Date: Tue, 26 Apr 2005 23:08:22 -0400 From: Andy Firman <andy@firman.us> To: freebsd-questions@freebsd.org Cc: andy@firman.us Subject: any problems using dummynet as a module? Message-ID: <20050427030822.GA40660@sockeye.firmanix.com>
next in thread | raw e-mail | index | archive | help
I need to traffic shape a remote box that runs IPF, and I have taken the time to learn to use IPFW with dummynet, and also that I can run IPFW wide open as IPF is the firewall. The box is 5.4 stable (generic) and I can't get around doing a reboot, from all the testing I have done. Must reboot unfortunately. Loading the ipfw.ko and/or the dummynet.ko with kldload locks me out of an identical test box which is bad news for me. This box is in a colo center with just one ethernet interface. So my procedure works, but I am wondering if I should just suck it up and compile all this stuff into the kernel, or if my procedure below is somewhat safe? (it works, but I am looking for any hidden issues?) ======================================================== 1. Add this to /boot/loader.conf dummynet_load="YES" 2. Add this to rc.conf: firewall_enable="YES" firewall_quiet="YES" firewall_logging="YES" firewall_script="/etc/ipfw.rules" 3. Edit /etc/ipfw.rules with these entries: ------------------------------------------------ ipfw -q -f flush ipfw -q add 100 pass all from any to any via lo0 ipfw -q add 200 deny all from any to 127.0.0.0/8 ipfw -q add 300 deny ip from 127.0.0.0/8 to any ipfw -q add 65000 pass all from any to any ipfw -q add 1 pipe 1 ip from any to any out xmit ed0 ipfw -q pipe 1 config bw 128kbits/s ------------------------------------------------- REBOOT ...and the rate limiting works and I can also change the speed on the fly which is a good thing.... ======================================================== Thanks for any comments!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050427030822.GA40660>