From owner-freebsd-questions@FreeBSD.ORG Mon Sep 14 19:13:21 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DB4D91065670 for ; Mon, 14 Sep 2009 19:13:21 +0000 (UTC) (envelope-from dan@more.net) Received: from jane.spg.more.net (jane.spg.more.net [207.160.133.140]) by mx1.freebsd.org (Postfix) with ESMTP id B46098FC19 for ; Mon, 14 Sep 2009 19:13:21 +0000 (UTC) Received: from [127.0.0.1] (localhost.localdomain [127.0.0.1]) by jane.spg.more.net (Postfix) with ESMTP id 2EA282C6B1 for ; Mon, 14 Sep 2009 13:54:55 -0500 (CDT) From: Dan D Niles To: freebsd-questions@freebsd.org Content-Type: text/plain Date: Mon, 14 Sep 2009 13:54:54 -0500 Message-Id: <1252954494.858.35.camel@jane.spg.more.net> Mime-Version: 1.0 X-Mailer: Evolution 2.26.1 Content-Transfer-Encoding: 7bit Subject: Traffic Shaping Bridge with Dummynet X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Sep 2009 19:13:21 -0000 I am trying to do traffic shaping using a bridge on FreeBSD 7.1. I have the bridge configured and it works fine. It looks like this: rest of network <-> xl0 <-> bridge0 <-> xl1 <-> side to be shaped It works with the following set of ipfw rules (pipes in but unlimited bw): network=10.10.10.0/24 limit=0 ipfw -q -f flush ipfw -q pipe 1000 config mask dst-ip 0x000000ff bw $limit ipfw -q add pipe 1000 ip from any to $network via xl1 ipfw -q pipe 1001 config mask src-ip 0x000000ff bw $limit ipfw -q add pipe 1001 ip from $network to any via xl1 ipfw -q add 60000 allow all from any to any If I change the limit to 1Mbit/s (or anything else) it stops passing traffic. I used tcpdump and I can see the traffic on the bridge but I cannot see it after the bridge. However "ipfw -a list" shows the counts for the pipe going up, which doesn't make sense to me. I've tried adding: ipfw -q add allow all from any to any via bridge0 ipfw -q add allow all from any to any via xl0 before the pipes. I also tried moving the pipes to bridge0 and xl0. The docs on bridging (http://www.freebsd.org/doc/en/books/handbook/network-bridging.html) says "The bridge can be used as a traffic shaper with altq(4) or dummynet(4)." So what am I doing wrong? What else do I need to do to limit the bandwidth over a bridge? Thanks, Dan