. > I was going to write such an extension myself but I found out that it's > already done in CURRENT ;) (already 10 months ago) > > When merge of this feature to STABLE is planned? I plan to look at a catching -STABLE up with -CURRENT after the -RELEASE code freeze is over. -- Crist J. Clark cjclark@alum.mit.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu Aug 30 0:22:36 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from mip.co.za (puck.mip.co.za [209.212.106.44]) by hub.freebsd.org (Postfix) with ESMTP id EBD5B37B408 for ; Thu, 30 Aug 2001 00:22:22 -0700 (PDT) (envelope-from patrick@mip.co.za) Received: from patrick (patrick.mip.co.za [10.3.13.181]) by mip.co.za (8.9.3/8.9.3) with SMTP id JAA62013; Thu, 30 Aug 2001 09:21:25 +0200 (SAST) (envelope-from patrick@mip.co.za) From: "Patrick O'Reilly" To: "Luigi Rizzo" Cc: Subject: RE: DUMMYNET Date: Thu, 30 Aug 2001 09:23:28 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal In-Reply-To: <200108291918.f7TJISr23873@iguana.aciri.org> Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Luigi, Agreed - the solution suggested is the way to go. The question re 1bit/s is that according to my observation it did NOT slow down to that rate, but continued to allow traffic at a much higher rate, though it did not appear to be UNLIMITED. This is obviously a moot point as no-one in their right mind (I clearly am excluded from that group :) would be using DUMMYNET to actually apply a bandwidth limit of 1bit/s. But, it begs the question: What is the lowest bandwidth which can be specified which DUMMYNET will be able to implement accurately? Anyhow - I don't want to waste any time on this now as an intelligent and elegant (and somewhat obvious) solution to my requirement has been given, and DUMMYNET has very successfully managed bandwidth down to as low as 8kbit/s in my experience. Thanks to all for your input! Patrick. -----Original Message----- From: Luigi Rizzo [mailto:rizzo@aciri.org] Sent: 29 August 2001 21:18 To: Patrick O'Reilly Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: DUMMYNET > Now I have changed cron to simply change the pipe config on the fly :"ipfw > pipe x config bw 32Kbit/s" to open it up, and :"ipfw pipe x config bw > 1bit/s" to shut it down. This way my counter values continue to > accumulate - GREAT! > > The problem is that the pipe seems to dislike the idea of running at 1 bit > per second. Obviously this is rather extreme! Any suggestions on how I as someone suggested, adding a rule in front of the pipe solves your problem more elegantly. But what is wrong with the pipe at 1 bit/s other than leaving packets go out albeit veeeeeery slooooooowly ? BTW changing HZ has no observable effect as such low speeds. cheers luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu Aug 30 1:57:53 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from news.apex.dp.ua (bagira.apex.dp.ua [195.24.128.88]) by hub.freebsd.org (Postfix) with ESMTP id 4CB1937B403 for ; Thu, 30 Aug 2001 01:57:45 -0700 (PDT) (envelope-from valik@apex.dp.ua) Received: from apex.dp.ua (IDENT:root@bridge.apex.dp.ua [192.168.1.117]) by news.apex.dp.ua (8.9.3/8.9.3) with ESMTP id LAA01347; Thu, 30 Aug 2001 11:57:31 +0300 (EEST) (envelope-from valik@apex.dp.ua) Message-ID: <3B8E028C.3796A8CE@apex.dp.ua> Date: Thu, 30 Aug 2001 12:08:28 +0300 From: Valentine Zaretsky Organization: Apex NCC, Dnepropetrovsk, Ukraine X-Mailer: Mozilla 4.72 [en] (X11; U; Linux 2.2.14-12bc i686) X-Accept-Language: en MIME-Version: 1.0 To: cjclark@alum.mit.edu Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Additional fields in ipfw References: <3B8A3E9D.D5471CBC@apex.dp.ua> <20010829163137.E9807@blossom.cjclark.org> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG "Crist J. Clark" wrote: > On Mon, Aug 27, 2001 at 03:35:41PM +0300, Valentine Zaretsky wrote: > > Hi! > > > > I'm interested in using of type-of-service field in ipfw rules. > > I was going to write such an extension myself but I found out that it's > > already done in CURRENT ;) (already 10 months ago) > > > > When merge of this feature to STABLE is planned? > > I plan to look at a catching -STABLE up with -CURRENT after the > -RELEASE code freeze is over. Thank you. So it will be approximately in September-October? -- WBR, Valentine Zaretsky To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu Aug 30 10:24:43 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from iguana.aciri.org (iguana.aciri.org [192.150.187.36]) by hub.freebsd.org (Postfix) with ESMTP id D526337B401 for ; Thu, 30 Aug 2001 10:24:38 -0700 (PDT) (envelope-from rizzo@iguana.aciri.org) Received: (from rizzo@localhost) by iguana.aciri.org (8.11.3/8.11.1) id f7UHKge32432; Thu, 30 Aug 2001 10:20:42 -0700 (PDT) (envelope-from rizzo) From: Luigi Rizzo Message-Id: <200108301720.f7UHKge32432@iguana.aciri.org> Subject: Re: DUMMYNET In-Reply-To: from "Patrick O'Reilly" at "Aug 30, 2001 9:23:28 am" To: patrick@mip.co.za (Patrick O'Reilly) Date: Thu, 30 Aug 2001 10:20:42 -0700 (PDT) Cc: rizzo@aciri.org, freebsd-ipfw@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > Agreed - the solution suggested is the way to go. The question re 1bit/s is > that according to my observation it did NOT slow down to that rate, but > continued to allow traffic at a much higher rate, though it did not appear > to be UNLIMITED. when i tried it, it really worked as low as 1bit/s. Have you checked with "ipfw pipe show" to make sure that the speed associated to the pipe was really 1bit/s and not higher ? cheers luigi > This is obviously a moot point as no-one in their right mind (I clearly am > excluded from that group :) would be using DUMMYNET to actually apply a > bandwidth limit of 1bit/s. But, it begs the question: What is the lowest > bandwidth which can be specified which DUMMYNET will be able to implement > accurately? > > Anyhow - I don't want to waste any time on this now as an intelligent and > elegant (and somewhat obvious) solution to my requirement has been given, > and DUMMYNET has very successfully managed bandwidth down to as low as > 8kbit/s in my experience. > > Thanks to all for your input! > > Patrick. > > -----Original Message----- > From: Luigi Rizzo [mailto:rizzo@aciri.org] > Sent: 29 August 2001 21:18 > To: Patrick O'Reilly > Cc: freebsd-ipfw@FreeBSD.ORG > Subject: Re: DUMMYNET > > > > Now I have changed cron to simply change the pipe config on the fly :"ipfw > > pipe x config bw 32Kbit/s" to open it up, and :"ipfw pipe x config bw > > 1bit/s" to shut it down. This way my counter values continue to > > accumulate - GREAT! > > > > The problem is that the pipe seems to dislike the idea of running at 1 bit > > per second. Obviously this is rather extreme! Any suggestions on how I > > as someone suggested, adding a rule in front of the pipe solves your > problem more elegantly. But what is wrong with the pipe at 1 bit/s > other than leaving packets go out albeit veeeeeery slooooooowly ? > > BTW changing HZ has no observable effect as such low speeds. > > cheers > luigi > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Fri Aug 31 1:46: 8 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from mip.co.za (puck.mip.co.za [209.212.106.44]) by hub.freebsd.org (Postfix) with ESMTP id 05E7737B401 for ; Fri, 31 Aug 2001 01:45:58 -0700 (PDT) (envelope-from patrick@mip.co.za) Received: from patrick (patrick.mip.co.za [10.3.13.181]) by mip.co.za (8.9.3/8.9.3) with SMTP id JAA83762; Fri, 31 Aug 2001 09:01:06 +0200 (SAST) (envelope-from patrick@mip.co.za) From: "Patrick O'Reilly" To: "Luigi Rizzo" Cc: Subject: RE: DUMMYNET Date: Fri, 31 Aug 2001 09:03:15 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal In-Reply-To: <200108301720.f7UHKge32432@iguana.aciri.org> Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Luigi, I'll test further. I did use 'ipfw pipe list' to verify the 'bw' setting, and it was '1bit/s'. Yet, there were packets passing through the pipeline at the rate of two or three tcp setup packets per second, which must be at the very least 100bit/s, perhaps more. Anyway Luigi, I appreciate your time in responding, and I really don't want you to waste any time on this issue which is so close to the edges of sanity! Thanks, Patrick. -----Original Message----- From: Luigi Rizzo [mailto:rizzo@aciri.org] Sent: 30 August 2001 19:21 To: Patrick O'Reilly Cc: rizzo@aciri.org; freebsd-ipfw@FreeBSD.ORG Subject: Re: DUMMYNET > Agreed - the solution suggested is the way to go. The question re 1bit/s is > that according to my observation it did NOT slow down to that rate, but > continued to allow traffic at a much higher rate, though it did not appear > to be UNLIMITED. when i tried it, it really worked as low as 1bit/s. Have you checked with "ipfw pipe show" to make sure that the speed associated to the pipe was really 1bit/s and not higher ? cheers luigi > This is obviously a moot point as no-one in their right mind (I clearly am > excluded from that group :) would be using DUMMYNET to actually apply a > bandwidth limit of 1bit/s. But, it begs the question: What is the lowest > bandwidth which can be specified which DUMMYNET will be able to implement > accurately? > > Anyhow - I don't want to waste any time on this now as an intelligent and > elegant (and somewhat obvious) solution to my requirement has been given, > and DUMMYNET has very successfully managed bandwidth down to as low as > 8kbit/s in my experience. > > Thanks to all for your input! > > Patrick. > > -----Original Message----- > From: Luigi Rizzo [mailto:rizzo@aciri.org] > Sent: 29 August 2001 21:18 > To: Patrick O'Reilly > Cc: freebsd-ipfw@FreeBSD.ORG > Subject: Re: DUMMYNET > > > > Now I have changed cron to simply change the pipe config on the fly :"ipfw > > pipe x config bw 32Kbit/s" to open it up, and :"ipfw pipe x config bw > > 1bit/s" to shut it down. This way my counter values continue to > > accumulate - GREAT! > > > > The problem is that the pipe seems to dislike the idea of running at 1 bit > > per second. Obviously this is rather extreme! Any suggestions on how I > > as someone suggested, adding a rule in front of the pipe solves your > problem more elegantly. But what is wrong with the pipe at 1 bit/s > other than leaving packets go out albeit veeeeeery slooooooowly ? > > BTW changing HZ has no observable effect as such low speeds. > > cheers > luigi > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Fri Aug 31 10:15: 5 2001 Delivered-To: freebsd-ipfw@freebsd.org Received: from iguana.aciri.org (iguana.aciri.org [192.150.187.36]) by hub.freebsd.org (Postfix) with ESMTP id 62B5F37B401 for ; Fri, 31 Aug 2001 10:14:58 -0700 (PDT) Received: (from rizzo@localhost) by iguana.aciri.org (8.11.3/8.11.1) id f7VHChv42153; Fri, 31 Aug 2001 10:12:43 -0700 (PDT) (envelope-from rizzo) From: Luigi Rizzo Message-Id: <200108311712.f7VHChv42153@iguana.aciri.org> Subject: Re: DUMMYNET In-Reply-To: from "Patrick O'Reilly" at "Aug 31, 2001 9: 3:15 am" To: patrick@mip.co.za (Patrick O'Reilly) Date: Fri, 31 Aug 2001 10:12:43 -0700 (PDT) Cc: rizzo@aciri.org, freebsd-ipfw@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > Luigi, > > I'll test further. I did use 'ipfw pipe list' to verify the 'bw' setting, > and it was '1bit/s'. Yet, there were packets passing through the pipeline > at the rate of two or three tcp setup packets per second, which must be at that is too much, sounds like these packets were not going through the pipe at all (maybe a different 'setup' rule was matching them ?). I tried yesterday with pings through a 100bit/s pipe and the RTTs were in the order of ~13 seconds, so i am pretty sure that the timing is correct even at low speeds. cheers luigi > the very least 100bit/s, perhaps more. > > Anyway Luigi, I appreciate your time in responding, and I really don't want > you to waste any time on this issue which is so close to the edges of > sanity! > > Thanks, > Patrick. > > -----Original Message----- > From: Luigi Rizzo [mailto:rizzo@aciri.org] > Sent: 30 August 2001 19:21 > To: Patrick O'Reilly > Cc: rizzo@aciri.org; freebsd-ipfw@FreeBSD.ORG > Subject: Re: DUMMYNET > > > > Agreed - the solution suggested is the way to go. The question re 1bit/s > is > > that according to my observation it did NOT slow down to that rate, but > > continued to allow traffic at a much higher rate, though it did not appear > > to be UNLIMITED. > > when i tried it, it really worked as low as 1bit/s. Have you checked > with "ipfw pipe show" to make sure that the speed associated to > the pipe was really 1bit/s and not higher ? > > cheers > luigi > > > This is obviously a moot point as no-one in their right mind (I clearly am > > excluded from that group :) would be using DUMMYNET to actually apply a > > bandwidth limit of 1bit/s. But, it begs the question: What is the lowest > > bandwidth which can be specified which DUMMYNET will be able to implement > > accurately? > > > > Anyhow - I don't want to waste any time on this now as an intelligent and > > elegant (and somewhat obvious) solution to my requirement has been given, > > and DUMMYNET has very successfully managed bandwidth down to as low as > > 8kbit/s in my experience. > > > > Thanks to all for your input! > > > > Patrick. > > > > -----Original Message----- > > From: Luigi Rizzo [mailto:rizzo@aciri.org] > > Sent: 29 August 2001 21:18 > > To: Patrick O'Reilly > > Cc: freebsd-ipfw@FreeBSD.ORG > > Subject: Re: DUMMYNET > > > > > > > Now I have changed cron to simply change the pipe config on the fly > :"ipfw > > > pipe x config bw 32Kbit/s" to open it up, and :"ipfw pipe x config bw > > > 1bit/s" to shut it down. This way my counter values continue to > > > accumulate - GREAT! > > > > > > The problem is that the pipe seems to dislike the idea of running at 1 > bit > > > per second. Obviously this is rather extreme! Any suggestions on how I > > > > as someone suggested, adding a rule in front of the pipe solves your > > problem more elegantly. But what is wrong with the pipe at 1 bit/s > > other than leaving packets go out albeit veeeeeery slooooooowly ? > > > > BTW changing HZ has no observable effect as such low speeds. > > > > cheers > > luigi > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message