From owner-freebsd-questions@FreeBSD.ORG Thu Apr 14 13:53:10 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C54D516A4CE for ; Thu, 14 Apr 2005 13:53:10 +0000 (GMT) Received: from mail1.flncs.com (ns1.flncs.com [204.0.142.254]) by mx1.FreeBSD.org (Postfix) with ESMTP id B01C543D3F for ; Thu, 14 Apr 2005 13:53:09 +0000 (GMT) (envelope-from tradigan@newrevolutions.net) Received: (qmail 98734 invoked by uid 89); 14 Apr 2005 13:53:08 -0000 Received: from h-66-166-153-84.phlapafg.covad.net (HELO l03ptradigan) (tradigan@newrevolutions.net@66.166.153.84) by 0 with SMTP; 14 Apr 2005 13:53:08 -0000 From: "Timothy Radigan" To: Date: Thu, 14 Apr 2005 09:53:20 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.6353 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527 Thread-Index: AcVA+VFSPvSXON5bTDqGsVud+Qqd1Q== Message-Id: <20050414135309.B01C543D3F@mx1.FreeBSD.org> Subject: Traffic Shapping (IPFW + DUMMYNET) Question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 14 Apr 2005 13:53:10 -0000 Hi all, I'm new to the entire idea of traffic shaping and I came up with some rules for my BSD firewall/router/VoIP gateway and I just wanted to make sure that what I am trying to accomplish is actually going to happen with these rules in place. Currently, my broadband connection is a 4Mb down and 384Mb up pipe. My VoIP service requires 90Kb up and down. I have 3 separate internal networks at my house. I have my wired 100Mb switched LAN (192.168.15.0/24), I have my IPSec enabled Wireless LAN (192.168.20.0/24), and I have my VoIP LAN (192.168.10.0/30). What I want to do with these traffic shaping rules, is dedicate 100Kb up and down to the VoIP LAN, and then I want to have equally shared bandwidth (the remaining speeds of my broadband connection) for the wired and wireless LANs. Here are the rules I have come up with so far: <----------------------- (START) /etc/ipfw.rules ------------------------> # flush all rules ipfw -f flush # configure the pipe main pipes - have 4000kbits/s down 384kbits/s up # define 200kbits/s for the voip pipes ipfw pipe 1 config bw 100Kbits/s ipfw pipe 2 config bw 100Kbits/s # wired / wifi lans - get all but 100kbits/s for both up and down ipfw pipe 3 config bw 3900Kbits/s ipfw pipe 4 config bw 284Kbits/s # wired/wifi LAN internal transmission ipfw pipe 5 config bw 100Mbits/s mask dst-ip 0xffffffff ipfw pipe 6 config bw 100Mbits/s mask dst-ip 0xffffffff ipfw pipe 7 config bw 100Mbits/s mask dst-ip 0xffffffff ipfw pipe 8 config bw 100Mbits/s mask dst-ip 0xffffffff # make sure the voip gets all of the bandwidth for the pipes ipfw add 1 pipe 1 ip from 192.168.10.2 to any ipfw add 1 pipe 2 ip from any to 192.168.10.2 # make sure the wired and wifi lans get all of the bandwidth for those pipes ipfw add 2 pipe 5 ip from 192.168.15.0/24 to 192.168.0.0/16 ipfw add 2 pipe 6 ip from 192.168.0.0/16 to 192.168.15.0/24 ipfw add 3 pipe 7 ip from 192.168.20.0/24 to 192.168.0.0/16 ipfw add 3 pipe 8 ip from 192.168.0.0/16 to 192.168.20.0/24 # the wired / wifi lans will split the up and down pipes ipfw queue 3 config weight 50 pipe 3 mask dst-ip 0x000000ff ipfw queue 4 config weight 50 pipe 3 mask dst-ip 0x000000ff ipfw queue 5 config weight 50 pipe 4 mask dst-ip 0x000000ff ipfw queue 6 config weight 50 pipe 4 mask dst-ip 0x000000ff # add inbound/outbound queues for the wired lan ipfw add 100 queue 3 ip from any to 192.168.15.0/24 ipfw add 105 queue 5 ip from 192.168.15.0/24 to any # add inbound/outbound queues for the wifi lan ipfw add 200 queue 4 ip from any to 192.168.20.0/24 ipfw add 205 queue 6 ip from 192.168.20.0/24 to any <------------------------ (END) /etc/ipfw.rules -------------------------> Does this seem like it will perform as I am thinking it will? Thanks --Tim