From owner-freebsd-ipfw@FreeBSD.ORG  Tue Apr 13 08:06:30 2004
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3F23616A4CE
	for <ipfw@FreeBSD.org>; Tue, 13 Apr 2004 08:06:30 -0700 (PDT)
Received: from mailgw.dgrp.sk (mailgw.dgrp.sk [195.28.127.4])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6F8FE43D1D
	for <ipfw@FreeBSD.org>; Tue, 13 Apr 2004 08:06:28 -0700 (PDT)
	(envelope-from koren@tempest.sk)
Received: by mailgw.dgrp.sk (Postfix, from userid 1003)
	id 6C4074FD93; Tue, 13 Apr 2004 17:06:26 +0200 (CEST)
Received: from domino1.tempest.sk (domino1.tempest.sk [195.28.100.38])
	by mailgw.dgrp.sk (Postfix) with ESMTP id 04F184FD92
	for <ipfw@FreeBSD.org>; Tue, 13 Apr 2004 17:06:26 +0200 (CEST)
Received: from lk106.tempest.sk ([195.28.109.36])
          by domino1.tempest.sk (Lotus Domino Release 6.5.1IF1)
          with ESMTP id 2004041317062429-1031 ;
          Tue, 13 Apr 2004 17:06:24 +0200 
Received: from lk106.tempest.sk (localhost [127.0.0.1])
	by lk106.tempest.sk (8.12.10/8.12.5) with ESMTP id i3DF6HBp031893;
	Tue, 13 Apr 2004 17:06:17 +0200 (CEST)
	(envelope-from koren@lk106.tempest.sk)
Received: (from koren@localhost)
	by lk106.tempest.sk (8.12.10/8.12.10/Submit) id i3DF6G20031890;
	Tue, 13 Apr 2004 17:06:16 +0200 (CEST)
	(envelope-from koren)
Date: Tue, 13 Apr 2004 17:06:16 +0200 (CEST)
Message-Id: <200404131506.i3DF6G20031890@lk106.tempest.sk>
From: Ludo Koren <lk@tempest.sk>
To: ipfw@FreeBSD.org
X-MIMETrack: Itemize by SMTP Server on Domino1/DGRP(Release 6.5.1IF1|March 16,
	2004) at 13.04.2004 17:06:24,at 13.04.2004 17:06:26,
	Serialize complete at 13.04.2004 17:06:26
X-Spam-Checker-Version: SpamAssassin 2.61 (1.212.2.1-2003-12-09-exp) on mailgw
X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.61
X-Spam-Level: 
Subject: limiting bandwith
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Apr 2004 15:06:30 -0000


Hi.

I am running ipfw on 5.2.1-RELEASE-p1.

The relevant part of the ipfw configuration follows:

add check-state
pipe 10 config bw 64Kbit/s
pipe 20 config bw 256Kbit/s
pipe 30 config bw 8Kbit/s
queue 10 config pipe 10 weight 100
queue 20 config pipe 20 weight 1
queue 30 config pipe 30 weight 1
....

# Allow SMTP
add pass tcp from A to B 25 keep-state
add pass tcp from B to A dst-port 25 in via xl0
add pass tcp from A 25 to B in recv xl1
add pipe 20 tcp from B to A dst-port 25 out xmit xl1 keep-state
add pass tcp from C to B 25 keep-state
add pass tcp from B to C dst-port 25 in via xl0
add pass tcp from C 25 to B in recv xl1
add pipe 20 tcp from B to C dst-port 25 out xmit xl1 keep-state

where the A,B,C addresses are not assigned to local interfaces. The
xl0 is on the local LAN, the xl1 is connected to the router and
WAN. If I watch packets (netstat -w 10 -I xl1) flowing through xl1, I
see numbers are correct (~32000 bytes per second). MRTG on the router
shows just half throughput, i.e. 128Kb/s. If I reconfigure pipe 20 to
512Kbit/s or 0Kbit/s, the MRTG shows 256Kbit/s.

Could you point to me what I did wrong?

Thank you very much in advance.

lk