From owner-freebsd-net@FreeBSD.ORG Thu Dec 7 12:51:32 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 34D1A16A4D2 for ; Thu, 7 Dec 2006 12:51:32 +0000 (UTC) (envelope-from hg@sircon.no) Received: from smtp.sircon.net (smtp.sircon.net [85.19.149.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id EA8A843E88 for ; Thu, 7 Dec 2006 12:43:25 +0000 (GMT) (envelope-from hg@sircon.no) Received: from smtp.sircon.net (smtp [85.19.149.103]) by smtp.sircon.net (8.13.4/8.13.4) with ESMTP id kB7Cjns2061729; Thu, 7 Dec 2006 13:45:49 +0100 (CET) (envelope-from hg@sircon.no) Received: (from root@localhost) by smtp.sircon.net (8.13.4/8.13.4/Submit) id kB7CjnmA061728; Thu, 7 Dec 2006 13:45:49 +0100 (CET) (envelope-from hg@sircon.no) Received: from [85.19.149.202] by smtp.sircon.net ESMTP MEsmtpd (v1.04 [2004-11-17] on FreeBSD i386) (c) Martin Edenhofer; Thu Dec 7 13:45:49 2006 X-MEsmtpd-Page: http://martin.edenhofer.de/Projects X-MEsmtpd-Sender: sircon.no/sircon.no on 85.19.149.202 X-MEsmtpd-Abuse: Report spam/abuse to abuse@sircon.no Message-ID: <45780C9C.1000907@sircon.no> Date: Thu, 07 Dec 2006 13:44:12 +0100 From: =?ISO-8859-1?Q?H=E5kon_Granlund?= User-Agent: Thunderbird 1.5.0.8 (X11/20061113) MIME-Version: 1.0 To: Timofej Dod References: <1895992105.20061206224504@4you.lt> In-Reply-To: <1895992105.20061206224504@4you.lt> X-Enigmail-Version: 0.94.1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Mesmtpd-Mailerfrom: =?ISO-8859-1?Q?H=E5kon_Granlund?= Cc: freebsd-net@freebsd.org Subject: Re: dummynet throughput problem X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Dec 2006 12:51:32 -0000 Timofej Dod wrote: > Hi, > > I got a firewall with ipfw + dummynet. > system is: > FreeBSD 6.1-RELEASE-p10 > > table 1 contains 211 IP addresses. > > 00502 pipe 11 ip from any to table(1) out via rl0 > 00502 skipto 2000 ip from any to table(1) > > and with pipe configured > ipfw -q pipe 11 config mask dst-ip 0xffffffff bw 256Kbit/s > > however everybody only getting half of it i.e. 128 Kbits. > also net.inet.ip.fw.one_pass: 1 doesn't seem to work properly since > counters show that skipto rule is being triggered and it should not with > the one_pass activated. > Any clues how to make it give the speed it is supposed to? I'm absolutely no expert on this matter, but I think you have to define where the packets are going. It's got something to do with DUMMYNET or IPFW seeing the packet twice. You're probably looking for: 00502 pipe 11 ip from any to table(1) out xmit rl0 A similar rule for incoming would be: pipe 12 ip from table(1) to any in recv rl0 -- Håkon Granlund