From owner-freebsd-ipfw Sun May 26 3:52:55 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mirapoint.inter.net.il (mirapoint.inter.net.il [192.114.186.20]) by hub.freebsd.org (Postfix) with ESMTP id C539337B404 for ; Sun, 26 May 2002 03:52:42 -0700 (PDT) Received: from main1 ([80.230.140.102]) by mirapoint.inter.net.il (Mirapoint Messaging Server MOS 3.1.0.58-GA) with SMTP id AEU14966; Sun, 26 May 2002 13:52:34 +0300 (IDT) Message-ID: <004701c204ab$db0e2050$668ce650@main1> From: "Retal" To: Subject: Unreach flag Date: Sun, 26 May 2002 13:52:46 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0042_01C204BC.9DE29470" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This is a multi-part message in MIME format. ------=_NextPart_000_0042_01C204BC.9DE29470 Content-Type: text/plain; charset="windows-1255" Content-Transfer-Encoding: quoted-printable Hi..=20 There's sometimes i just can't figure out: When im adding those rules to my IPFW: 00001 7 392 allow icmp from 80.230.140.105 to any 00002 10 576 unreach host icmp from any to any and after it i ping my fbsd box from another IP i get this: Reply from 80.230.140.105: Destination host unreachable. Reply from 80.230.140.105: Destination host unreachable. Reply from 80.230.140.105: Destination host unreachable. Reply from 80.230.140.105: Destination host unreachable. whats this unreach option used for/useful for .. and is it matter if i = use host, filter-prohib or any other flags.. ? Thanks.. Retal (retaly@inter.net.il) ------=_NextPart_000_0042_01C204BC.9DE29470 Content-Type: text/html; charset="windows-1255" Content-Transfer-Encoding: quoted-printable
Hi..
 
There's sometimes i just can't figure=20 out:
 
  When im adding those rules to my = IPFW:
 
00001    =20 7     392 allow icmp from 80.230.140.105 to=20 any
00002    10     576 unreach = host icmp=20 from any to any
 
and after it i ping my fbsd box from = another IP i=20 get this:
 
Reply from 80.230.140.105: Destination = host=20 unreachable.
Reply from 80.230.140.105: Destination host=20 unreachable.
Reply from 80.230.140.105: Destination host=20 unreachable.
Reply from 80.230.140.105: Destination host=20 unreachable.
 
 
whats this unreach option used = for/useful=20 for .. and is it matter if i use host, filter-prohib or any other = flags..=20 ?
 
Thanks.. Retal (retaly@inter.net.il)
= ------=_NextPart_000_0042_01C204BC.9DE29470-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Sun May 26 10:39:50 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from tao.dizzy-online.org (dyn-212-129-9-78.ppp.tiscali.fr [212.129.9.78]) by hub.freebsd.org (Postfix) with ESMTP id 3E42C37B401 for ; Sun, 26 May 2002 10:39:47 -0700 (PDT) Received: from dizzy-online.org (tao [192.0.1.2]) by tao.dizzy-online.org (8.11.6/8.11.6) with ESMTP id g4QHd1N28340 for ; Sun, 26 May 2002 19:39:03 +0200 (CEST) (envelope-from guest@dizzy-online.org) From: "Dizzy" To: ipfw@freebsd.org Subject: control bandwidth with IPF Date: Sun, 26 May 2002 19:39:01 +0900 Message-Id: <20020526193901.M52578@dizzy-online.org> X-Mailer: Open WebMail 1.62 20020221 X-OriginatingIP: 192.0.1.3 (guest) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG hi, Is it possible to control bandwidth per IP with IPF ? Actually I use IPFW and I have some problem. So I want to try IPF. Thanks -- Dizzy - a french student To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Sun May 26 22:49:36 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from charon.0x54434D.net (p50825FCD.dip.t-dialin.net [80.130.95.205]) by hub.freebsd.org (Postfix) with ESMTP id EA8FD37B405 for ; Sun, 26 May 2002 22:49:31 -0700 (PDT) Received: from 0x54434D.net (powerbox.tcm.lan [192.168.1.11]) by charon.0x54434D.net (Postfix) with ESMTP id BD5523E28; Mon, 27 May 2002 07:49:29 +0200 (CEST) Message-ID: <3CF1C8E8.6020006@0x54434D.net> Date: Mon, 27 May 2002 07:49:28 +0200 From: Nino Dehne User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc3) Gecko/20020523 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Retal Cc: freebsd-ipfw@freebsd.org Subject: Re: Unreach flag References: <004701c204ab$db0e2050$668ce650@main1> Content-Type: text/plain; charset=windows-1255; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi Retal, Retal wrote: > Hi.. > > There's sometimes i just can't figure out: > > When im adding those rules to my IPFW: > > 00001 7 392 allow icmp from 80.230.140.105 to any you need to allow echo requests (type 0) to reach your box. look at this: allow icmp from any to 80.230.140.105 icmptype 0 allow icmp from 80.230.140.105 to any icmptype 8 icmp type 0 is "echo request" while type 8 is "echo reply". > 00002 10 576 unreach host icmp from any to any > > and after it i ping my fbsd box from another IP i get this: > > Reply from 80.230.140.105: Destination host unreachable. > Reply from 80.230.140.105: Destination host unreachable. > Reply from 80.230.140.105: Destination host unreachable. > Reply from 80.230.140.105: Destination host unreachable. > > > whats this unreach option used for/useful for .. and is it matter if i > use host, filter-prohib or any other flags.. ? can't comment on these, though. > Thanks.. Retal (retaly@inter.net.il ) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Tue May 28 13:26:31 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from atro.pine.nl (atro.pine.nl [213.156.0.2]) by hub.freebsd.org (Postfix) with ESMTP id D516237B400 for ; Tue, 28 May 2002 13:26:23 -0700 (PDT) Received: by atro.pine.nl (Pine Internet Secure Mailer, from userid 65536) id 28F2C11D001; Tue, 28 May 2002 22:26:21 +0200 (MET DST) Date: Tue, 28 May 2002 22:26:21 +0200 From: Patrick Oonk To: Dizzy Cc: ipfw@freebsd.org Subject: Re: problem with ipfw Message-ID: <20020528202620.GF25381@pine.nl> Reply-To: patrick@pine.nl References: <20020524213523.M34448@dizzy-online.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020524213523.M34448@dizzy-online.org> User-Agent: Mutt/1.3.25i X-Organization: Pine Internet B.V. X-GSM: +31-6-24209907 X-message: secretary plugged hairdryer into UPS X-Zen: Ommmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm X-Coordinates: 52 04 43N - 4 17 27W X-NCC-RegID: nl.pine X-PGP-Fingerprint: DD29 1787 8F49 51B8 4FDF 2F64 A65C 42AE 155C 3934 X-PGP-KeyID: 155C3934 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Fri, May 24, 2002 at 09:35:23PM +0900, Dizzy wrote: > hi, > > I run FreeBSD : > FreeBSD tao.dizzy-online.org 4.5-RELEASE FreeBSD 4.5-RELEASE #2: Thu Mar 14 > 21:40:45 GMT 2002 ***:/usr/src/sys/compile/TAO i386 > > > My configuration is : > > 01000 allow ip from 192.0.1.0/24 to 192.0.1.0/24 > 39999 allow tcp from any to me 80 > 40001 allow tcp from any to me 443 > 40009 pipe 1 tcp from me 80 to any limit dst-addr 1 > 40011 allow tcp from me 443 to any > 64999 allow ip from me to any > 65000 allow ip from any to any > 65535 deny ip from any to any > > > I want to limit bandwidth and number of connection on my web site. > But sometime and from some domain, my website is not accessible. > It seems depend on download size but not sure. > > Any idea ? > Is my config good ? There are two solutions to this problem: A) Allow ICMP type 3 code 4 messages to reach the webserver B) Turn off Path MTU Discovery on the web server Solution A enables your webserver to use the right MSS, and does not pose a security threat, see http://rr.sans.org/threats/ICMP.php Solution B will allow the ISP router to fragment the packets. Solution A is highly prefered as fragmentation will lead to poorer performance. For more information, and an explanation of terms and abreviations read: ftp://ftp.isi.edu/in-notes/rfc2923.txt http://www.worldgate.com/~marcs/mtu/ http://home.earthlink.net/~jaymzh666/solaris/mss/ -- patrick oonk - pine internet - patrick@pine.nl - www.pine.nl/~patrick T:+31-70-3111010 - F:+31-70-3111011 - Read news at http://security.nl PGPid A4E74BBF fp A7CF 7611 E8C4 7B79 CA36 0BFD 2CB4 7283 A4E7 4BBF Note: my NEW PGP key is available at http://www.pine.nl/~patrick/ Excuse of the day: Fatal error right in front of screen To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Tue May 28 18:50: 1 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from gate21.fw.porsche.de (gate23.fw.porsche.de [193.174.9.99]) by hub.freebsd.org (Postfix) with SMTP id 867AD37B408 for ; Tue, 28 May 2002 18:49:55 -0700 (PDT) Received: (qmail 24413 invoked from network); 29 May 2002 01:53:17 -0000 Received: from unknown (HELO wuxin011.ibd.porsche.de) (141.36.65.1) by 193.197.149.150 with SMTP; 29 May 2002 01:53:17 -0000 Received: (qmail 5789 invoked from network); 29 May 2002 01:49:42 -0000 Received: from wuxws007.ibd.porsche.de (HELO porsche.de) (141.36.2.178) by smtp4cli.ibd.porsche.de with SMTP; 29 May 2002 01:49:42 -0000 Message-ID: <3CF43436.6080008@porsche.de> Date: Wed, 29 May 2002 03:51:50 +0200 From: Marc Perisa User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0rc3) Gecko/20020523 X-Accept-Language: en, de-de, es-es MIME-Version: 1.0 To: ipfw@freebsd.org Cc: luigi@FreeBSD.org Subject: bridge(4) and non-IP packets Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hi, Joost Bekkers filled in 2000 a PR ( http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/23771 ) that adds compile options to the kernel for bridge(4). It helps to not brigde no-IP packets. - Is the idea useful? ( adding a kernel compile option) - Is the way the patch is coded ok? - Should the patch be updated against -CURRENT or -STABLE code? If the answer is yes three times I will take a deeper look (and perhaps add BRIDGE_ALLOW_IPX, BRIDGE_ALLOW_) and update the patch against the actual source. Another idea is to create a set of sysctl to handle different protocols like net.link.ether.bridge_ipfw_. Then a section for checking the protocol of packets should be added. Whom I may ask for guidance? Thanks Marc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Tue May 28 19:10:21 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from iguana.icir.org (iguana.icir.org [192.150.187.36]) by hub.freebsd.org (Postfix) with ESMTP id 3868237B411 for ; Tue, 28 May 2002 19:09:55 -0700 (PDT) Received: (from rizzo@localhost) by iguana.icir.org (8.11.6/8.11.3) id g4T29l014567; Tue, 28 May 2002 19:09:47 -0700 (PDT) (envelope-from rizzo) Date: Tue, 28 May 2002 19:09:47 -0700 From: Luigi Rizzo To: Marc Perisa Cc: ipfw@FreeBSD.ORG Subject: Re: bridge(4) and non-IP packets Message-ID: <20020528190947.A14555@iguana.icir.org> References: <3CF43436.6080008@porsche.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3CF43436.6080008@porsche.de>; from perisa@porsche.de on Wed, May 29, 2002 at 03:51:50AM +0200 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG we are in code freeze now so it is not a good time to work on -stable. Re. current, i recently introduced the ability to match packets basing on the MAC header, so the patch in the PR is not necessary there. I might MFC the code after 4.6 is out. cheers luigi On Wed, May 29, 2002 at 03:51:50AM +0200, Marc Perisa wrote: > Hi, > > Joost Bekkers filled in 2000 a PR ( > http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/23771 ) that adds > compile options to the kernel for bridge(4). It helps to not brigde > no-IP packets. > > - Is the idea useful? ( adding a kernel compile option) > - Is the way the patch is coded ok? > - Should the patch be updated against -CURRENT or -STABLE code? > > If the answer is yes three times I will take a deeper look (and perhaps > add BRIDGE_ALLOW_IPX, BRIDGE_ALLOW_) and update the patch > against the actual source. > > Another idea is to create a set of sysctl to handle different protocols > like net.link.ether.bridge_ipfw_. Then a section for checking > the protocol of packets should be added. > > Whom I may ask for guidance? > > Thanks > > Marc > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Tue May 28 19:42:48 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from gate21.fw.porsche.de (gate23.fw.porsche.de [193.174.9.99]) by hub.freebsd.org (Postfix) with SMTP id 9AC4A37B406 for ; Tue, 28 May 2002 19:42:39 -0700 (PDT) Received: (qmail 25188 invoked from network); 29 May 2002 02:46:01 -0000 Received: from unknown (HELO wuxin011.ibd.porsche.de) (141.36.65.1) by 193.197.149.150 with SMTP; 29 May 2002 02:46:01 -0000 Received: (qmail 11881 invoked from network); 29 May 2002 02:42:26 -0000 Received: from wuxws007.ibd.porsche.de (HELO porsche.de) (141.36.2.178) by smtp4cli.ibd.porsche.de with SMTP; 29 May 2002 02:42:26 -0000 Message-ID: <3CF44092.20000@porsche.de> Date: Wed, 29 May 2002 04:44:34 +0200 From: Marc Perisa User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0rc3) Gecko/20020523 X-Accept-Language: en, de-de, es-es MIME-Version: 1.0 To: Luigi Rizzo Cc: ipfw@FreeBSD.ORG Subject: Re: bridge(4) and non-IP packets References: <3CF43436.6080008@porsche.de> <20020528190947.A14555@iguana.icir.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Luigi Rizzo wrote: >we are in code freeze now so it is not a good time to work on -stable. > I know this and asked only for input so we can close that PR before the next release. :) >Re. current, i recently introduced the ability to match packets >basing on the MAC header, so the patch in the PR is not necessary there. > > Can you please take over the PR then and close it after the MFC? >I might MFC the code after 4.6 is out. > > cheers > luigi > > > Thanks Marc To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Wed May 29 17:43:27 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from c015.snv.cp.net (h003.c015.snv.cp.net [209.228.35.118]) by hub.freebsd.org (Postfix) with SMTP id 2338B37B407 for ; Wed, 29 May 2002 17:43:15 -0700 (PDT) Received: (cpmta 3218 invoked from network); 29 May 2002 17:43:14 -0700 Date: 29 May 2002 17:43:14 -0700 Message-ID: <20020530004314.3217.cpmta@c015.snv.cp.net> X-Sent: 30 May 2002 00:43:14 GMT Received: from [65.16.158.66] by mail.compgeek.com with HTTP; 29 May 2002 17:43:14 PDT Content-Type: text/plain Content-Disposition: inline Mime-Version: 1.0 To: freebsd-ipfw@freebsd.org From: Jon Noack X-Mailer: Web Mail 3.9.3.11 X-Sent-From: noackjr@compgeek.com Subject: peer-to-peer asymmetric simulation Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I'm trying to simulate a peer-to-peer network of 8 clients connected via asymmetric links using dummynet. I have it up and running using a machine with 8 network interfaces running as a bridge. The only issue is that (as I've found reading older posts) when running in a bridge packets are only passed through ipfw once. This obviously prevents me from limiting both directions of the links. Basic config for 8 56Kbit/s modem clients: #Upstream pipe 1 config mask src-ip 0x000000ff bw 32Kbit/s delay 100ms queue 4Kbytes add pipe 1 ip from any to any out #Downstream pipe 2 config mask dst-ip 0x000000ff bw 48Kbit/s delay 100ms queue 4Kbytes add pipe 2 ip from any to any in First of all, is this even correct (not sure about whether in and out are used correctly)? Second, I've seen that the following patch was proposed: it might be as simple as changing one line in bridge.c if (ip_fw_chk_ptr && bdg_ipfw != 0 && src != NULL) { struct ip *ip ; int i; - if (rule != NULL) /* dummynet packet, already partially processed */ + if (rule != NULL && fw_one_pass) goto forward; /* HACK! I should obey the fw_one_pass */ but i never had a chance to test it. Has anyone used this? If this doesn't work, how should I modify my setup to make this work (i.e. use router instead of bridge? settings necessary?)? Thanks, Jon Noack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu May 30 0:18:26 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from iguana.icir.org (iguana.icir.org [192.150.187.36]) by hub.freebsd.org (Postfix) with ESMTP id D19D437B401 for ; Thu, 30 May 2002 00:18:21 -0700 (PDT) Received: (from rizzo@localhost) by iguana.icir.org (8.11.6/8.11.3) id g4U7ILM27990; Thu, 30 May 2002 00:18:21 -0700 (PDT) (envelope-from rizzo) Date: Thu, 30 May 2002 00:18:20 -0700 From: Luigi Rizzo To: Jon Noack Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: peer-to-peer asymmetric simulation Message-ID: <20020530001820.A27956@iguana.icir.org> References: <20020530004314.3217.cpmta@c015.snv.cp.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020530004314.3217.cpmta@c015.snv.cp.net>; from noackjr@compgeek.com on Wed, May 29, 2002 at 05:43:14PM -0700 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Wed, May 29, 2002 at 05:43:14PM -0700, Jon Noack wrote: > I'm trying to simulate a peer-to-peer network of 8 clients connected via asymmetric links using dummynet. I have it up and running using a machine with 8 network interfaces running as a bridge. The only issue is that (as I've found reading older posts) when running in a bridge packets are only passed through ipfw once. This obviously prevents me from limiting both directions of the links. it is true that _each_ packet goes through the firewall once, but when you have bidirectional traffic nothing prevents you from having different rules apply to packets in the two directions e.g. basing on the receive interface ipfw add pipe 1 ip from any to any in recv fxp0 ipfw add pipe 2 ip from any to any in recv fxp1 this particular example is probablu even on the ipfw manpage or on the dummynet page http://info.iet.unipi.it/~luigi/ip_dummynet/ cheers luigi > Basic config for 8 56Kbit/s modem clients: > > #Upstream > pipe 1 config mask src-ip 0x000000ff bw 32Kbit/s delay 100ms queue 4Kbytes > add pipe 1 ip from any to any out > > #Downstream > pipe 2 config mask dst-ip 0x000000ff bw 48Kbit/s delay 100ms queue 4Kbytes > add pipe 2 ip from any to any in > > First of all, is this even correct (not sure about whether in and out are used correctly)? Second, I've seen that the following patch was proposed: > > it might be as simple as changing one line in bridge.c > > if (ip_fw_chk_ptr && bdg_ipfw != 0 && src != NULL) { > struct ip *ip ; > int i; > > - if (rule != NULL) /* dummynet packet, already partially processed */ > + if (rule != NULL && fw_one_pass) > goto forward; /* HACK! I should obey the fw_one_pass */ > > but i never had a chance to test it. > > Has anyone used this? > > If this doesn't work, how should I modify my setup to make this work (i.e. use router instead of bridge? settings necessary?)? > > Thanks, > Jon Noack > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu May 30 0:39:23 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from c015.snv.cp.net (h003.c015.snv.cp.net [209.228.35.118]) by hub.freebsd.org (Postfix) with SMTP id 5FCD537B400 for ; Thu, 30 May 2002 00:39:19 -0700 (PDT) Received: (cpmta 15567 invoked from network); 30 May 2002 00:39:19 -0700 Date: 30 May 2002 00:39:19 -0700 Message-ID: <20020530073919.15566.cpmta@c015.snv.cp.net> X-Sent: 30 May 2002 07:39:19 GMT Received: from [65.69.2.157] by mail.compgeek.com with HTTP; 30 May 2002 00:39:19 PDT Content-Type: text/plain Content-Disposition: inline Mime-Version: 1.0 To: rizzo@icir.org From: Jon Noack Cc: freebsd-ipfw@FreeBSD.ORG X-Mailer: Web Mail 3.9.3.11 Subject: Re: peer-to-peer asymmetric simulation X-Sent-From: noackjr@compgeek.com Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > it is true that _each_ packet goes through the firewall once, > but when you have bidirectional traffic nothing prevents you > from having different rules apply to packets in the two > directions e.g. basing on the receive interface > > ipfw add pipe 1 ip from any to any in recv fxp0 > ipfw add pipe 2 ip from any to any in recv fxp1 > > this particular example is probablu even on the ipfw manpage > or on the dummynet page > http://info.iet.unipi.it/~luigi/ip_dummynet/ Yes, this is the functionality I have. I guess I wasn't clear with the problem. If I am simulating a peer-to-peer environment of 56k modems, I need to limit bandwidth both up- and down-stream. The solution above only give me one or the other, not both. For example, with 8 "56k modem" clients (assuming previous settings from last email): If 7 of the 8 are transmitting to the 8th, I can limit them to only send 224Kbits/s of data to it (each limited to 32Kbits/s times 7 clients). BUT, because it's only going through ipfw once, I cannot limit the traffic going in to the 8th client to 48Kbits/s. It will come in at the full 224Kbits/s. Does my original email make more sense now? Jon Noack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu May 30 0:55: 7 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mail.mipk-kspu.kharkov.ua (flash.mipk-kspu.kharkov.ua [194.44.157.113]) by hub.freebsd.org (Postfix) with ESMTP id B8BDD37B405 for ; Thu, 30 May 2002 00:54:54 -0700 (PDT) Received: from mipk-kspu.kharkov.ua (rainbow.mipk-kspu.kharkov.ua [192.168.9.241]) by mail.mipk-kspu.kharkov.ua (8.12.3/8.11.1) with ESMTP id g4U7qNoD057588 for ; Thu, 30 May 2002 10:52:25 +0300 (EEST) (envelope-from artem@mipk-kspu.kharkov.ua) Message-ID: <3CF5DA36.76DAE9EA@mipk-kspu.kharkov.ua> Date: Thu, 30 May 2002 10:52:22 +0300 From: "Artyom V. Viklenko" Organization: IIAT NTU "KhPI" X-Mailer: Mozilla 4.78 [en] (WinNT; U) X-Accept-Language: ru,uk,en MIME-Version: 1.0 To: freebsd-ipfw@FreeBSD.ORG Subject: Re: peer-to-peer asymmetric simulation References: <20020530073919.15566.cpmta@c015.snv.cp.net> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Jon Noack wrote: > > If 7 of the 8 are transmitting to the 8th, I can limit them to only send > 224Kbits/s of data to it (each limited to 32Kbits/s times 7 clients). BUT, > because it's only going through ipfw once, I cannot limit the traffic going Use sysctl to set net.inet.ip.fw.one_pass=0 Packets from pipes will be reinserted in the ipfw to the next rule. Hope this will be helpful. > in to the 8th client to 48Kbits/s. It will come in at the full > 224Kbits/s. Does my original email make more sense now? > > Jon Noack > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message -- Sincerely yours, Artyom V. Viklenko. ====================================================== System Administrator artem@mipk-kspu.kharkov.ua ------------------------------------------------------ IIAT NTU "KhPI" 21, Frunze Str., Kharkov Ukraine 61002 Phone: +380 (572) 400026 Fax: +380 (572) 474062 ====================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu May 30 1: 2:48 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from c015.snv.cp.net (h003.c015.snv.cp.net [209.228.35.118]) by hub.freebsd.org (Postfix) with SMTP id 80B1D37B403 for ; Thu, 30 May 2002 01:02:45 -0700 (PDT) Received: (cpmta 16291 invoked from network); 30 May 2002 01:02:45 -0700 Date: 30 May 2002 01:02:45 -0700 Message-ID: <20020530080245.16290.cpmta@c015.snv.cp.net> X-Sent: 30 May 2002 08:02:45 GMT Received: from [65.69.2.157] by mail.compgeek.com with HTTP; 30 May 2002 01:02:45 PDT Content-Type: text/plain Content-Disposition: inline Mime-Version: 1.0 To: artem@mipk-kspu.kharkov.ua From: Jon Noack Cc: freebsd-ipfw@FreeBSD.ORG X-Mailer: Web Mail 3.9.3.11 Subject: Re: peer-to-peer asymmetric simulation X-Sent-From: noackjr@compgeek.com Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > Use sysctl to set net.inet.ip.fw.one_pass=0 > > Packets from pipes will be reinserted in the ipfw to the next rule. > Hope this will be helpful. Not with bridging (from http://info.iet.unipi.it/~luigi/ip_dummynet/): net.inet.ip.fw.one_pass: 1 Forces a single pass through the firewall. If set to 0, packets coming out of a pipe will be reinjected into the firewall starting with the rule after the matching one. NOTE: there is always one pass for bridged packets. Jon Noack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu May 30 2: 0: 9 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mail.mipk-kspu.kharkov.ua (flash.mipk-kspu.kharkov.ua [194.44.157.113]) by hub.freebsd.org (Postfix) with ESMTP id C903637B400 for ; Thu, 30 May 2002 01:59:57 -0700 (PDT) Received: from mipk-kspu.kharkov.ua (rainbow.mipk-kspu.kharkov.ua [192.168.9.241]) by mail.mipk-kspu.kharkov.ua (8.12.3/8.11.1) with ESMTP id g4U8wxoD058666; Thu, 30 May 2002 11:59:00 +0300 (EEST) (envelope-from artem@mipk-kspu.kharkov.ua) Message-ID: <3CF5E9D2.34ACD788@mipk-kspu.kharkov.ua> Date: Thu, 30 May 2002 11:58:58 +0300 From: "Artyom V. Viklenko" Organization: IIAT NTU "KhPI" X-Mailer: Mozilla 4.78 [en] (WinNT; U) X-Accept-Language: ru,uk,en MIME-Version: 1.0 To: Jon Noack Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: peer-to-peer asymmetric simulation References: <20020530080245.16290.cpmta@c015.snv.cp.net> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Jon Noack wrote: > > Not with bridging (from http://info.iet.unipi.it/~luigi/ip_dummynet/): > > net.inet.ip.fw.one_pass: 1 > Forces a single pass through the firewall. If set to 0, > packets coming out of a pipe will be reinjected into the > firewall starting with the rule after the matching one. > NOTE: there is always one pass for bridged packets. Let's say we have the folowing rules: 100 pipe 1 ip from any to any in 200 allow ........ Rule 100 forward inbound packet to pipe 1. Isn't it? If net.inet.ip.fw.one_pass=1, this packet after pipe will never reach rule 200. Or I'am wrong? But if net.inet.ip.fw.one_pass=0, then it will. I use this option on our border router/firewall. The difference is in that the routed packet can pass through ipgw(!) twice or once, and bridged only once, but through whole IPFW rule table. dummynet(4): "Depending on the setting of the sysctl variable `net.inet.ip.fw.one_pass', packets coming from a pipe can be either forwarded to their destination, or passed again through the ipfw rules, starting from the one after the matching rule." And: "Getting ipfw to work right is not very intuitive, especially when the system is acting as a router or a bridge." :) -- Sincerely yours, Artyom V. Viklenko. ====================================================== System Administrator artem@mipk-kspu.kharkov.ua ------------------------------------------------------ IIAT NTU "KhPI" 21, Frunze Str., Kharkov Ukraine 61002 Phone: +380 (572) 400026 Fax: +380 (572) 474062 ====================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu May 30 2:58:48 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from c015.snv.cp.net (h003.c015.snv.cp.net [209.228.35.118]) by hub.freebsd.org (Postfix) with SMTP id 8D29D37B400 for ; Thu, 30 May 2002 02:58:44 -0700 (PDT) Received: (cpmta 19538 invoked from network); 30 May 2002 02:58:44 -0700 Date: 30 May 2002 02:58:44 -0700 Message-ID: <20020530095844.19537.cpmta@c015.snv.cp.net> X-Sent: 30 May 2002 09:58:44 GMT Received: from [65.69.2.157] by mail.compgeek.com with HTTP; 30 May 2002 02:58:44 PDT Content-Type: text/plain Content-Disposition: inline Mime-Version: 1.0 To: artem@mipk-kspu.kharkov.ua From: Jon Noack Cc: freebsd-ipfw@FreeBSD.ORG X-Mailer: Web Mail 3.9.3.11 Subject: Re: peer-to-peer asymmetric simulation X-Sent-From: noackjr@compgeek.com Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > The difference is in that the routed packet can pass through ipgw(!) > twice or once, and bridged only once, but through whole IPFW rule table. The way I read it is that net.inet.ip.fw.one_pass would have no effect in a bridged configuration -- there would always be a single pass regardless. Or is this wrong? Jon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu May 30 3:25:21 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mail.mipk-kspu.kharkov.ua (flash.mipk-kspu.kharkov.ua [194.44.157.113]) by hub.freebsd.org (Postfix) with ESMTP id 40E6537B401 for ; Thu, 30 May 2002 03:25:01 -0700 (PDT) Received: from mipk-kspu.kharkov.ua (rainbow.mipk-kspu.kharkov.ua [192.168.9.241]) by mail.mipk-kspu.kharkov.ua (8.12.3/8.11.1) with ESMTP id g4UANnoD060092; Thu, 30 May 2002 13:23:50 +0300 (EEST) (envelope-from artem@mipk-kspu.kharkov.ua) Message-ID: <3CF5FDB4.E57DA3C9@mipk-kspu.kharkov.ua> Date: Thu, 30 May 2002 13:23:48 +0300 From: "Artyom V. Viklenko" Organization: IIAT NTU "KhPI" X-Mailer: Mozilla 4.78 [en] (WinNT; U) X-Accept-Language: ru,uk,en MIME-Version: 1.0 To: Jon Noack Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: peer-to-peer asymmetric simulation References: <20020530095844.19537.cpmta@c015.snv.cp.net> Content-Type: multipart/mixed; boundary="------------35601240AB1AFA2479CF8204" Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This is a multi-part message in MIME format. --------------35601240AB1AFA2479CF8204 Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Jon Noack wrote: > > > The difference is in that the routed packet can pass through ipgw(!) > > twice or once, and bridged only once, but through whole IPFW rule table. > > The way I read it is that net.inet.ip.fw.one_pass would have no effect in > a bridged configuration -- there would always be a single pass regardless. > > Or is this wrong? Yes. But not so ease. I make some drawing and attach it. It is not absolutely correct, but in general this is how I understand things about packet flow. Does anybody else can explain this? -- Sincerely yours, Artyom V. Viklenko. ====================================================== System Administrator artem@mipk-kspu.kharkov.ua ------------------------------------------------------ IIAT NTU "KhPI" 21, Frunze Str., Kharkov Ukraine 61002 Phone: +380 (572) 400026 Fax: +380 (572) 474062 ====================================================== --------------35601240AB1AFA2479CF8204 Content-Type: image/gif; name="p-flow.GIF" Content-Transfer-Encoding: base64 Content-Disposition: inline; filename="p-flow.GIF" R0lGODdhiQJOAoAAAAAAAP///ywAAAAAiQJOAgAC/4yPqcvtD6OctNqLs968+w+G4kiW5omm 6sq27gvH8kzX9o3n+s73/g8MCofEovGITCqXzKbzCY1Kp9Sq9YrNarfcrvcLDovH5LL5jE6r 1+y2+w2Py+f0uv2Oz+v3/L7/DxgoOEhYaHiImKi4yNjo+AgZKTlJWWl5iZmpucnZ6fkJGio6 SlpqeoqaqrrK2ur6ChsrO0tba3uLm+sCwAsg4dsAnOArrGt83CNcHOywHADsjCw9HaNs0HuA /Xx9zfvsne0NDW7NTX2O3mG9nr0N3e78zu5unm5/P9GrjL0M/s2vQF47esTwGTzIDME8ePUa miv4kCDCiRT7ddvGDeLCgf8QMXqMRjHkuXcXx5E0eVHhQ38fRbp8CTOmzJk0a9q8iTOnzp08 e/r8CTSo0KFEixo9ijSp0qVMmzp9CjWq1KlUq1oVBPKq1q1cu3r9Cjas2LFky5o9i5ZU1rRs +axtW8giBLnNlLzFioZuXZUP7iZjecxvwAqCeQBGVDhL4oH5kpSLpS8cMZaT/fGj7K6fOMaa Te4DOVmy6G6gPSpavCQy6X8qVbPWlvHbsM31OpP+zCD06t2sFzyGtbBj7OH0WpPkOLxY8JYB BRLvWNlyI9R2GRJ/3tIiuWERj2e3bjoc9uX6oM9aF1k7vPTcf38X/j2ja74YVVN+S11PfiTo Abb/Xu8feHQVBB9583F2W0oKDuaQKxuFZ55exUHIUIEChsfghMpx9490jOx3xIPqXUehe+xY OF5fFzK2UoAgdkJeexdq551p7sWnoW/O0ZZjbtNxEeN/KRrn0IYNBomhbMXxaF6GL3JSjjbb NSmlQLrVR5+RUnJ0mHziocSbbz9uESU5VnI5TmxXevcbmGWWZplGcWYFW05PqtPKnWvouQGf QvmZT3mAQjKoGYXOJShcMx2qaKNdMOpopFhAKmmlU1BqaaZOYKppp455CmoanIZKKhCjlorq DqemyqoNq7YKazWxzlrFq7TeioKtuO46gq68/uqBr8AOm4GwxB5LgbHI/y6rIrPO4qDss9I2 OG21K0RrLbPYZovsttwS6+23wIYrrhCCnotuuuquy2677r4Lb7zyzktvl32qWm+++u7Lb7/+ /punQYOSSy01BN9xMKEiHJzwIw3T8fCYIDAscMD4DKxqxaxE/OHCGV9s8T0Y68DxIiXDcXIi I+eQMmIh27MytBqv0vIhMd9QsyE57znzBxSDvHHPwX4s8sszRHdvhjyH8HMNSGsQzc7XGi1D kxhE7cbNruLM3NVitiG1qFy32eFoskUYZhlaOz02i0/3dnZ8dapNtaxtaiQ32jeKsTYN3lod d45pnsgiGWHnNfbcJ+Go94Fj9H104oAtjiSBjv/zXTcM8CEn+IxJ0s000X5/TrnnarJx+Bl/ k96ddbRttncYkFfd9tfOLSlnj4Zm/sLmEdUXJ/C4p+5x6CTXzuBJwQ8OPPHG0yw0nscDDT31 PouejvOGR89B0zDzLs3sslqfivZ9iK8596aY71bxLKtfCvt7oN87/GrZ7/X0RQdNvvTv938K +enHfTID4PrwdwHvZQ98yKDfLhAYCgHmwYEtkCAeLPgoCBIGe+jAIJA0mCwOjoSBgSEg1wwY PxA2Rn/f49/+JiZCg5HQGBRkgQfrcEMt5HAONZwaCu/3w/z974Wq2KEceqgCI8ZBiVZg4huQ mAInZm2GuoBirlQIIyz/RkCBHczTv74IxjCKcYztMqGryIjGNKpxjfAiIl6qsymJIUWKNkzN E+hIO6XgMYl2jGPHglKauPSxCFj7I1ACSYjU7ewwe0zfIRE5CEUaYW6fE+QjfWTJTxHBcY2s 3yW/lshBmqtGnSwBJHtir1KaQJJDwBt9AnHKnVxOlb+wACuD8LrZRBKTPrnSK59oS1H+YHG/ /EMs7cSjYoItmHDc5IJoacaC2SkhS2SmJp0JSljyspfURJk1+TPJbQKCbIfsJjA32MxWitOY RQKkOaeIzmuqM5vz44uEeEInHn4zRIQ85gXRw6Gf5POI+wwnNulZTxJV8ib2WqjY4gnOgyrN /y1vK5ws91JNiPLTj+P0HTTPh1FvatSgTfjoxArJzXcuc6SEvGMoEaqTtZg0pLVMpzBd1kuZ 6pOlEr2pzQTarIyG0KZE/WlKVYq6graUZWxsqlOfikZcNFSaakDNLU8YxCrudKjy3JoWz7PV FXaVbV+VxUyRSlOSYtWNMiQoT+dZwKzm4qzrnItPI1dWyIS1pmMdXV6Bs9ct3jWPcjUcVA/b xi9YdbDjK+zjqgqGxRYVr47F3EO9INm+UpatS0OcYpXaU7JWVnaQ/exbzcXCFp7Ts5gFLVzX qlp4sjaDp8Vlahco0tl+sLamum0Xc6u6yLoWtUPMmH3K80q/6HS3q/8Nrmm5GtG4Ghc8jBMs WqlA14A6t7W8HaZvkYciV54uOZNTEtxgQ0niNnd3zxVrdGH7vv6UzkbHIZDbboc2qiZDqNvl rns3Kt3j2UdG13mM5er0pjTdZpH8ZW97ratZwk73l/mtTYV4CbgaqXWlwTzufIwUVJgOTbjQ BTB8ZXZPCZVJd0rK3XI2nNQE4qi6dr1u0h5c4wg3dsIWVbFC7As3L5WEN+m1LXBDKKLk/Gce ijMveueUY//y9b1eHS2JOwyg+SqnviyekukcusfFXLXKnC1th7ckpAl17cCYaZGCO4Qf0pYY xn61Mo5r6eONGFjNWeoalqZM2//SebOx5fD/BlOsXebA7r7kpbGNm9hdHxAsu3c286ETTaHk ArnJyyPyVPUL6TkvNcC4XS/oKv1o7xa30DHWLXMBPWgJs7qz/Q00rEd94hEe+dRShjCVRVvm y9b61b42MZlnbWkH9zrKxgY2soWtbFsXO9Y7frart3flW4e2zsG+9mOzPW1cH7vUsh02mSK9 31WT29DRJjazqe1IOy8b26iu67YJve5Wm1uH6DbMd9tqanrPO63idna+ad3uc4v63rI+eLJ5 Le13F5zb1t63Zest4teO+7cB/zbGJwpvT8o74gIfuL01bnCOlzvhCtc2yinucFEhdubsuni4 GV4Nmut85zwvsiYo//1AQU/81yob+S6FjnN/Z1xnRn+jy9X7coe+lIYnd9jCo/6Xqmdyrv5U GNKxbpiuM52GYndEYsZsqrJPnetal6PEkx7fth+d62o35M3BTrJUrh3ktSgy0Ct4dah7d6BO XzpwfCd1u78d7yhONcIIDlaPZqIwaFc64bXp+KBJHhOUZ2wB9T53w79CvBadROcnOz3QF57v Zv2dMiVxeh1/vkt/F6LoLabh2tfx6UZWNZ9BfUHIA9b1pYf91wWv9N8n/vGZLx/nXm92hd5e 0kbW8PLtsFxbRIn10Vc+95FP/SPtHdPab/7YEU9+uMc1HuOHPljlXvQgm//fRCtv6L/fev/4 F/3TxWe8dO/pB9k3V/MXFz6Xfv6Xa8DHfPrHO7qXRLFHdOnGgBAjfO83facBgc0WfhMYWO6X fxeoMhkYcqTmgRNUgR+If9MhgkOXfCCYWwIoVQRYgMfXezWYghRIVQ5YUjKYSCuofgl4fUIF YgroIDwYST6IgBvXf8FnIwdogTeoeCfYW2Cng9Z1I1WIekE4eZ6nbiWIQxbmhHplhKbHhSS4 hMFnfVioY2qohEmYcmf4eGlIdWNofFlIf2zYF4iHh9S2h/jGgjFEhDhYdwzUhw33h3e4S5en cilkhz+IQzCoawFUhuCHUxXnCZV3NT2nifzXiCG4iT3XYCPIe1H/BIg7SAnRwkUIJ4p353EV 9ImvyIm+B23XAouv6D/do2+7R4mkOIkmdwItIyx3wid05Su6RzzEGG8d128h5m1XFIqrSHK8 uGsyNmIPx0fPeIhyFnTTOFzL2HKAh42OGI3OyI3eSIfYlYwrp4EQ50PlGHjmqBjpyG7rWHLt qIzviI/gZo/qCI3udo3uSIP5+HEkYIxMgIwid48BqZAD2Stu1YkMGU2qSI232Iy/6JCyp43g CJCjuJC+uEoXGYH1+I8JyZEl6ZGmRJBpRkkGWG302Iq6+DwawkixqJFQcz0SKY1Mw2RuA4fb iJH6OJIn5To8GYhBaXs3NotGOTRnsngt/9mP3wiTMMSUzPiG8OiC2gUdtDeFPimV40WVMPeU yfURWimLUXk9UymFXHmUNlksO1kkHFOMKSkRd5GK2dgMbgkhcCmPI2ZfdFmKHdmUdoWWBLaB NQlDc/mVVemGgzGYaSaBhnmTfZmYYNmNAukjjRmGivmRDTlkfqaFZhmWQ4l+RYmQoOk/udRO LVgsN5k/kpmWfpiTh/kck3M5sCmOySMRr2mIscmaMtkZNLmPa7maw+ma52iRpTmPodk6o/mZ aqmUOGmVUIhh4sV+ZRmcueiSOYaaGKKXyImdE4mLwzmbKPWYpmmNdtlNWUmeqnmd0GmZgZmR 5pmU6HmScrmRrP8YnaHmnO65iy/ZnueZn14IkTHJj/Q5jsd5n/AJmP7Im99poAxKjiSJn+8J oQgqodbJchFaoAHakwMqmxdamBW5mQk6mZUJlA3KnzZocRa6oRSqmwc6oiBanisaoy26oC9a oTWanA8Klf85nxxKmvzmnSm6lT/KojsKpM0Zj0MKoIvZo8/ZpDdqnFIQl+HopEK6n1Fqkgrq ob1poyqaoUfqoEl6kFlqpP1pc/Ipoltaomnqo2tapHDKmSSKo3WKpZA5ple6pGYqp23qoneq pjQKpuwIpWfKpna6p3hKpBhKqCiqpRMaKLVIc3u5qJImqZPKpIYKqXqKjlbagfGJpH//OqNu mqefeqKPyqVo+iiXqokgpTqsCorhyVEHVETO95C2mZlZVKuogInQIhiF6JRkKKWW0Ks4w4nA Sql1eKiXUKxnpFy2yqxnB60haaz8h6yZanWiWgmKyJ6+6n0CugnXqg7AKa6KqqTmSlbMea6n yHnkOq25Spmi5UtXyaztKq28iqiBqjn1BYmjsJ4mE4TlKp/dWZj9Kgr/GoIB+67wupuwZbAR RK8gda+SOKUoGaINJbDXmbE1NrG0mhsR8zBitrDraoImCiV+iqspG7HburIla7LhmqrY2rAV 63ZBqh/5sbGOCq58Gqwoe7LSeT77kbMaeo7Auanomq/sCrTz/wMiQyumHzuuXuo0ODuyJLtE T+K0OuqziEKR8Xq0P/exTQs2epK1FpssZPsi21Kby0qseWi0cPa2lxK3HFivCYRcbSmeOVeN Hosocyt/V5AoBApE3bMvwvmAflK29nm2+tJEayu1/qqyWxssLGm4EPumraQuSHuJOZe2UJC4 c/qLfhuqn2Arjjus3XqwUbSxnxuRBAko7MO6gquTORu7H5qdPFq3itt+qXurgwoxsHpYMoo6 wItYNBu5P1u1lruGxHupDMW8kjqA5SK9rTu91fuy1ou9dJu921u72/tX3ju93Qu+lgiTCPt1 4pu7SSK22vu9Oll669scuOIhDCtiov/bbQ+kPJWxZruxaY55kearbZT7hfn7GgjSG/1LXf/b sqBhv9SLv0OyI9lxOztrKHsDv33GTvj1Z3gDUMqHhfNLweQXO8nqSWymN38mk+xLWgTsImgy XoPoVib8HiiclSosXCzMJC6cmzCss0EHZAiCwJ2ztHSjwVomwdJnszH2wxYWxBUWwttTxK0j OBNMv0RLWDkMYnv2IEksZzJMOFy2D8brcViMwdUFwCvlxRcGxuJhww5ck26yZ6OxfVUMOks8 w2ssfQKrJWZiwPz7fB3qWXb8xUycwFysuzQRxnrWx05syI6SyNQVx0L8xFYsE3v8ZnfDZfQl wJ1iyQqCyWD/uGWbXKjjS8pWW8rZgr6nHD6qzMqA3MrSm8qvHL2yXMqxTMvld8ukbMu5/IS8 nL277MvDF8y/PMzcW8zHjMzJrMzLzMzN7MzPDM3RLM3T/E/Pa83XjM3ZrM3bzM3dDMzUDM7h LM7jTM7lbM7njM7prM7rzM7t7M7vDM/xLM/zTM/1LM/fbM9jl8+ggs/7fH/+bLZM0c9w0cAM BdChK8pHddANOa9HMdBsQXpztNAo+WYSPdEM7coXddEeM4RG8dBt0dFFIUEfHYNOMdKqzK1J cdKnnNIWHQVk2y1iDBMrXcsy/RI0rctJixM4Pb4PK9KXgtI6bdBUGtQ2LRI8Db4+/00USE3S fDvE+ATUdKwtQm0TPF3QvxJnAh3VZlO9Wb0UVp3QU03ViLzVudnVkotKZW051uuXX63WKAzL MQvVRD2UZ923Kl3WjTwuW8HUxqwVfU3Mf53XpozVfD3YTc2IVwHY2IvY9Qljje2v3gy8nvpr kM278Se8yGfZyluJX9psmw0Kn1t7i83WAEunKAfapGvama2iqb25p0HZn+3XuLRlt3mqROXa ukrb8mKGmvrYs03bhHEuJCyosh3YnPpjV822MFrZwD1KPqPcYw24h+3cskMpo03dx602jILd dD3JMS1zVsTcxo26XkGMrxvbv63dqLrcOdrc611VMH3amv9d3XuCteldcLmNvKwt1Y6d3/U9 vGzJ39ap3zBrql8Lqqb43cdShUKL36FV4GD7heA5uu/N2NhHHd390k8d0Gihhhn+4KhdrSC9 gNrq3uRdNdH9FB9O4aVq4ZxbL4q92p6t3j3r4TNe4bfbOxFe3AEY4qrKuQSN4y6u4/t6t2Yh 2j/uu86q4ngN2/O95KX95AMu2U8VqVVOvAOOfUqu1/4tvtiC5U115WHOqm5s1LVyugl1vL5N 2Fsuu+2d4G3MhGvep19u5nLu5V5H5z3e5hNuuyYe5y07QF6b413u5n+e5oHO4e1D6ERu6H7+ uHB+2/3N6HseppSu5pGO4Je+4IP/bumNKuguq+lyzekZzU6NXql2/uabDuqLnuk2Xuh9joOI LukQqeqfLpJ4fuijjtal/uizPrOxfuu8Lt0n/usHfrmprufEfubYlVjdh+v+2eyOrq0sXusl DuvUPux7m6TGLuvIPsravuzcDuiT3uminu3Knq20zuq5HupzHuzM4GEI5oVK/bTvXuztzrPX i+lPE7gN8azTfoHbTtzyDskrUqLGgoTkfu9diJTR6cQvlvAFb+qVe8gOr7mXmcARfGHkRSNm 82TCmOjB8MNsJh/bcfK4EdYUb5Vim2RLsmSuU15Q5mmde+2k/vD0l+xiIl9SXNszDPBRjB05 L8bM4yXy/8DBX6aubZi3EC/BKE96KG/WP19hgPOy113ymTElaKb1Kt/k7K6vPM/1QwKGBPFh aHLJpnu0hRIkHM/xXb/0mtniae7vhCkcWgxnGHxckiG6Cx+eWMzBSU/2cZ/ulCyYiRbxQMw6 Q098hPsuc5pfbq9kJHIy4u3yiD9jeI9IGdblfn9jkT/5bx8dhM/yDV8XiEZhXNJlO1L1sorz HOtiPl/2SMKoAs7vhCl+qb8Sq99oEj/3ug5KoA/zWILHFR/2pm/wxeRjX9I87fHI51XQnp+J wuNK1b/I/Fsylm+TqF84tS0nH9+ZIU/0wJ88sU/8rof3SAyEO8/m2e/dzE7+gP+a7/HLPEa8 vy2yIDof7uoeorPK8DdPAPExdbn9oQPRTHpxDlZ3j7lPPMLRPNGolNLWfdHVlCkavvHHVva8 630vYHBDNB6LNeSSmRk6P8/mVFmlXrHSnBbbRUi5XvFMGB2fIWD0GheGudlLdZweK3vgdeJc 3/958/zaLgIF4woX8hANW/gYHxkWySC7HCkvkxrNMKksOR8lR0I/oaxIQe/+TuUIVyFHN12N PGXrYDM1bmsjAXp9f4F1d98Ah4NojdFuFZO3WpvphEuhU0mASagPq6ezU5C7r6RBwDUTeq0r yM+WY9VFn90ri+Pfv4ItxOlN7fD0Rb797ZkXMNeGX+j/sBFswq6fQm46HDLJty8ixEjmKiJh qCpjGngdfUxUAdJjIh4kj20bh7IBQJaTsry8SFEmv3IcayYcmdOFyJI809EE2s5mwaG4LB6F GU6pS6VC/0W5N5VqVatXsWbVutXp059Mj3b1yqKnMZ9buKZVu5ZtW7dnJbyVO5du1o9jjd6s BRdv34Wk6gYWPPitylV8/Saepdgv4sWMIQOOPNaxwMmXX2FualZzZz+VPV8CHTJ0aTY2RptW xlm06qeoXStMPYiXnoOxa8LG7W/2DRrXJNbwtfvl797Epxw3XGTCOTl2kcs0rjz6Eep6E+KL Vp3l9OvcnQ2Tod3gmuHgQY5n/44+2/eiFcgjBeSevbyT8euLZ90y6Lr8HVeIj77/6tmlBw6c I/C/EpxDUMG99pvpwQcZ1GnACfOCkCwMCaywPw4Pi9AkEBfkj8QQ9UvqRPB0W/GTC6NS0cXo WpyxtRRltBG3GnVEBccNe9zRxCB9NHAnImPjEck+YCRKwiVNUxLK7X4ccsrQpLzSPBGf1FKz LL0co8mGcgwzMjDNtM/Ir9I808o2xeRyRDjd7JJONTUs80680NyTlSrt9JOyNwVNTs6TCm2M 0ET/XFNPRoHqE9LwHAVy0rAWvTQlQOfUdChJPS2LU0RDjTTQUmmrNFNUSfqN1cdUPfVVAGWd 1ZtDv9OwNbdOdSVm1Fx77Y7XYLFzBYgxiTWU1GSLRZFZTJd99gRkM5Q2J/Wsfc/YbE3l1jdc vQ0XS3DFLfcyah8yV13M0F1p3XfPJRfeeTf7ld57P8VX31nb3dffL/8N+NJ+BS5YUYMRvpPg hBnutuGHr1wY4onTo9jiICW+WGPeNu6YxIw9Drk9kUkuseSTWURZZRpXbllIl2EuDeSYaa7Z 5ptxzlnnnXnu2eefgQ5a6KGJLtroo5FOWumlmW7a6aehjlrqqamu2uqrsc5a66257tprqgsA ADs= --------------35601240AB1AFA2479CF8204-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu May 30 3:33: 6 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mail.mipk-kspu.kharkov.ua (flash.mipk-kspu.kharkov.ua [194.44.157.113]) by hub.freebsd.org (Postfix) with ESMTP id CA64937B408 for ; Thu, 30 May 2002 03:32:57 -0700 (PDT) Received: from mipk-kspu.kharkov.ua (rainbow.mipk-kspu.kharkov.ua [192.168.9.241]) by mail.mipk-kspu.kharkov.ua (8.12.3/8.11.1) with ESMTP id g4UAUGoD060281; Thu, 30 May 2002 13:30:16 +0300 (EEST) (envelope-from artem@mipk-kspu.kharkov.ua) Message-ID: <3CF5FF37.DB12E203@mipk-kspu.kharkov.ua> Date: Thu, 30 May 2002 13:30:15 +0300 From: "Artyom V. Viklenko" Organization: IIAT NTU "KhPI" X-Mailer: Mozilla 4.78 [en] (WinNT; U) X-Accept-Language: ru,uk,en MIME-Version: 1.0 To: Jon Noack , freebsd-ipfw@FreeBSD.ORG Subject: Re: peer-to-peer asymmetric simulation References: <20020530095844.19537.cpmta@c015.snv.cp.net> <3CF5FDB4.E57DA3C9@mipk-kspu.kharkov.ua> Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG "Artyom V. Viklenko" wrote: > > Yes. But not so ease. I make some drawing and attach it. > It is not absolutely correct, but in general > this is how I understand things about packet flow. > I have to say that it is correct for routed packets. Bridged packets flow as in up left picture in any value of net.inet.ip.fw.one_pass. But bottom left picture correct for both type of packets. IMHO. -- Sincerely yours, Artyom V. Viklenko. ====================================================== System Administrator artem@mipk-kspu.kharkov.ua ------------------------------------------------------ IIAT NTU "KhPI" 21, Frunze Str., Kharkov Ukraine 61002 Phone: +380 (572) 400026 Fax: +380 (572) 474062 ====================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu May 30 4:33:14 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mail.mipk-kspu.kharkov.ua (flash.mipk-kspu.kharkov.ua [194.44.157.113]) by hub.freebsd.org (Postfix) with ESMTP id 8CDA237B401 for ; Thu, 30 May 2002 04:32:51 -0700 (PDT) Received: from mipk-kspu.kharkov.ua (rainbow.mipk-kspu.kharkov.ua [192.168.9.241]) by mail.mipk-kspu.kharkov.ua (8.12.3/8.11.1) with ESMTP id g4UBVRoD061292 for ; Thu, 30 May 2002 14:31:31 +0300 (EEST) (envelope-from artem@mipk-kspu.kharkov.ua) Message-ID: <3CF60D8D.1DF91E21@mipk-kspu.kharkov.ua> Date: Thu, 30 May 2002 14:31:25 +0300 From: "Artyom V. Viklenko" Organization: IIAT NTU "KhPI" X-Mailer: Mozilla 4.78 [en] (WinNT; U) X-Accept-Language: ru,uk,en MIME-Version: 1.0 To: freebsd-ipfw@FreeBSD.ORG Subject: Re: peer-to-peer asymmetric simulation References: <20020530095844.19537.cpmta@c015.snv.cp.net> <3CF5FDB4.E57DA3C9@mipk-kspu.kharkov.ua> Content-Type: multipart/mixed; boundary="------------07B5D8DC3EC9B723DC703FE0" Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG This is a multi-part message in MIME format. --------------07B5D8DC3EC9B723DC703FE0 Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit It's so interesting... :) "Artyom V. Viklenko" wrote: > > Yes. But not so ease. I make some drawing and attach it. > It is not absolutely correct, but in general > this is how I understand things about packet flow. I'm sorry, but firs picture was wrong. After reading source code and man pages, I hope second one is correct. If net.inet.fw.one_pass=1 and packet already tagged by id of last matching rule, packet leaves ipfw. Hope at least this is correct. (???) %-/ -- Sincerely yours, Artyom V. Viklenko. ====================================================== System Administrator artem@mipk-kspu.kharkov.ua ------------------------------------------------------ IIAT NTU "KhPI" 21, Frunze Str., Kharkov Ukraine 61002 Phone: +380 (572) 400026 Fax: +380 (572) 474062 ====================================================== --------------07B5D8DC3EC9B723DC703FE0 Content-Type: image/gif; name="p-flow.GIF" Content-Transfer-Encoding: base64 Content-Disposition: inline; filename="p-flow.GIF" R0lGODdhiQJOAoAAAAAAAP///ywAAAAAiQJOAgAC/4yPqcvtD6OctNqLs968+w+G4kiW5omm 6sq27gvH8kzX9o3n+s73/g8MCofEovGITCqXzKbzCY1Kp9Sq9YrNarfcrvcLDovH5LL5jE6r 1+y2+w2Py+f0uv2Oz+v3/L7/DxgoOEhYaHiImKi4yNjo+AgZKTlJWWl5iZmpucnZ6fkJGio6 SlpqeoqaqrrK2ur6ChsrO0tba3uLm+sCwAsg4dsAnOArrGt83CNcHOywHADsjCw9HaNs0HuA /Xx9zfvsne0NDW7NTX2O3mG9nr0N3e78zu5unm5/P9GrjL0M/s2vQF47esTwGTzIDME8ePUa miv4kCDCiRT7ddvGDeLCgf8QMXqMRjHkuXcXx5E0eVHhQ38fRbp8CTOmzJk0a9q8iTOnzp08 e/r8CTSo0KFEixo9ijSp0qVMmzp9CjWq1KlUq1oVBPKq1q1cu3r9Cjas2LFky5o9i5ZU1rRs +axtC/fO27h05cyti7fN3bx80eztC3jM38CEvQwujDjL4cSYslqksFhlwkaRGVf6e7iyw2GP NFuWREzgOIziuu3z6G6f6oj/WlO2MtfzWs+fm8kT+I10R43FyLVkR5KeI9o/YmuYXXvEwt2/ 9bUcqLu0QtXSXxfhHdy569y9c5sOd/K7tuQflv9mKBm1eYvBNyciviv7+fksfa8njZ58edzC pVf/5z1dRiUxJB98dhjIQjnC9eecgs81OAx1Hemnjnfl+IddOOp5x913+LnGkiIIrqAgc+09 V4+JnJ04IoUZDNZiZ0aUqNuHDAZ4I3ApouZiguP9wkqMKPTmT2nkFDlhaBqi9KE2IfZ4lJBJ SAllUlQecWWVRmWpZZdDegkmlmGOOQSXZJ65gZlormmBmmy+GYGbcM7JgJx03gkdnnp+uWef Jtjp55uABrrmoISeaeihYyaqKJiMNiqEPpJOSmmlll6Kaaaabsppp55+CqqmIjxaZ6imnopq qqquymqlrZB6SYywBmTQrHvYSomsO+A6Ca94+BqJrjoACwmxdRg73Ki7/9b6KrMhAIusdatE y4iwOVC7CLZwaPuessM6Oy245S2LD7dumHuItTigawi7a7hLiLo3wDsIvX6J6wG0+KJibyDy 2mBraE9WEE2/JxhcBsJ+/FtDwCheUPC5zVZYJ2clRLytt9fO+7DAqw04z48JT8wBZn8uoPDB Gq/LsYP+0aeig2SkLIaBSkrUYc4iewzekjDTDALDNDisHUcCHr1gQZLeG2S+tx2NYccawXye zGYIPQPRFeN3n4BAj9s0xUnPl9qP4XVNUNFMB01uwzwaPfZocj88M8lp5qci0hbzlzfOeq3M McBvs8akzkp7eMbXX9jMd41zN3Q2elEzpwbWMv8o/qvdx1nIEYCFE4745NGxYXk1+55CKuYz Ai54uZqTKDJorLvtetj3lA6D6ge+PtLsQ59uiu7H+p418KUITwfuLyA/B/NYOB+H8rsYrxb1 GOhbe7jZg73x9qlAn/GzbdsDfhXlSyz+t97zaz3E46dz/hTxk0785e2HMv+79Zu+Pur3E/w+ dOQPCgNMg/RaUMC1qSKBidtf7v73CQZezYHLg6AnJDiy9HXvdryjxgETZMFOYLBuGmRZ/4IX wjgFsHe2Ix8Fp3fC47VqhjSsoQ1vKKoSzguHPOyhD3/YKQ4Wol8pG2EKjNiuJCqhiNJCChLZ tsQnPPFkQQHJFPO1BHf/YSxbQrGiEqeEpXg0sScDG9wfiDijJ12RBGuUixeHmMXrxK6NL5xJ Gem4uSgSwTfp8dfWfnLHLyLBXFPrIyDe6BO15ekNi0FjpAqpIaz8kYwcMiT6IBPHSLFmkWec 5E4AQiu7tCmTe0yJe/qAyEROJnyY1GMpURYvT/LEMc0bpSvLJMuF5QmPyVslI20JxuvkEpUO 4WUth6k/AN5Sk7DUJdw4+UlfXjIfpHwkMg+0jscAUpp/U2YwcXnN3entlDgpoxmT2cpvMrOZ C+OZxVTJTfp5c5BSxMqEoJkT5IhynmJygjEJtkVKxhOd1FymQZ0ZSniGU4FAOig9qwVIfUYP /5gPbcI/xTbLBxizkdXsKCIuOk12srKg6gQYEE+K0pTyEBfmJGflKNpPE8bwGBuF6eo2KET4 HTOdFQ3cTI1RU37eVKY5FeBOSdrT1v1UF0HlaUx9WlQWTlSowsSpC686VacOFapYPZdKvxrE xdm0qkTtajcZugWOOtR+KRSrAcGg1pLSbqkZRKsW4prUuUZVnnZVzFhfWVadjnSCbtUqWbkq 2F++tbBIfapS90pQwhrmr+AMrFEHW9cu4NWxev2WdibVx7tI9K5ZbSBjGyrX3yWDbGQTbTM0 W1rJwpaqgEUsyzbCNcjFDXEZ+dh2YrfOkGaWC5vd6mM9Cw8nQQ1HOv+CXOPMY1y+mva0EHCk ZVumXJVshEYe685KjgSelq4WsySkrkY9qloe3JM9+UHR4dhJuU3mNbLU/OzSdqnCgZYsDJlB b/FWq81FanNuLsPNf+gW3LMCcLt4y+9CX8Rf2lbWti17p4AtbCTepsZnvxXveBU7StwaWLs/ W5FvxwNcC8+2sdFNL2Rf6r5s8hGSnPPaLp/b4NfCVcIJ7mxihQukz66ovdz9R306B17TiDd/ /V0r/+ha3gWruG/uXdA742uj6kbYsLU97o8VjMkAF/PKILsx1Pr2FibzOAi+AilsYltfFfMo wBneTm85jGIPq5nLE/byZUE83cnyuccuNqv/dGW7YtTO979QFgyMzavj1DL6xYvtq18HzWb1 NbpmjxY0iw/rZ6kC2dE7xjQQ2nwQPCJxz5/uso//PGpOl7rVfX61qME8XOKu+dSaprSltwxp /Wbaql8+dK7Tuuvi9NrQ9I1yoh28aLZuGtiBfraWnfzAtnq62ro2tbKJDWtcO7vbtCb0pJnd aUSTW9GcLXSxm03qYD/YB6jWtrXHjWxv03vZ7073sfPN7hafu9+V5va6ry1pafs6cWBteKZk HXBQN8zhFK+4xVOsCTdfTN8fZoLG77bwMZ4X2ys8pyDD3SuOq1fgH88jUOctIpWXPBmp5CJQ a57ycg+7TDjv1s1h/+7ziLu6OD3/KE2LXiyZ83vfSD+5LVLc8jqafOdsDmS9Is1Sq1sCRv5d Fi2vLuxXVEfOstM5rzX5dUmG3RXvJXvZod1ucqXdj2tv1j1dKiOh13rllbQkQkX69CzjPVl6 N7f6tE53oH9PvoMXed07vm8749MtWK9FeNweLLN/e/N3n3oeRkuLCyV065qPPOcHF3X9pv7s gvd8zK38eL5/+0SNl0vlZyF6zFun86OPu+zFCHbFaw/wmYe98MH9YeCr/fiLZ77aMe73oSdf zJ2MfQt1/xoP1x7ym59zLK0//N6DBvrR3zv3y3+r2wfe+fUyGcmvu/3hgX+B8x+i+xM+c//X 277+7GO/PUt/fgEYf73Ef/7jf/5yf9GWf6sHHaB3C3OXKwnoewt4SJOnf2xXgP9XeFTHesSn By6DfbEAgb0igQInex74gbqFfrIwgjkHdyZIgRWIYAzIgSEoQl0Xg9VnNTTYgeI3CtZVgyto e7R3gddng5wAhD14hL1EhDzYfT4oCkn4hEuYPLznhKaHgviDg0tngZ93Sld4glkIClKIhVCY fi04DWCoAmSogJ/ngB7UfPgncUFHcGO4hZBxcXmofXIoInqYh3A2h9fjbrbmT5cxiIdYcBOY bPL2J37oiHtYhgZ3RI/oiBgFcv62htJ3RB5nbJlofpu4X1gEb3z/Ql6BiG+gWIqL+ILq5omp +InxhkD7dImhiImoCGhtSG0gBIiUxYsQF4u7qImwqIuuCIAIl4gkIot8OGu/SIwbqHSkVUHA +Iq+OIy3KIiiWIukaI0wSI3IKI3FOHLZqDLfGIT/po2x9owHSAWGwksGM0XsmIwQho3H2Irb aIrC6I3NuIrXKI5UpI9TyIq2iI7gqH7mOI4rsxtqBInViIvLyJDckzQKiT2zSJGSeI77ITn4 NYACqYi5mI/PEjIaWYT1KI+WaJEHKT6isY8K15CMuHHKkVuuhXyqaIwUlZABFYYfyTYqWZOE OI3hGJE4mX/+mJI21pOImI5iWF0hWUzU/wKPMCkRxsGFwbiUGdmUSkiSYHM4UjmTSWmGKsST sOSU2eYtWwmU8PeTrxWWtDKW0ViWfqOOUFmRJRljRpmBHJmV2PgyY5aT3Hhea6mUPkmUUKQz F9aXveiVKplmWImXGHWTEUJ+bqmMCWGWBYmWgwmRjzkdkQlDc8mP7hOVZzmUL/mPkdhKlXmX F5mXo+iVVJhQe/k2bdmZ9kiV4QibyieAKDmQzkiQofURAyObzEibablKmumakvmQnYiYvXlp s7mbjHmKqsmazBmYDqmT4naP3bia/cib3bltyTmd5RiduomdNCmaASmd3Amd+Lid9Lic3nlv jameAGmQmKmc5v9pmewpn+5Zm9bZnr9GnV+pnfsJoOKpn+nJn60phP5JoCdpeAdKnvepoF3o kf/poAY6oAhaoCv5nt95nRL6oBkaoeHJofgJjc5ZnsTpoRaKnhO6kScqnM9Jn+NpnyR6lJ+5 oXI5nCFaoQ3aogF6nDAKnvNpmvVJmjsKn+dppGwUjx3JoBp6oSXqolLwlKWZmyJao0Sanyba nDGaojz6pCOqpan5ol06pAkKpi7JpOQopflAiRRHlkh6am/qcHEqo0rakkL6pU2KpVF6o3lq pnvKpgAnp3/qpGlFp39IeQyXqBZnku+HhOF3PHcomBR6g/TXf5N5OXuhhj7qeGSad5r/Wg3a 16lQSnhJ2hiUmjWkGodbx3WZCqi5E5mlKqZJN6WnKqChZlLGl6uX6qqvaoDViZSqxXsLGqmx spC0mqXYYizZhKd2iKzAikKgeqTrkh1vGIXCKknSOqnUuqZYiK1a2Kv/x63V4606+j7hCq1B Skzl+oNbWqnnZk7KWq1lmn5FSK/fijLRgixNFqzGmni3+qmWypKXqa0Zd7B/J7AQ9azDWrCG GkEJ6xaVka/oGpcWq6vw6qsAi0qaUbEvBB8L2aYoiqqxIrFu6HLTGichiyBtRrGtyrG/Qhwf q0MQ66aP+rBA+naQmbIGZDMwu7JO45nxIbLsaoi2UbSUkjBF/3uuNtcm93U9Hjs0PwurGsWZ pQI+oFWz76oOqYKjPjIiNEuYeIgqsKFIGJutOauzAMW0Nruxplp1luKlXLs8bUuwaboJanK1 BPiva7i3GquiCDskaii2EDm4WyuqmZAlfyt/feuX/Xms+vp9jpudlbstjfpVhepVmJu5Fxuv kVu15op/nJuoN0G6dJoLhQsp9ra6iqK6rYtusCu7Rju7fvK6tZuGuKu7tIuQJzt5t3u07iEb TUtT1gpNw7uvVVIkvvuFwMuJFTY6oPQg9pFlxapgQslljJsxJyEOB/ZdRtkdIOVdtGtFdiu5 xYNjuRU3/BGzS3u8PbsjnZS+I+asvP8qvlYzkmSHv09GO0oDITZWIJE0rvfCvQJTZSDSH55L Qv4rvZW5HE1HPwXcGjSCwDTWvlkajW23I++FNhfsaPO7XPVbrDwImDoSwONkrxEGwgkswueE Ky/MYVZGwbs1wKbFwAfGwXiDhl44IHozw1R2tzZcNjicwEgzr105m0yyvM4lH7EpThpcNTYC xCksXUo8wwjMePm7wLBnwhvcXkHMoiFxGgwWvzTswXwxxkTWgA2GmxQWE97lJFecXdV7trUB x0kmNU1MJNqLwbu7us7rxywVyLsLyINseYaMu4WMyCy4yLOryI0sdpAMu48syUZYyYFCyZcM tJrcJ5nMySr/+8mhLMqjTMqlbMqnjMqprMqrzMqtnEWnC8uxLMuzTMu1bMu3bL6urMu7zMu9 7Mu/DMzBLMzDTMzFbMzHjMzJrMzLzMzNPMjU54H24snOPI8sJs3zM81hUjT8cGTb3L17fMA9 Y2TizJYnhiRehM3UTEpAjGZOrL7j284Bkb7ri2Jhqs6s113eJ2Nj58XrxcZ1fCFxjCPEu573 bLh66X0kNk7Kh5pejMJkBoKSAbXpbNCNKJfs3FruXMZrDF0RcmYZrcCBW9Fsm8uv6SHUG9Cj Ub0aOcefo11p3GHq+mZ06HrY+0jZvDk3I6hH5XQvSC/7S39EWDNaq7BueM525k4T/1wf3jtn R3LUYmnOvkVmIlgjSsGAHWzGdxc5G2LECMY5aJPPQL14Yl1FCBXWQ9Zb0svRXPzPwJXSKm1K Jk3V4xslZp3QbCxnXZweUwzRIvldTE3VYJxP8tOZGI3VXK3R8ezROZJjU83ITqE4gJLSKdF2 VixfEd3SGpZcePbU+4rTK/nZ60jYizoRO7wlo02LikHUCGHaRRHZutvaRPHaiQy4QDHbtSvT Q3Hbjlzb20SlsN3bCkVAwE3QIrHbVKzNwS1QUdDGhJLbXYTacX0oi8kUx83HiNKw0P3bmxna 4lrcFRHdUGy72V3W2+013R2x5O3bzK3Q6H1Bbrvew22Vzv+9su4NqRJn3+l9FcetxWiS388T 3cjtKFvB3//9tlRR4H9M4AHe39itFQkOKbjMuYOK3wr+eprragYOuulC4Rlu4TQNonml4Xnr tHfq4RFe4jtd4Sh+4SZeayMuuFU30Bj6oyL+4XP6KQa7pNEF44q7R5mhtMgZ4pzV46kKuVZb 0gvL4BZVw4KSRvthJqrG4EVusu7bxzVO5Dc+M1Qi5eYt2IVSOUnOu3rK5GN+5Q9OOi3S5ext 5l6yRmHb4S+u5WFezUPO43P+LjMb5z1G5aS3501uzzbO4tGDvBgu54P+51++os97xmRyUVJr pYfeKOL7tTa64pOOTaBp6Hyu41//4WaRseby3egg2edqOqYCDuBejuppIuZR8ema7uKcvqqn st8pbueXbqdwUbGhXk/DUup9Wn2bTuOj+uuLHnyxPuyyCrVlseuJPqMmdd1S0eyRjredbOuW Ls8SflJuqu2kK+yZQ+2KDqFtLk6z3u0+xO3n3qhSR+4Hp9xFLeQUrrof1O6Eqt7Lp7Z3Ou/s PuqBLu73OnDybqtjy6Xj3u/gHvClue+IO7JoevD7l/Cau/AEr+Sp3vABy788/e7ExPDw7fD/ noIOa+kTf9Bra+yADu8kq/ADX/IlS6MPX+75ruIkX+cmH5/MC/Ayf+s0j7MX76cNnvMZz6ch PfTwa/Pu//7dKn7mRMrzqV3wQ80pLC/0Ah+qLe/zWL7qjavzIy/1Pe/xOQr0IR/x+t71Tl/x V1CCLT71K1/1Ne/yBg/yPDz2ahnHakPXqrf1WY/zsF6kRv/2Q6xkR2apz422ey/3ec+WatzV hsooaU/xtdrpSTm8ZDw2jJ/rSa/3Xx/vKq9lIrZcBCI5IaLTeSbVdHnvALVbQiZkab0a0X6m lf73GF3EdpkhL03OpD+0KM/3cLv2cwuWyTVjdNzPZpbVXq2KQvI4G/Y088zXo9mhut/Vq09j fOQ3RBL9jb37311naWMfme3NBnylYVzO1H/9a3zeZoNkcL3ssG/48EUfnz9irP9vvZFPnZM/ x+VfxjcMz0pmSut//FREAEAuEC+7FYxrpmVV1pt3/8EpHMkRK6vtlC7NetsOhjMHJY1c3/Mb nWsUm01YTLl8SaXntFQ5mzeWKAgMUiFRSmxrdF5xX1OVXCQOsYyeVtxGusXs0LRLtW8dWTDj aMD/437gnvjyjCSIALnoBhvv3OTmvuiaVgiF9Oz8Yvys6nwi3xzBWBD7REyP9kYhWZNCmeoq LzUze5A2CyNybwNLYJU6dzlPFWluc13hgKWgJmU5LEV18yx5Ea+ZY3+VMb3PDknLuLqfy8PO 09VXQbTXo9/V3dGD4+1dmedBsYn7aQCR6Vsn0BHBewf/ZQhCyG0hvlEEDTZcmE9is4qtJEa8 aI/iRo/nNMJbEvJjuo4lE6IcWZGkSmUnXcY01wiiTJUwbeZU2LClzmU7fQZt99CZUJZAjSZl d6+n0noMnTpt+glp1Hc4rQad+jRrPKxdc06tCfZqVbIyt746O9Ds2ptEV7oF2Vbux7Sg6pb7 mtej2KJ8We0FfDTj4MB0DU+EyzXxMh6PezW+eNeiZIz0LBcu+DfzzDGdNfME7cvFjqWjy26O i5qxJNYHKSN+/aHSi0SzU9PkjBuza95sQ//+XOPxI+EvF6s9Ppz5cuTBnSc0Pex09EF+V1sX 2Vu7bujdjd+JHR17a/BUt533/y5a/elZ7a8nxwsffUr6bcZzBy/4fuX42dXjrz+oFKNPwAGb u0w5+A5EcKjv9pPNwQfXewWyCzHMUMMNOezQQ8gknDC9AhkMUcTt/nMrP70+bNHFF2GMUcYV 55jRxhtx5NDEE6f5SS4aeQxyLqtyLNLII2eUjywghWzyMCf7YxI4KKn0Scoqs7rSJCy5RKvL AOvS8ssxaSOzOzH1MlNN9uxbEzQ0u4HTMzfPLJPON8OkTc4ak7nzODb29JOjPGXQgalfIhOU Ny36VHSwQJVMoVGQdHTUOUYntfRHQgm5zS5N/2QiUVBV5PQNQ+zKlFQ84WFk1SVNpe6fjVR9 NbMoUv+x9SxIVbOT1/B0vVWkWYMlMtbtai12zRUS+VVZAGGl8FlQpVFkWqWc9dHOazWtNltu F1wrkm/BZbXNcpMil7Rt0b0T0HalOhZFeJdll14r5Z333jHf3VerfGnx98t+BQ4L4B4LxpLg hGNSd84RGa5y4YhRcng3iCl2cuKM+zq4Oo5F3BhkwkpNcOQTRT6ZRHH1U9nBlF0+dFOTYx4Q 5ppzY5lmnA20l+dBZ/btZ5t9HnpKnYU2umeMld4yaGmbbu/mqJ8sOWmqI2Qaa4eeLnpr8rz+ ulekoRYb7HPNrprssNNeVOu2tV37bbhnY5Rurq1m+27WcN1b7V139hu1vgXSrxDwqwvnG+3E LwbLYsY71hdy8xyf/DzCLW+8q8czZ7PzuA//XHQuOQ939NObLH0+1FkPUnX/Wo8dwdd3lN32 5Wgn8PbdL+fdd6Vz/134CYMf3vj7ij9e+d6Xb57h5J2PXjjopa/+Neqtz74z7LXvPjHuvQ8/ L/DFLz9089EXlPz02U+3/ffrhV/+geevX2H78dc4//3579///wEYQAEOkIAFNOABEZhABS6Q gQ104AMhGEEJTpCCFbTgBTGYQQ1ukIMd9OAHQRhCEY6QhCXEWQEAADs= --------------07B5D8DC3EC9B723DC703FE0-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu May 30 5:37:34 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from iguana.icir.org (iguana.icir.org [192.150.187.36]) by hub.freebsd.org (Postfix) with ESMTP id ECD4F37B404 for ; Thu, 30 May 2002 05:37:28 -0700 (PDT) Received: (from rizzo@localhost) by iguana.icir.org (8.11.6/8.11.3) id g4UCbR230550; Thu, 30 May 2002 05:37:27 -0700 (PDT) (envelope-from rizzo) Date: Thu, 30 May 2002 05:37:27 -0700 From: Luigi Rizzo To: Jon Noack Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: peer-to-peer asymmetric simulation Message-ID: <20020530053727.B30421@iguana.icir.org> References: <20020530073919.15566.cpmta@c015.snv.cp.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020530073919.15566.cpmta@c015.snv.cp.net>; from noackjr@compgeek.com on Thu, May 30, 2002 at 12:39:19AM -0700 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG still unclear though, how are your clients connected to the dummynet bridge ? unless they are one on each port, how can you insure that the traffic between any pair goes through the dummynet box ? Ok, what you want is to use multiple cascaded pipes (for which you might try the patch that you mentioned in your previous email). cheers luigi On Thu, May 30, 2002 at 12:39:19AM -0700, Jon Noack wrote: ... > > this particular example is probablu even on the ipfw manpage > > or on the dummynet page > > http://info.iet.unipi.it/~luigi/ip_dummynet/ > > Yes, this is the functionality I have. I guess I wasn't clear with the > problem. If I am simulating a peer-to-peer environment of 56k modems, I > need to limit bandwidth both up- and down-stream. The solution above only > give me one or the other, not both. For example, with 8 "56k modem" > clients (assuming previous settings from last email): > > If 7 of the 8 are transmitting to the 8th, I can limit them to only send > 224Kbits/s of data to it (each limited to 32Kbits/s times 7 clients). BUT, > because it's only going through ipfw once, I cannot limit the traffic going > in to the 8th client to 48Kbits/s. It will come in at the full > 224Kbits/s. Does my original email make more sense now? But there a > Jon Noack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu May 30 11:51:30 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from c015.snv.cp.net (h003.c015.snv.cp.net [209.228.35.118]) by hub.freebsd.org (Postfix) with SMTP id B290037B406 for ; Thu, 30 May 2002 11:51:20 -0700 (PDT) Received: (cpmta 8582 invoked from network); 30 May 2002 11:51:20 -0700 Date: 30 May 2002 11:51:20 -0700 Message-ID: <20020530185120.8581.cpmta@c015.snv.cp.net> X-Sent: 30 May 2002 18:51:20 GMT Received: from [65.69.2.157] by mail.compgeek.com with HTTP; 30 May 2002 11:51:20 PDT Content-Type: text/plain Content-Disposition: inline Mime-Version: 1.0 To: rizzo@icir.org From: Jon Noack Cc: freebsd-ipfw@FreeBSD.ORG X-Mailer: Web Mail 3.9.3.11 Subject: Re: peer-to-peer asymmetric simulation X-Sent-From: noackjr@compgeek.com Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > still unclear though, how are your clients connected to > the dummynet bridge ? unless they are one on each port, > how can you insure that the traffic between any pair goes > through the dummynet box ? As I mentioned in my first email, the bridge machine has 8 network interfaces. Each client is directly connected to it's own port via a crossover cable. > Ok, what you want is to use multiple cascaded pipes (for > which you might try the patch that you mentioned in your > previous email). I'll give it a shot. By the way, why is this disabled by default? By that I mean what am risking by taking this approach? Jon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu May 30 17:24:13 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from c015.snv.cp.net (h003.c015.snv.cp.net [209.228.35.118]) by hub.freebsd.org (Postfix) with SMTP id 3655537B400 for ; Thu, 30 May 2002 17:24:08 -0700 (PDT) Received: (cpmta 20595 invoked from network); 30 May 2002 17:24:07 -0700 Date: 30 May 2002 17:24:07 -0700 Message-ID: <20020531002407.20594.cpmta@c015.snv.cp.net> X-Sent: 31 May 2002 00:24:07 GMT Received: from [65.16.158.66] by mail.compgeek.com with HTTP; 30 May 2002 17:24:07 PDT Content-Type: text/plain Content-Disposition: inline Mime-Version: 1.0 To: freebsd-ipfw@freebsd.org From: Jon Noack X-Mailer: Web Mail 3.9.3.11 X-Sent-From: noackjr@compgeek.com Subject: Update: peer-to-peer asymmetric simulation Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I applied the patch from my original email and seem to have gotten it to work (after setting net.inet.ip.fw.one_pass=0). Example rules: For each from 101 to 108 pipe N config bw 32Kbit/s delay 70ms queue 4Kbytes add pipe N ip from 192.168.1. to any pipe N config bw 48Kbit/s queue 4Kbytes add pipe N ip from any to 192.168.1. There are 2 pipes per host for a total of 16 pipes. Limiting bandwidth down to 32Kbit/s seems to introduce an innate 20ms delay while 48Kbit/s introduces a delay of around 10ms (stayed constant at HZ=1000 and HZ=10000). The above rules give me a consistent 200ms ping time between hosts {(70ms [+ 20ms innate] [+ 10ms innate]) * 2}. Limiting bandwith to 128Kbit/s up and 1Mbit/s down introduces an innate delay of 10ms (for a full ping) about 2/3 of the time (average 7ms added over 60 pings). This is due to queuing delay, correct (or is this uncertain due to the hack to bridge.c)? Is there anything I can do to reduce this? Finally (I ask again), why is this not enabled by default? What am I risking with this? Thanks again, Jon Noack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Thu May 30 17:31:36 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from c015.snv.cp.net (h003.c015.snv.cp.net [209.228.35.118]) by hub.freebsd.org (Postfix) with SMTP id C2B3537B403 for ; Thu, 30 May 2002 17:31:33 -0700 (PDT) Received: (cpmta 20836 invoked from network); 30 May 2002 17:31:33 -0700 Date: 30 May 2002 17:31:33 -0700 Message-ID: <20020531003133.20835.cpmta@c015.snv.cp.net> X-Sent: 31 May 2002 00:31:33 GMT Received: from [65.16.158.66] by mail.compgeek.com with HTTP; 30 May 2002 17:31:33 PDT Content-Type: text/plain Content-Disposition: inline Mime-Version: 1.0 To: freebsd-ipfw@freebsd.org From: Jon Noack X-Mailer: Web Mail 3.9.3.11 X-Sent-From: noackjr@compgeek.com Subject: By the way: peer-to-peer asymmetric simulation Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG That last message was sent from a machine behind dummynet with the rules listed (simulated 56k modem). Actually, so is this one, and let me tell you, it's sooo slow... The images just slowly stream in -- brings back memories of pre-broadband days... Jon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Fri May 31 0:59:42 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from iguana.icir.org (iguana.icir.org [192.150.187.36]) by hub.freebsd.org (Postfix) with ESMTP id 2FCDD37B405 for ; Fri, 31 May 2002 00:59:40 -0700 (PDT) Received: (from rizzo@localhost) by iguana.icir.org (8.11.6/8.11.3) id g4V7xdr39862; Fri, 31 May 2002 00:59:39 -0700 (PDT) (envelope-from rizzo) Date: Fri, 31 May 2002 00:59:39 -0700 From: Luigi Rizzo To: Jon Noack Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: By the way: peer-to-peer asymmetric simulation Message-ID: <20020531005938.C39755@iguana.icir.org> References: <20020531003133.20835.cpmta@c015.snv.cp.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <20020531003133.20835.cpmta@c015.snv.cp.net>; from noackjr@compgeek.com on Thu, May 30, 2002 at 05:31:33PM -0700 Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, May 30, 2002 at 05:31:33PM -0700, Jon Noack wrote: > That last message was sent from a machine behind dummynet with the rules > listed (simulated 56k modem). Actually, so is this one, and let me tell > you, it's sooo slow... The images just slowly stream in -- brings back > memories of pre-broadband days... so it does work ? cheers luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message From owner-freebsd-ipfw Fri May 31 1:25:48 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from c015.snv.cp.net (h003.c015.snv.cp.net [209.228.35.118]) by hub.freebsd.org (Postfix) with SMTP id 6A53437B406 for ; Fri, 31 May 2002 01:25:46 -0700 (PDT) Received: (cpmta 5963 invoked from network); 31 May 2002 01:25:45 -0700 Date: 31 May 2002 01:25:45 -0700 Message-ID: <20020531082545.5962.cpmta@c015.snv.cp.net> X-Sent: 31 May 2002 08:25:45 GMT Received: from [65.69.2.157] by mail.compgeek.com with HTTP; 31 May 2002 01:25:45 PDT Content-Type: text/plain Content-Disposition: inline Mime-Version: 1.0 To: rizzo@icir.org From: Jon Noack Cc: freebsd-ipfw@FreeBSD.ORG X-Mailer: Web Mail 3.9.3.11 Subject: Re: By the way: peer-to-peer asymmetric simulation X-Sent-From: noackjr@compgeek.com Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > so it does work ? Yes, it appears to work fine (with the innate delay caveats mentioned previously). I will do more testing today/tomorrow (3:25 AM here -- when I wake up in a few hours it will be tomorrow, right? ;-) with more hosts, although it was working fine between 2 hosts. The packets would go through all the pipes I wanted them to and all the features (delay and bandwidth specifically) were functioning correctly. Jon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message