From owner-freebsd-net Sat Nov 10 18: 5:41 2001 Delivered-To: freebsd-net@freebsd.org Received: from smtpout.mac.com (smtpout.mac.com [204.179.120.89]) by hub.freebsd.org (Postfix) with ESMTP id DC4F637B41A for ; Sat, 10 Nov 2001 18:05:38 -0800 (PST) Received: from smtp-relay01.mac.com (server-source-si02 [10.13.10.6]) by smtpout.mac.com (8.12.1/8.10.2/1.0) with ESMTP id fAB1wZsD023450 for ; Sat, 10 Nov 2001 17:58:35 -0800 (PST) Received: from asmtp02.mac.com ([10.13.10.66]) by smtp-relay01.mac.com (Netscape Messaging Server 4.15 relay01 Jun 21 2001 23:53:48) with ESMTP id GMM5TE00.GFL for ; Sat, 10 Nov 2001 18:05:38 -0800 Received: from cannondale.0.168.192.in-addr.arpa ([144.137.193.240]) by asmtp02.mac.com (Netscape Messaging Server 4.15 asmtp02 Jun 21 2001 23:53:48) with ESMTP id GMM5TA00.5BP for ; Sat, 10 Nov 2001 18:05:34 -0800 Date: Sun, 11 Nov 2001 12:35:19 +1030 Mime-Version: 1.0 (Apple Message framework v472) Content-Type: text/plain; charset=US-ASCII; format=flowed Subject: Limiting bandwidth abuse to/from internet From: Wincent Colaiuta To: freebsd-net@freebsd.org Content-Transfer-Encoding: 7bit Message-Id: <8E809F08-D648-11D5-B151-003065C60B4C@mac.com> X-Mailer: Apple Mail (2.472) Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all We have a local-subnet here 192.168.0.0/24 sharing a small PPPoE connection (512KBit/s) to the net. I'm trying to use dummynet to prevent one user in particular from saturating the connection and destroying the net connection for all others. I've successfully used a set of ipfw/dummynet rules such as these on the gateway machine that is connected to the internet: pipe 1 ip from any to 192.168.0.2 pipe 2 ip from 192.168.0.2 to any pipe 1 config bw 10KBytes/s pipe 2 config bw 5KBytes/s The problem with these rules is that they cap that user's abuse of the net connection, but they ALSO slow down the speed with which that user can access files shared locally to the LAN from the gateway machine. I want to restrict it so that only connections to/from the internet are limited, but I don't want connections merely with the LAN to be slow. So the following lines don't work (trying to limit only PPP traffic (which goes via the tun0 interface on the gateway)... pipe 1 ip from any to 192.168.0.2 via tun0 pipe 2 ip from 192.168.0.2 to any via tun0 Any tips? I suspect I should be using masks but I am not really sure how... Thanks for any advice that you can give. Cheers Wincent To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message