From owner-freebsd-net  Mon Oct 12 20:37:44 1998
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id UAA16922
          for freebsd-net-outgoing; Mon, 12 Oct 1998 20:37:44 -0700 (PDT)
          (envelope-from owner-freebsd-net@FreeBSD.ORG)
Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id UAA16916
          for <freebsd-net@FreeBSD.ORG>; Mon, 12 Oct 1998 20:37:42 -0700 (PDT)
          (envelope-from luigi@labinfo.iet.unipi.it)
Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id CAA21888; Tue, 13 Oct 1998 02:38:27 +0100
From: Luigi Rizzo <luigi@labinfo.iet.unipi.it>
Message-Id: <199810130138.CAA21888@labinfo.iet.unipi.it>
Subject: Re: ipfw and dummynet
To: vev@michvhf.com (Vince Vielhaber)
Date: Tue, 13 Oct 1998 02:38:27 +0100 (MET)
Cc: freebsd-net@FreeBSD.ORG
In-Reply-To: <XFMail.981012184107.vev@michvhf.com> from "Vince Vielhaber" at Oct 12, 98 06:40:48 pm
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> I'm having a problem with ipfw and dummynet - but I'm not sure that
> dummynet has anything to do with it.

actually it looks like you are having a problem with ARP resolution.

> First some background.  I'm running a news server that I sometimes need
> to limit bandwidth coming from certain sites - but not all and not all
> the time which is why I don't want to tell any of them to limit what they
> send me.  
> 
> I installed the patches to 2.2.7-REL for dummynet and enabled it in 
> the kernel and built a new kernel with these options:

First and most important:  how do your sources (src/sys/netinet)
compare with the ones in -stable ? i thought you were using -stable,
which is much more up-to-date than the version on my web page
(especially for bugfixes).

i think quite a few people are using dummynet with the same config as
you, so if there was some major screwup in the code in -stable i'd have
got a lot of reports.

> options         IPFIREWALL
> options         DUMMYNET
> 
> The problem I'm having is that even with only one rule:
> 
> ipfw add pipe 1 ip from any to any        and
> ipfw pipe 1 config bw 100MB/s
> 
> only the local subnet can get in.  After a while (no specific timeframe

* have you seen any difference by adding a catchall rule (much like
  setting IPFIREWALL_DEFAULT_TO_ACCEPT ?)

* does local traffic always flow ?

* have you tried pinging a remote host for which you already have an
  ARP cache entry ?

* what is the output of "ipfw show" "ipfw pipe show" "netstat -nr"
  while traffic is being blocked ?

	cheers
	luigi
-----------------------------+--------------------------------------
Luigi Rizzo                  |  Dip. di Ingegneria dell'Informazione
email: luigi@iet.unipi.it    |  Universita' di Pisa
tel: +39-50-568533           |  via Diotisalvi 2, 56126 PISA (Italy)
fax: +39-50-568522           |  http://www.iet.unipi.it/~luigi/
_____________________________|______________________________________

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message