Date: Sat, 6 Jan 2001 05:57:49 -0800 (PST) From: Luigi Rizzo <rizzo@aciri.org> To: yusufg@outblaze.com (Yusuf Goolamabbas) Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Using DUMMYNET on a filtering bridge Message-ID: <200101061357.f06Dvno09349@iguana.aciri.org> In-Reply-To: <20010106104229.A19299@outblaze.com> from Yusuf Goolamabbas at "Jan 6, 2001 10:42:29 am"
next in thread | previous in thread | raw e-mail | index | archive | help
As you noticed, you have misconfigured the firewall, as rule 400 does not match the traffic you want. Almost surely you need to remove the "in via fxp1" part, and also you need a second rule for the reverse traffic. cheers luigi > Hi, I seem to have a problem getting dummynet working on a filtering > bridge running 4.2-stable as on Dec 6 > > Problem: I am trying to limit the total outbound bandwith from a certain > machine. Prior to inserting the filtering bridge, it is directly > connected to a switch port which is connected to the router and then to > the leased line > > Now, I inserted a filtering bridge between the switch port and the > machine. The connection looks like this > > FB ==> Filtering bridge > > switch-port -> fxp0 of FB > machine with IP [A.B.C.D] -> fxp1 of FB > > I have bound an IP address to fxp0 of FB so I can login in there for > remote and configure the box > > The following are the relevant options in my kernel config > options NMBCLUSTERS=16384 > options BRIDGE > options IPFIREWALL > options IPFIREWALL_VERBOSE > options DUMMYNET > options IPFIREWALL_DEFAULT_TO_ACCEPT > > I have the following in /etc/sysctl.conf > net.link.ether.bridge_ipfw=1 > net.link.ether.bridge=1 > net.inet.ip.fw.dyn_max=10000 > > My rc.firewall looks like this > > ipfw add 100 pass all from any to any via lo0 > ipfw add 200 deny all from any to 127.0.0.0/8 > ipfw add 300 pass udp from 0.0.0.0 2054 to 0.0.0.0 > ipfw add 400 pipe 1 ip from A.B.C.D to any in via fxp1 > ipfw pipe 1 config bw 256 Kbit/s queue 30KB > > However, this does not seem to provide any shaping to the machine > > ipfw show does not show any packets/bytes counters incremented for rule > 400. ipfw pipe show also shows up blank > > Is there some fundamental mistake I have made ? > > Regards, Yusuf > > -- > Yusuf Goolamabbas > yusufg@outblaze.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-ipfw" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200101061357.f06Dvno09349>