From owner-freebsd-questions Wed Oct 24 1:49:46 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mip.co.za (puck.mip.co.za [209.212.106.44]) by hub.freebsd.org (Postfix) with ESMTP id 92E1337B405 for ; Wed, 24 Oct 2001 01:48:50 -0700 (PDT) Received: from patrick (patrick.mip.co.za [10.3.13.181]) by mip.co.za (8.9.3/8.9.3) with SMTP id KAA64234; Wed, 24 Oct 2001 10:45:49 +0200 (SAST) (envelope-from patrick@mip.co.za) From: "Patrick O'Reilly" To: "Bezerker" Cc: Subject: RE: Lil help with dummynet please? Date: Wed, 24 Oct 2001 10:49:15 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 In-Reply-To: <00cd01c15c64$c5484f60$0101a8c0@bezerker> Importance: Normal Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG OK... The sequence of your rules should be set to achieve what you need. Your rule is fine at 65100 as long as there is not a rule BEFORE that which is actually passing the traffic to 192.168.5.1. If that is the case (ie: there IS an earlier rule passing traffic to 196.168.5.1) then obviously the rule 65100 pipe does not come into play, and hence the pipe does not come into play, and hence your problem. Try using: =========== ipfw add pipe 1 log ip from any to 192.168.1.5 =========== so that all packets passed to the pipe will also be logged, then watch your logs to see what's happening. If nothing hits the log then it must be going through somewhere else. Or use: ipfw -a list to get some clues. Try to do this while the rest of your network is quiet: =========== ipfw zero ipfw -a list (now generate some internet traffic to/from 196.168.5.1) ipfw -a list =========== You should now have a pretty good idea which rules are passing the packets. Make sure those rules are hooked into pipe 1. Patrick. > -----Original Message----- > From: owner-freebsd-questions@FreeBSD.ORG > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Bezerker > Sent: 24 October 2001 10:21 > To: Patrick O'Reilly > Cc: questions@FreeBSD.ORG > Subject: Re: Lil help with dummynet please? > > > DOH! So sorry, i meant ipfw add pipe 1 which put the rule in line 65100.. > does this rule need to be further up in the priority? Again > sorry for that > misinformation > bleh > > ----- Original Message ----- > From: "Patrick O'Reilly" > To: "Bezerker" > Cc: > Sent: Wednesday, October 24, 2001 4:14 AM > Subject: RE: Lil help with dummynet please? > > > > Bez, > > > > I'm not sure if you are getting the syntax right in your > firewall scripts, > > but the samples in your emails are certainly not right. > > > > Below you mention a rule like this: > > ipfw pipe 1 ip from any to 192.168.1.5 > > > > ipfw will see this as a pipe config rule, NOT a normal ipfw > rule, because > it > > begins with "ipfw pipe". > > > > Try the following: > > > > ipfw pipe 1 config 3KByte/s > > ipfw add 1 pipe 1 ip from any to 192.168.1.5 > > > > PS: I'm assuming you are running NAT? Make sure the rule > sending packets > to > > the pipe is after NAT has done its trick, or else you are not > going to get > a > > match on that private address! So perhaps you should rather do > something > > like this: > > > > ipfw pipe 1 config 3KByte/s > > ipfw add 1 divert ip from any to any via tun0 > > ipfw add 2 pipe 1 ip from any to 192.168.1.5 > > > > Patrick. > > > > > > > -----Original Message----- > > > From: owner-freebsd-questions@FreeBSD.ORG > > > [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Bezerker > > > Sent: 24 October 2001 09:45 > > > To: Patrick O'Reilly > > > Cc: questions@FreeBSD.ORG > > > Subject: Re: Lil help with dummynet please? > > > > > > > > > it listed fine, > > > i even tried another rule of ipfw pipe 1 ip from any to > > > 192.168.1.5 to limit > > > ANY traffic going there to 3kbyte/S > > > > > > No go. > > > I essentially, have my modem on tun0 (ppp ) .. and want to limit > > > any traffic > > > coming in via the modem going to my pop's machine, to 3kbyte a sec... > > > unfortunately, that seems more complicated than i expected :P > > > > > > ----- Original Message ----- > > > From: "Patrick O'Reilly" > > > To: "Bezerker" ; > > > Sent: Wednesday, October 24, 2001 3:41 AM > > > Subject: RE: Lil help with dummynet please? > > > > > > > > > > > > > > > > Im trying to setup bandwith limiting so my fathers machine dont > > > > > soak all the > > > > > bandwith on my itty 56k. > > > > > > > > > > so.. i do the dummynet stuff and do this > > > > > ipfw add 1 ip from any to 192.168.1.5 via tun0 > > > > > ipfw pipe 1 config bw 3Kbytes/s > > > > > All looks well > > > > > > > > No, not so well. > > > > > > > > Your pipe config looks fine: > > > > > ipfw pipe 1 config bw 3Kbytes/s > > > > > > > > But, to use the pipe, your ipfw rule should be: > > > > > ipfw add 1 pipe 1 ip from any to 192.168.1.5 via tun0 > > > > > > > > In fact, the rule as you gave it above has invalid syntax as > > > far as I can > > > > tell, so it might not be active at all. Check with "ipfw list". > > > > > > > > Regards, > > > > Patrick. > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-questions" in the body of the message > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message