From owner-freebsd-ipfw@FreeBSD.ORG Mon May 14 11:08:34 2007 Return-Path: X-Original-To: freebsd-ipfw@FreeBSD.org Delivered-To: freebsd-ipfw@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7A33616A402 for ; Mon, 14 May 2007 11:08:34 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id 5A76F13C484 for ; Mon, 14 May 2007 11:08:34 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (linimon@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l4EB8Yba033024 for ; Mon, 14 May 2007 11:08:34 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from linimon@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l4EB8VOi033016 for freebsd-ipfw@FreeBSD.org; Mon, 14 May 2007 11:08:31 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 14 May 2007 11:08:31 GMT Message-Id: <200705141108.l4EB8VOi033016@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: linimon set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-ipfw@FreeBSD.org Cc: Subject: Current problem reports assigned to you X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 May 2007 11:08:34 -0000 Current FreeBSD problem reports Critical problems Serious problems S Tracker Resp. Description -------------------------------------------------------------------------------- o kern/51274 ipfw [ipfw] [patch] ipfw2 create dynamic rules with parent o kern/73910 ipfw [ipfw] serious bug on forwarding of packets after NAT o kern/74104 ipfw [ipfw] ipfw2/1 conflict not detected or reported, manp p conf/78762 ipfw [ipfw] [patch] /etc/rc.d/ipfw should excecute $firewal p bin/80913 ipfw [patch] /sbin/ipfw2 silently discards MAC addr arg wit o kern/88659 ipfw [modules] ipfw and ip6fw do not work properly as modul o kern/93300 ipfw [ipfw] ipfw pipe lost packets o kern/95084 ipfw [ipfw] [patch] IPFW2 ignores "recv/xmit/via any" (IPFW o kern/97504 ipfw [ipfw] IPFW Rules bug o kern/97951 ipfw [ipfw] [patch] ipfw does not tie interface details to o kern/98831 ipfw [ipfw] ipfw has UDP hickups o kern/102471 ipfw [ipfw] [patch] add tos and dscp support o kern/103454 ipfw [ipfw] [patch] add a facility to modify DF bit of the o kern/106534 ipfw [ipfw] [panic] ipfw + dummynet 14 problems total. Non-critical problems S Tracker Resp. Description -------------------------------------------------------------------------------- a kern/26534 ipfw [ipfw] Add an option to ipfw to log gid/uid of who cau o kern/46159 ipfw [ipfw] [patch] ipfw dynamic rules lifetime feature o kern/48172 ipfw [ipfw] [patch] ipfw does not log size and flags o bin/50749 ipfw [ipfw] [patch] ipfw2 incorrectly parses ports and port o kern/55984 ipfw [ipfw] [patch] time based firewalling support for ipfw o kern/60719 ipfw [ipfw] Headerless fragments generate cryptic error mes o kern/69963 ipfw [ipfw] install_state warning about already existing en o kern/71366 ipfw [ipfw] "ipfw fwd" sometimes rewrites destination mac a o kern/72987 ipfw [ipfw] ipfw/dummynet pipe/queue 'queue [BYTES]KBytes ( o kern/73276 ipfw [ipfw] [patch] ipfw2 vulnerability (parser error) o bin/78785 ipfw [ipfw] [patch] ipfw verbosity locks machine if /etc/rc o kern/80642 ipfw [ipfw] [patch] ipfw small patch - new RULE OPTION o kern/82724 ipfw [ipfw] [patch] Add setnexthop and defaultroute feature o kern/86957 ipfw [ipfw] [patch] ipfw mac logging o kern/87032 ipfw [ipfw] [patch] ipfw ioctl interface implementation o kern/91847 ipfw [ipfw] ipfw with vlanX as the device o kern/103328 ipfw [ipfw] sugestions about ipfw table o kern/104682 ipfw [ipfw] [patch] Some minor language consistency fixes a o bin/104921 ipfw [patch] ipfw(8) sometimes treats ipv6 input as ipv4 (a o kern/105330 ipfw [ipfw] [patch] ipfw (dummynet) does not allow to set q o kern/107305 ipfw [ipfw] ipfw fwd doesn't seem to work o kern/111713 ipfw [dummynet] Too few dummynet queue slots o kern/112561 ipfw ipfw fwd does not work with some TCP packets 23 problems total. From owner-freebsd-ipfw@FreeBSD.ORG Mon May 14 16:13:01 2007 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id DF45416A400 for ; Mon, 14 May 2007 16:13:01 +0000 (UTC) (envelope-from joek@prismnet.com) Received: from smtp.prismnet.com (smtp.prismnet.com [209.198.128.91]) by mx1.freebsd.org (Postfix) with ESMTP id B3D9F13C43E for ; Mon, 14 May 2007 16:13:01 +0000 (UTC) (envelope-from joek@prismnet.com) Received: from webmail.io.com (webmail.io.com [209.198.128.99]) (authenticated bits=0) by smtp.prismnet.com (8.13.4/8.13.4) with ESMTP id l4EFVv5k097243 for ; Mon, 14 May 2007 10:31:58 -0500 (CDT) (envelope-from joek@prismnet.com) Received: from 209.198.163.252 (SquirrelMail authenticated user joek) by webmail.io.com with HTTP; Mon, 14 May 2007 10:31:58 -0500 (CDT) Message-ID: <1904.209.198.163.252.1179156718.squirrel@webmail.io.com> Date: Mon, 14 May 2007 10:31:58 -0500 (CDT) From: "Joe Kirby" To: freebsd-ipfw@freebsd.org User-Agent: SquirrelMail/1.4.8 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Spam-Status: No, score=-1.6 required=7.0 tests=BAYES_00,HOT_NASTY autolearn=no version=3.1.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on smtp.prismnet.com Subject: ipfw dummynet bandwidth issues X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 May 2007 16:13:02 -0000 I am currently running "traffic shapers" for a wireless network. The shapers contain about 50 - 100 customers. All we shape is bandwidth to adjust for billing. The problem that I am having is that the bandwidth on the customers end seems to be very low on the upload side. Below are all of my configs. sysctl.conf #security.bsd.see_other_uids=0 net.inet.ip.fw.verbose=1 net.inet.ip.fw.verbose_limit=10 net.link.ether.bridge.enable=1 net.link.ether.bridge.config=fxp0:0,fxp1:0 net.link.ether.bridge.ipfw=1 net.inet.ip.fw.enable=1 net.inet.ip.fw.one_pass=1 net.inet.ip.fw.dyn_buckets=256 net.inet.ip.fw.curr_dyn_buckets=256 net.inet.ip.dummynet.hash_size=128 rc.conf defaultrouter="206.xxx.xx.xx" hostname="xxx.xxx.xxx" ifconfig_fxp0="inet 206.xxx.xx.xx netmask 255.255.255.xxx media 100BaseTX mediaopt full-duplex" ifconfig_fxp1="media 100BaseTX mediaopt full-duplex" sshd_enable="YES" usbd_enable="YES" snmpd_enable="YES" apache_enable="YES" mysql_enable="YES" inetd_enable="YES" sendmail_enable="NO" Kernel Options Enabled options BRIDGE options DUMMYNET options IPFIREWALL options IPFIREWALL_DEFAULT_TO_ACCEPT options HZ=1000 If anyone can help me out that would be great. I am to the point that I am considering using other none BSD based software for this. I would rather get this one working, because I see alot of people using it and they seem to like it alot. Joe Lead Wireless Tech Prismnet LTD From owner-freebsd-ipfw@FreeBSD.ORG Mon May 14 16:37:54 2007 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BBC2416A400 for ; Mon, 14 May 2007 16:37:54 +0000 (UTC) (envelope-from wash@wananchi.com) Received: from ns2.wananchi.com (ns2.wananchi.com [62.8.64.4]) by mx1.freebsd.org (Postfix) with ESMTP id 4886E13C44C for ; Mon, 14 May 2007 16:37:53 +0000 (UTC) (envelope-from wash@wananchi.com) Received: from wash by ns2.wananchi.com with local (Exim 4.67 #0 (FreeBSD 4.11-STABLE)) id 1HndFy-0001PI-5m by authid for ; Mon, 14 May 2007 19:18:42 +0300 Date: Mon, 14 May 2007 19:18:42 +0300 From: Odhiambo WASHINGTON To: freebsd-ipfw@freebsd.org Message-ID: <20070514161842.GC88544@ns2.wananchi.com> References: <1904.209.198.163.252.1179156718.squirrel@webmail.io.com> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="0lnxQi9hkpPO77W3" Content-Disposition: inline In-Reply-To: <1904.209.198.163.252.1179156718.squirrel@webmail.io.com> X-Disclaimer: Any views expressed in this message, where not explicitly attributed otherwise, are mine alone!. X-Mailer: Mutt 1.5.13 (2006-08-11) X-Designation: Systems Administrator, Wananchi Online Ltd. X-Location: Nairobi, KE, East Africa. User-Agent: Mutt/1.5.13 (2006-08-11) Subject: Re: ipfw dummynet bandwidth issues X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 May 2007 16:37:54 -0000 --0lnxQi9hkpPO77W3 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline * On 14/05/07 10:31 -0500, Joe Kirby wrote: | I am currently running "traffic shapers" for a wireless network. The | shapers contain about 50 - 100 customers. All we shape is bandwidth to | adjust for billing. The problem that I am having is that the bandwidth on | the customers end seems to be very low on the upload side. Below are all | of my configs. All, including the ipfw configs? ;-) Anyway, I think you could rely on the WARTA whitepaper for clues. There is also http://www.wifibsd.org/ -Wash http://www.netmeister.org/news/learn2quote.html DISCLAIMER: See http://www.wananchi.com/bms/terms.php -- +======================================================================+ |\ _,,,---,,_ | Odhiambo Washington Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +======================================================================+ Senate, n.: A body of elderly gentlemen charged with high duties and misdemeanors. -- Ambrose Bierce --0lnxQi9hkpPO77W3 Content-Type: application/x-pkcs7-signature Content-Disposition: attachment; filename="smime.p7s" Content-Transfer-Encoding: base64 MIIIvwYJKoZIhvcNAQcCoIIIsDCCCKwCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC BjYwggLvMIICWKADAgECAhB0qsRS3rtMb4ETFb2E4EfsMA0GCSqGSIb3DQEBBQUAMGIxCzAJ BgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYD VQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTAeFw0wNzA0MTgxMDIz MzlaFw0wODA0MTcxMDIzMzlaMEMxHzAdBgNVBAMTFlRoYXd0ZSBGcmVlbWFpbCBNZW1iZXIx IDAeBgkqhkiG9w0BCQEWEXdhc2hAd2FuYW5jaGkuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEAnMoutu+80/1a+mg7CdzZjG+0LEJJyaGh4BZ8mpN60gHIl6tv5O0pVxiu rCd8iTMcNH/xjjdUX5lfEovLsusYOrvjeWL6T0zYbuIlayZTSgTWPf1aMUO8c7KUfNGuv4Zy Ir+74zD9uzrI8nyq/XSvni5Sy4JCZYWkA5UDBRgd/kEribxU/8vPOVcyRcyKKZCJJTKPfFDP pkhCMWL3yYaYooZCTudk08MQM7UHaSlC7U6t48zo3u2vMIuqndvcxcLF6Uqaz110kF3XvwzY IwrxTxJGfrPzXZ2CFKVc1Gxwr/S4N91HOpSoR+WX2GCnw5V9yQUcFZD23kheXwcbYtJwUQID AQABo0EwPzARBglghkgBhvhCAQEEBAMCBaAwHAYDVR0RBBUwE4ERd2FzaEB3YW5hbmNoaS5j b20wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQUFAAOBgQB3AO7lWZcos4fBDFcwaIqJINq8 AjZC8xO76zGeaC6+JegqIUbyg7+aVunExYIhjH5fhRv/5VhWLVCFm5Xh2NV18v+MknQZE7xH W1H7QCFi3+J12NJWVxC/TVN7R8d24TTQknE47lPI0OH53orj+GjegmgmXED8eOeLpU1U4zqg aDCCAz8wggKooAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYD VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3Rl IENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24x JDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYc cGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYy MzU5NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5 KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTCB nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV+065yplaHmjAdQRwnd/p/6Me7L3N 9VvyGna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfArhVqqP3FWy688Cwfn8R+RNiQqE88r 1fOCdz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/p7bRPGEEQB5kGXJgt/sCAwEAAaOB lDCBkTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwu dGhhd3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3JsMAsGA1UdDwQEAwIBBjAp BgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgwDQYJKoZIhvcNAQEF BQADgYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A9BxQIJNwPP2t 4WFiw9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYITq726jTl EBpbNU1341YheILcIRk13iSx0x1G/11fZU8xggJRMIICTQIBATB2MGIxCzAJBgNVBAYTAlpB MSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3 dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIQdKrEUt67TG+BExW9hOBH7DAJBgUr DgMCGgUAoIGxMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA3 MDUxNDE2MTg0MlowIwYJKoZIhvcNAQkEMRYEFO9A5PvaowLzkecivhQrr51xMNbMMFIGCSqG SIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFA MAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMA0GCSqGSIb3DQEBAQUABIIBAD5j4iKSlbvmJ1mL geQ6nPZ3Wv4rsm6c7KBtXiUI4Io7K9Jsj/8YnllK3givFilVudJlRckxqfpQnlCDDWoiHQjZ Fg9k1jzj+IOmQ52+If01Jiv/zkRHw/KSZ3Pey8Z2960X677Ij10PwpsCpKnNlfBnYA6R4PJC JTYJW3ikv5z9DdbVnZWxWRJryP4KIFcewcULEqf9hU2d0VHfCiXaUdjce0IopdCJ0pizBFcd jwhAILqPtkzgHOjA4j0wV4SpuyO/WTVRLAm3YbsOSDaIn4aKT2S5vbEG23+rSK1/MqnukBZY k5RAnXH4XlcTasIAo2/ZXgLz1tairCNryuZvZBM= --0lnxQi9hkpPO77W3-- From owner-freebsd-ipfw@FreeBSD.ORG Mon May 14 17:23:22 2007 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A8FA916A400 for ; Mon, 14 May 2007 17:23:22 +0000 (UTC) (envelope-from joek@prismnet.com) Received: from smtp.prismnet.com (smtp.prismnet.com [209.198.128.91]) by mx1.freebsd.org (Postfix) with ESMTP id 7C39F13C458 for ; Mon, 14 May 2007 17:23:22 +0000 (UTC) (envelope-from joek@prismnet.com) Received: from webmail.io.com (webmail.io.com [209.198.128.99]) (authenticated bits=0) by smtp.prismnet.com (8.13.4/8.13.4) with ESMTP id l4EHNLNB007352 for ; Mon, 14 May 2007 12:23:21 -0500 (CDT) (envelope-from joek@prismnet.com) Received: from 209.198.163.252 (SquirrelMail authenticated user joek) by webmail.io.com with HTTP; Mon, 14 May 2007 12:23:21 -0500 (CDT) Message-ID: <3286.209.198.163.252.1179163401.squirrel@webmail.io.com> In-Reply-To: <20070514161842.GC88544@ns2.wananchi.com> References: <1904.209.198.163.252.1179156718.squirrel@webmail.io.com> <20070514161842.GC88544@ns2.wananchi.com> Date: Mon, 14 May 2007 12:23:21 -0500 (CDT) From: "Joe Kirby" To: freebsd-ipfw@freebsd.org User-Agent: SquirrelMail/1.4.8 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Spam-Status: No, score=-2.3 required=7.0 tests=BAYES_00 autolearn=ham version=3.1.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on smtp.prismnet.com Subject: Re: ipfw dummynet bandwidth issues X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 May 2007 17:23:22 -0000 > * On 14/05/07 10:31 -0500, Joe Kirby wrote: > | I am currently running "traffic shapers" for a wireless network. The > | shapers contain about 50 - 100 customers. All we shape is bandwidth to > | adjust for billing. The problem that I am having is that the bandwidth > on > | the customers end seems to be very low on the upload side. Below are all > | of my configs. > > All, including the ipfw configs? ;-) > > Anyway, I think you could rely on the WARTA whitepaper for clues. > There is also http://www.wifibsd.org/ I would rather get this working. My former system admin dropped it into my lap about 2 weeks ago when he left. I understand the basics for this. The only ipfw config that I have is the following one if that helps at all. #!/bin/sh # # $FreeBSD: src/etc/rc.d/ipfw,v 1.10.2.2 2006/03/01 11:36:01 wkoszek Exp $ # # PROVIDE: ipfw # REQUIRE: ppp # BEFORE: NETWORKING # KEYWORD: nojail . /etc/rc.subr . /etc/network.subr name="ipfw" rcvar="firewall_enable" start_cmd="ipfw_start" start_precmd="ipfw_precmd" stop_cmd="ipfw_stop" ipfw_precmd() { if ! ${SYSCTL} net.inet.ip.fw.enable > /dev/null 2>&1; then if ! kldload ipfw; then warn unable to load firewall module. return 1 fi fi return 0 } ipfw_start() { # set the firewall rules script if none was specified [ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall if [ -r "${firewall_script}" ]; then echo -n 'Starting divert daemons:' if [ -f /etc/rc.d/natd ] ; then /etc/rc.d/natd start fi . "${firewall_script}" echo -n 'Firewall rules loaded' elif [ "`ipfw list 65535`" = "65535 deny ip from any to any" ]; then echo 'Warning: kernel has firewall functionality, but' \ ' firewall rules are not enabled.' echo ' All ip services are disabled.' fi echo '.' # Firewall logging # if checkyesno firewall_logging; then echo 'Firewall logging enabled' sysctl net.inet.ip.fw.verbose=1 >/dev/null fi # Enable the firewall # ${SYSCTL_W} net.inet.ip.fw.enable=1 } ipfw_stop() { # Disable the firewall # ${SYSCTL_W} net.inet.ip.fw.enable=0 if [ -f /etc/rc.d/natd ] ; then /etc/rc.d/natd stop fi } load_rc_config $name run_rc_command "$1" From owner-freebsd-ipfw@FreeBSD.ORG Mon May 14 19:46:30 2007 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 7A13916A415 for ; Mon, 14 May 2007 19:46:30 +0000 (UTC) (envelope-from joek@prismnet.com) Received: from smtp.prismnet.com (smtp.prismnet.com [209.198.128.91]) by mx1.freebsd.org (Postfix) with ESMTP id 4EA8813C4BD for ; Mon, 14 May 2007 19:46:30 +0000 (UTC) (envelope-from joek@prismnet.com) Received: from webmail.io.com (webmail.io.com [209.198.128.99]) (authenticated bits=0) by smtp.prismnet.com (8.13.4/8.13.4) with ESMTP id l4EJkTc0019112 for ; Mon, 14 May 2007 14:46:29 -0500 (CDT) (envelope-from joek@prismnet.com) Received: from 209.198.163.252 (SquirrelMail authenticated user joek) by webmail.io.com with HTTP; Mon, 14 May 2007 14:46:29 -0500 (CDT) Message-ID: <4769.209.198.163.252.1179171989.squirrel@webmail.io.com> Date: Mon, 14 May 2007 14:46:29 -0500 (CDT) From: "Joe Kirby" To: freebsd-ipfw@freebsd.org User-Agent: SquirrelMail/1.4.8 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Spam-Status: No, score=-2.3 required=7.0 tests=BAYES_00 autolearn=ham version=3.1.0 X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on smtp.prismnet.com Subject: Re: ipfw dummynet bandwidth issues X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 May 2007 19:46:30 -0000 i pulled down ipfw show and this is a part of what it gives me if this helps at all 20008 12239 2038365 queue 20008 ip from 209.198.166.3 to any // 2000 256Kb/U 256Kb/D 209.198.166.3 20009 14969 15120731 queue 20009 ip from any to 209.198.166.3 // 2000 256Kb/U 256Kb/D 209.198.166.3 20018 3678 476015 queue 20018 ip from 209.198.166.4 to any // 2001 256Kb/U 256Kb/D 209.198.166.4 20019 4193 2970270 queue 20019 ip from any to 209.198.166.4 // 2001 256Kb/U 256Kb/D 209.198.166.4 20028 49231 5174114 queue 20028 ip from 209.198.166.5 to any // 2002 384Kb/U 1024Kb/D 209.198.166.5 20029 63216 77969270 queue 20029 ip from any to 209.198.166.5 // 2002 384Kb/U 1024Kb/D 209.198.166.5 20038 1165 239447 queue 20038 ip from 209.198.166.6 to any // 2003 256Kb/U 512Kb/D 209.198.166.6 20039 307 140524 queue 20039 ip from any to 209.198.166.6 // 2003 256Kb/U 512Kb/D 209.198.166.6 20048 36759 9836774 queue 20048 ip from 209.198.166.7 to any // 2004 128Kb/U 256Kb/D 209.198.166.7 20049 72478 83960250 queue 20049 ip from any to 209.198.166.7 // 2004 128Kb/U 256Kb/D 209.198.166.7 20058 17211 2571568 queue 20058 ip from 209.198.166.8 to any // 2005 384Kb/U 1024Kb/D 209.198.166.8 20059 20813 19231395 queue 20059 ip from any to 209.198.166.8 // 2005 384Kb/U 1024Kb/D 209.198.166.8 >> * On 14/05/07 10:31 -0500, Joe Kirby wrote: >> | I am currently running "traffic shapers" for a wireless network. The >> | shapers contain about 50 - 100 customers. All we shape is bandwidth to >> | adjust for billing. The problem that I am having is that the bandwidth >> on >> | the customers end seems to be very low on the upload side. Below are >> all >> | of my configs. >> >> All, including the ipfw configs? ;-) >> >> Anyway, I think you could rely on the WARTA whitepaper for clues. >> There is also http://www.wifibsd.org/ > From owner-freebsd-ipfw@FreeBSD.ORG Mon May 14 19:50:15 2007 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 25D8016A400 for ; Mon, 14 May 2007 19:50:15 +0000 (UTC) (envelope-from chengjin@fastsoft.com) Received: from mail35.opentransfer.com (MAIL35.opentransfer.com [76.162.254.35]) by mx1.freebsd.org (Postfix) with SMTP id 758DD13C46E for ; Mon, 14 May 2007 19:50:14 +0000 (UTC) (envelope-from chengjin@fastsoft.com) Received: (qmail 9333 invoked by uid 399); 14 May 2007 19:23:32 -0000 Received: from unknown (HELO grimbrute.fastsoft.com) (72.87.203.138) by mail35.opentransfer.com with SMTP; 14 May 2007 19:23:32 -0000 Date: Mon, 14 May 2007 12:23:14 -0700 To: freebsd-ipfw@freebsd.org From: "Cheng Jin" Organization: FastSoft, Inc. Content-Type: text/plain; format=flowed; delsp=yes; charset=windows-1250 MIME-Version: 1.0 Content-Transfer-Encoding: Quoted-Printable Message-ID: User-Agent: Opera Mail/9.20 (Win32) Subject: trouble setting up outgoing pipe on a bridged interface X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 May 2007 19:50:15 -0000 Hi, I am using FreeBSD 5.4 (sorry that i am stuck using an old version) on a= = machine with bridging enabled on the two nics, vr0 and rl0. i wanted to add two dummynet pipes on the= = rl0 interface, one for incoming bridged pkts received on rl0, and one for outgoing pkts transmitted by r= l0. Setting up the receiving pipe is no problem, but i have had a lot of = trouble getting the outgoing pipe setup correctly. none of the outgoing pipes i configured seem to take = effect. i set the sysctl variable bridge_ipfw=3D1 my first question is: is what i described possible for ipfw/dummynet in = = FreeBSD 5.4? Here is a sample of what i have tried for the ougoing pipe on rl0 ipfw add 65532 pipe 2 all from any to any bridged out recv rl0 (now i s= ee = why this isnt working, this is for outgoing pkts recv on rl0, not an ougoing pipe transmitted by rl0) or ipfw add 65532 pipe 2 all from any to any briged out xmit rl0 (outgoing = = pkt transmitted by rl0, i read the bridge code, and it appears that this wouldnt work for bridged pkts sinc= e = dummynet is called before the outgoing interface is determined) or ipfw add 65532 pipe 2 all from any to any bridged out recv vr0 xmit rl0 = = (i guess this suffers the same problem as the rule above?) or ipfw add 65532 pipe 2 all from any to any bridged via rl0 (last desperat= e = attempt at making something work, and i am not too sure why it do anything) I could set up the pipe by configuring it to do "in recv vr0" and it wou= ld = be fine, but I am quite puzzled why i couldnt set up an ougoing pipe on the bridged interface li= ke = I think I should be able to do. Thanks! Cheng From owner-freebsd-ipfw@FreeBSD.ORG Tue May 15 09:20:06 2007 Return-Path: X-Original-To: freebsd-ipfw@hub.freebsd.org Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A821F16A405 for ; Tue, 15 May 2007 09:20:06 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id 939BA13C4B8 for ; Tue, 15 May 2007 09:20:06 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l4F9K68u084463 for ; Tue, 15 May 2007 09:20:06 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l4F9K6au084462; Tue, 15 May 2007 09:20:06 GMT (envelope-from gnats) Date: Tue, 15 May 2007 09:20:06 GMT Message-Id: <200705150920.l4F9K6au084462@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: dfilter@FreeBSD.ORG (dfilter service) Cc: Subject: Re: conf/78762: commit references a PR X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: dfilter service List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 May 2007 09:20:06 -0000 The following reply was made to PR conf/78762; it has been noted by GNATS. From: dfilter@FreeBSD.ORG (dfilter service) To: bug-followup@FreeBSD.org Cc: Subject: Re: conf/78762: commit references a PR Date: Tue, 15 May 2007 09:18:30 +0000 (UTC) mtm 2007-05-15 09:18:25 UTC FreeBSD src repository Modified files: (Branch: RELENG_6) etc/rc.d ip6fw ipfw Log: MFC: revision 1.9 of rc.d/ip6fw and 1.15 of rc.d/ipfw date: 2007/04/02 15:38:53; author: mtm; state: Exp; lines: +1 -1 Instead of directly sourcing the firewall script, run it in a separate shell. If the firewall script is sourced directly from the script, then any exit statements in it will also terminate the rc.d script prematurely. PR: conf/78762 Revision Changes Path 1.6.2.1 +1 -1 src/etc/rc.d/ip6fw 1.10.2.4 +1 -1 src/etc/rc.d/ipfw _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org" From owner-freebsd-ipfw@FreeBSD.ORG Tue May 15 09:41:10 2007 Return-Path: X-Original-To: freebsd-ipfw@hub.freebsd.org Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 72EB416A402; Tue, 15 May 2007 09:41:10 +0000 (UTC) (envelope-from mtm@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id 4B97F13C46A; Tue, 15 May 2007 09:41:10 +0000 (UTC) (envelope-from mtm@FreeBSD.org) Received: from freefall.freebsd.org (mtm@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l4F9fAmq087554; Tue, 15 May 2007 09:41:10 GMT (envelope-from mtm@freefall.freebsd.org) Received: (from mtm@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l4F9fA37087550; Tue, 15 May 2007 09:41:10 GMT (envelope-from mtm) Date: Tue, 15 May 2007 09:41:10 GMT From: Mike Makonnen Message-Id: <200705150941.l4F9fA37087550@freefall.freebsd.org> To: jonw@whoweb.com, mtm@FreeBSD.org, freebsd-ipfw@FreeBSD.org Cc: Subject: Re: conf/78762: [ipfw] [patch] /etc/rc.d/ipfw should excecute $firewall_script not read it X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 May 2007 09:41:10 -0000 Synopsis: [ipfw] [patch] /etc/rc.d/ipfw should excecute $firewall_script not read it State-Changed-From-To: patched->closed State-Changed-By: mtm State-Changed-When: Tue May 15 09:39:36 UTC 2007 State-Changed-Why: MFC'ed to RELENG_6 http://www.freebsd.org/cgi/query-pr.cgi?pr=78762 From owner-freebsd-ipfw@FreeBSD.ORG Tue May 15 09:49:41 2007 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4806216A400 for ; Tue, 15 May 2007 09:49:41 +0000 (UTC) (envelope-from wash@wananchi.com) Received: from ns2.wananchi.com (ns2.wananchi.com [62.8.64.4]) by mx1.freebsd.org (Postfix) with ESMTP id CCF9313C455 for ; Tue, 15 May 2007 09:49:39 +0000 (UTC) (envelope-from wash@wananchi.com) Received: from wash by ns2.wananchi.com with local (Exim 4.67 #0 (FreeBSD 4.11-STABLE)) id 1Hntey-000DuQ-UU by authid for ; Tue, 15 May 2007 12:49:37 +0300 Date: Tue, 15 May 2007 12:49:36 +0300 From: Odhiambo WASHINGTON To: freebsd-ipfw@freebsd.org Message-ID: <20070515094936.GG85994@ns2.wananchi.com> References: <1904.209.198.163.252.1179156718.squirrel@webmail.io.com> <20070514161842.GC88544@ns2.wananchi.com> <3286.209.198.163.252.1179163401.squirrel@webmail.io.com> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="cyV/sMl4KAhiehtf" Content-Disposition: inline In-Reply-To: <3286.209.198.163.252.1179163401.squirrel@webmail.io.com> X-Disclaimer: Any views expressed in this message, where not explicitly attributed otherwise, are mine alone!. X-Mailer: Mutt 1.5.13 (2006-08-11) X-Designation: Systems Administrator, Wananchi Online Ltd. X-Location: Nairobi, KE, East Africa. User-Agent: Mutt/1.5.13 (2006-08-11) Subject: Re: ipfw dummynet bandwidth issues X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 May 2007 09:49:41 -0000 --cyV/sMl4KAhiehtf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable * On 14/05/07 12:23 -0500, Joe Kirby wrote: | > * On 14/05/07 10:31 -0500, Joe Kirby wrote: | > | I am currently running "traffic shapers" for a wireless network. The | > | shapers contain about 50 - 100 customers. All we shape is bandwidth to | > | adjust for billing. The problem that I am having is that the bandwidth | > on | > | the customers end seems to be very low on the upload side. Below are = all | > | of my configs. | > | > All, including the ipfw configs? ;-) | > | > Anyway, I think you could rely on the WARTA whitepaper for clues. | > There is also http://www.wifibsd.org/ |=20 |=20 | I would rather get this working. My former system admin dropped it into my | lap about 2 weeks ago when he left. I understand the basics for this. The | only ipfw config that I have is the following one if that helps at all. |=20 | #!/bin/sh | # | # $FreeBSD: src/etc/rc.d/ipfw,v 1.10.2.2 2006/03/01 11:36:01 wkoszek Exp $ | # |=20 | # PROVIDE: ipfw | # REQUIRE: ppp | # BEFORE: NETWORKING | # KEYWORD: nojail |=20 | . /etc/rc.subr | . /etc/network.subr |=20 | name=3D"ipfw" | rcvar=3D"firewall_enable" | start_cmd=3D"ipfw_start" | start_precmd=3D"ipfw_precmd" | stop_cmd=3D"ipfw_stop" |=20 | ipfw_precmd() | { | if ! ${SYSCTL} net.inet.ip.fw.enable > /dev/null 2>&1; then | if ! kldload ipfw; then | warn unable to load firewall module. | return 1 | fi | fi |=20 | return 0 | } |=20 | ipfw_start() | { | # set the firewall rules script if none was specified | [ -z "${firewall_script}" ] && firewall_script=3D/etc/rc.firewall So your rules file is /etc/rc.firewall. -Wash http://www.netmeister.org/news/learn2quote.html DISCLAIMER: See http://www.wananchi.com/bms/terms.php -- +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ |\ _,,,---,,_ | Odhiambo Washington Zzz /,`.-'`' -. ;-;;,_ | Wananchi Online Ltd. www.wananchi.com |,4- ) )-,_. ,\ ( `'-'| Tel: +254 20 313985-9 +254 20 313922 '---''(_/--' `-'\_) | GSM: +254 722 743223 +254 733 744121 +=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D+ Since we have to speak well of the dead, let's knock them while they're alive. -- John Sloan --cyV/sMl4KAhiehtf Content-Type: application/x-pkcs7-signature Content-Disposition: attachment; filename="smime.p7s" Content-Transfer-Encoding: base64 MIIIvwYJKoZIhvcNAQcCoIIIsDCCCKwCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC BjYwggLvMIICWKADAgECAhB0qsRS3rtMb4ETFb2E4EfsMA0GCSqGSIb3DQEBBQUAMGIxCzAJ BgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYD VQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTAeFw0wNzA0MTgxMDIz MzlaFw0wODA0MTcxMDIzMzlaMEMxHzAdBgNVBAMTFlRoYXd0ZSBGcmVlbWFpbCBNZW1iZXIx IDAeBgkqhkiG9w0BCQEWEXdhc2hAd2FuYW5jaGkuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEAnMoutu+80/1a+mg7CdzZjG+0LEJJyaGh4BZ8mpN60gHIl6tv5O0pVxiu rCd8iTMcNH/xjjdUX5lfEovLsusYOrvjeWL6T0zYbuIlayZTSgTWPf1aMUO8c7KUfNGuv4Zy Ir+74zD9uzrI8nyq/XSvni5Sy4JCZYWkA5UDBRgd/kEribxU/8vPOVcyRcyKKZCJJTKPfFDP pkhCMWL3yYaYooZCTudk08MQM7UHaSlC7U6t48zo3u2vMIuqndvcxcLF6Uqaz110kF3XvwzY IwrxTxJGfrPzXZ2CFKVc1Gxwr/S4N91HOpSoR+WX2GCnw5V9yQUcFZD23kheXwcbYtJwUQID AQABo0EwPzARBglghkgBhvhCAQEEBAMCBaAwHAYDVR0RBBUwE4ERd2FzaEB3YW5hbmNoaS5j b20wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQUFAAOBgQB3AO7lWZcos4fBDFcwaIqJINq8 AjZC8xO76zGeaC6+JegqIUbyg7+aVunExYIhjH5fhRv/5VhWLVCFm5Xh2NV18v+MknQZE7xH W1H7QCFi3+J12NJWVxC/TVN7R8d24TTQknE47lPI0OH53orj+GjegmgmXED8eOeLpU1U4zqg aDCCAz8wggKooAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNVBAYTAlpBMRUwEwYD VQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UEChMRVGhhd3Rl IENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2aXNpb24x JDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJARYc cGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYy MzU5NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5 KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTCB nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV+065yplaHmjAdQRwnd/p/6Me7L3N 9VvyGna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfArhVqqP3FWy688Cwfn8R+RNiQqE88r 1fOCdz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUPSAR/p7bRPGEEQB5kGXJgt/sCAwEAAaOB lDCBkTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwu dGhhd3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVtYWlsQ0EuY3JsMAsGA1UdDwQEAwIBBjAp BgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0ZUxhYmVsMi0xMzgwDQYJKoZIhvcNAQEF BQADgYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOWlJ1/TCG4+DYfqi2fNi/A9BxQIJNwPP2t 4WFiw9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN3amcOY6MIE9lX5Xa9/eH1sYITq726jTl EBpbNU1341YheILcIRk13iSx0x1G/11fZU8xggJRMIICTQIBATB2MGIxCzAJBgNVBAYTAlpB MSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3 dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIQdKrEUt67TG+BExW9hOBH7DAJBgUr DgMCGgUAoIGxMBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTA3 MDUxNTA5NDkzNlowIwYJKoZIhvcNAQkEMRYEFJrTbtsijFwM8jTkNJos/NiZJ95mMFIGCSqG SIb3DQEJDzFFMEMwCgYIKoZIhvcNAwcwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFA MAcGBSsOAwIHMA0GCCqGSIb3DQMCAgEoMA0GCSqGSIb3DQEBAQUABIIBAEUyEXfBEG4C7LVZ uV1b4axiAwdE2SkrggJycM4vmt3DIQc1Whh/T9pE4QovnOiBdvA8JZzGF/yEIrFp7p2/Dx3m aIm6cI776GqHCiGd4L0X7LPy9Dxu03shyQEdGXLE/hj0ryEJUif4O0zSTrWjZ57CgMxeZFw8 NDbZ98Mf6WsYurJEdxGXUGTiPxJaXU892yD9kmuXqubHKeB3KNwDUSI1qid+CUVgGj+zGwjO zPEQ7UzS0pvTa6WNM4ynSIoBuikst6OxD+oyzkv+QE8vusspmXKLHb09jyBRmqTmZE2GTTPN gwqS03DL/KIIgAwz+oMkD7gE08v4O6tA79Ih9wQ= --cyV/sMl4KAhiehtf-- From owner-freebsd-ipfw@FreeBSD.ORG Wed May 16 11:44:27 2007 Return-Path: X-Original-To: freebsd-ipfw@hub.freebsd.org Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A541216A401; Wed, 16 May 2007 11:44:27 +0000 (UTC) (envelope-from remko@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id 7D87713C45B; Wed, 16 May 2007 11:44:27 +0000 (UTC) (envelope-from remko@FreeBSD.org) Received: from freefall.freebsd.org (remko@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l4GBiRwE061374; Wed, 16 May 2007 11:44:27 GMT (envelope-from remko@freefall.freebsd.org) Received: (from remko@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l4GBiRIT061370; Wed, 16 May 2007 11:44:27 GMT (envelope-from remko) Date: Wed, 16 May 2007 11:44:27 GMT From: Remko Lodder Message-Id: <200705161144.l4GBiRIT061370@freefall.freebsd.org> To: remko@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-ipfw@FreeBSD.org Cc: Subject: Re: kern/112708: ipfw is seems to be broken to limit number of connections X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 May 2007 11:44:27 -0000 Synopsis: ipfw is seems to be broken to limit number of connections Responsible-Changed-From-To: freebsd-bugs->freebsd-ipfw Responsible-Changed-By: remko Responsible-Changed-When: Wed May 16 11:44:16 UTC 2007 Responsible-Changed-Why: reassign to ipfw team. http://www.freebsd.org/cgi/query-pr.cgi?pr=112708 From owner-freebsd-ipfw@FreeBSD.ORG Thu May 17 13:20:11 2007 Return-Path: X-Original-To: freebsd-ipfw@hub.freebsd.org Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 44F2616A405 for ; Thu, 17 May 2007 13:20:11 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id 0E1E913C44B for ; Thu, 17 May 2007 13:20:10 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l4HDK9iw038457 for ; Thu, 17 May 2007 13:20:09 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l4HDK9RM038454; Thu, 17 May 2007 13:20:09 GMT (envelope-from gnats) Date: Thu, 17 May 2007 13:20:09 GMT Message-Id: <200705171320.l4HDK9RM038454@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: "Andrey V. Elsukov" Cc: Subject: Re: kern/112708: ipfw is seems to be broken to limit number of connections X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "Andrey V. Elsukov" List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 May 2007 13:20:11 -0000 The following reply was made to PR kern/112708; it has been noted by GNATS. From: "Andrey V. Elsukov" To: bug-followup@FreeBSD.org, seal@inar.ru Cc: Subject: Re: kern/112708: ipfw is seems to be broken to limit number of connections Date: Thu, 17 May 2007 16:42:16 +0400 Hi, What show `ipfw -d show` and `netstat -anf inet | grep -E "SYN|ESTAB"`? -- WBR, Andrey V. Elsukov