From owner-freebsd-net@FreeBSD.ORG  Thu Oct 23 01:37:41 2003
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B6AA416A4B3
	for <freebsd-net@freebsd.org>; Thu, 23 Oct 2003 01:37:41 -0700 (PDT)
Received: from queue.unet.com.mk (queue.unet.com.mk [212.13.64.51])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5069A43F3F
	for <freebsd-net@freebsd.org>; Thu, 23 Oct 2003 01:37:37 -0700 (PDT)
	(envelope-from aleksandar@unet.com.mk)
Received: from b166-er.unet.com.mk (ppp25.unet.com.mk [212.13.64.90] (may be
	forged))
	by queue.unet.com.mk (8.11.6/8.11.6) with SMTP id h9N7LYT32511
	for <freebsd-net@freebsd.org>; Thu, 23 Oct 2003 09:21:34 +0200
Date: Thu, 23 Oct 2003 10:40:17 +0200
From: Aleksandar Simonovski <aleksandar@unet.com.mk>
To: freebsd-net@freebsd.org
Message-Id: <20031023104017.4657840f.aleksandar@unet.com.mk>
In-Reply-To: <3F974B06.7070304@netvulture.com>
References: <20031022161353.2deeeeeb.aleksandar@unet.com.mk>
	<3F974B06.7070304@netvulture.com>
Organization: Unet
X-Mailer: Sylpheed version 0.9.4-gtk2-20030802 (GTK+ 2.2.4; i686-pc-linux-gnu)
X-Operating-System: Slackware 9.1
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavis-milter (http://amavis.org/)
Subject: Re: gateway/firewall script
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Oct 2003 08:37:41 -0000

On Wed, 22 Oct 2003 20:29:10 -0700
Jonathan Feally <vulture@netvulture.com> wrote:

> Your problem lies in that you are counting the traffic twice in the 
> queue/pipe - once from the internal addr to the dst, and once from the 
> external addr to the dst. Change your rules to specify which IP Block 
> should get the bw limiting.
> I don't know if the keep-state thing is throwing it out of whack or not.

ok, i don't get this quite right, you meen i should change the masks
to something like this:

queue 1 config weight 5 pipe 1 mask src-ip 0xffffff00
queue 2 config weight 5 pipe 2 mask dst-ip 0xffffff00
queue 3 config weight 5 pipe 3 mask src-ip 0xffffff00
queue 4 config weight 5 pipe 4 mask dst-ip 0xffffff00