From owner-freebsd-questions@FreeBSD.ORG Sat Feb 14 15:39:43 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4CE4F16A4CE for ; Sat, 14 Feb 2004 15:39:43 -0800 (PST) Received: from smtp01.wxs.nl (smtp01.wxs.nl [195.121.6.61]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2544343D1D for ; Sat, 14 Feb 2004 15:39:43 -0800 (PST) (envelope-from freebsd@akruijff.dds.nl) Received: from kruij557.speed.planet.nl (ipd50a97ba.speed.planet.nl [213.10.151.186]) by smtp01.wxs.nl (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003)) with ESMTP id <0HT3009JULQ6MW@smtp01.wxs.nl> for freebsd-questions@freebsd.org; Sun, 15 Feb 2004 00:39:42 +0100 (MET) Received: from alex.lan (localhost [127.0.0.1]) by kruij557.speed.planet.nl (8.12.10/8.12.10) with ESMTP id i1ENdCuR038684; Sun, 15 Feb 2004 00:39:12 +0100 Received: (from akruijff@localhost) by alex.lan (8.12.10/8.12.10/Submit) id i1ENdBhS038683; Sun, 15 Feb 2004 00:39:11 +0100 Content-return: prohibited Date: Sun, 15 Feb 2004 00:39:11 +0100 From: Alex de Kruijff In-reply-to: <20040214122522.7c1420ed@vixen42> To: Vulpes Velox Message-id: <20040214233911.GC3430@alex.lan> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Content-disposition: inline User-Agent: Mutt/1.4.1i References: <200402141319.i1EDJOw22101@nalle.netsonic.fi> <20040214122522.7c1420ed@vixen42> X-Authentication-warning: alex.lan: akruijff set sender to freebsd@akruijff.dds.nl using -f cc: Markus Kovero cc: freebsd-questions@freebsd.org Subject: Re: ipfw bandwidth limit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Feb 2004 23:39:43 -0000 On Sat, Feb 14, 2004 at 12:25:22PM -0600, Vulpes Velox wrote: > "Markus Kovero" wrote: > > On Sat, 14 Feb 2004 15:19:28 +0200 > > > I've got 172.16.0.0/24 network that is connected to internet via vpn > > gre tunnel. > > And now I've had bit hard time doing bandwidth control, maybe I'm > > missing something. > > > > I've set ipfw pipes like this: > > ipfw add queue 1 gre from any to 172.16.0.0/24 > > ipfw queue 1 config weight 5 pipe 2 mask dst-ip 0x000000ff > > ipfw pipe 2 config bw 1500Kbit/s > > ipfw add queue 2 gre from 172.16.0.0/24 to any > > ipfw queue 2 config weight 20 pipe 3 mask src-ip 0x000000ff > > ipfw pipe 3 config bw 256Kbit/s > > >From my own website, this should work: pipe 1 config mask dst-ip 0x000000ff bw 256Kbit/s pipe 2 config mask src-ip 0x000000ff bw 32Kbit/s add 10310 pipe 1 ip from any to any in add 10320 pipe 2 ip from any to any out > > net.inet.ip.fw.one_pass: 0 Depending on this value package are allowed by the pipe rules or passed to the next rule. > > 65100 queue 1 gre from any to 172.16.0.0/24 > > 65200 queue 2 gre from 172.16.0.0/24 to any > > > > 00002: 1.500 Mbit/s 0 ms 50 sl. 0 queues (1 buckets) droptail > > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 > > 00003: 256.000 Kbit/s 0 ms 50 sl. 0 queues (1 buckets) droptail > > mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 > > q00001: weight 5 pipe 2 50 sl. 0 queues (64 buckets) droptail > > mask: 0x00 0x00000000/0x0000 -> 0x000000ff/0x0000 > > q00002: weight 20 pipe 3 50 sl. 0 queues (64 buckets) droptail > > mask: 0x00 0x000000ff/0x0000 -> 0x00000000/0x0000 > > > > It seems to have no effect on network. What I'm missing? > > (replacing gre-protocol with ip doesn't help) > > > here is a example from my ftp server... > > ipfw add 200 pipe 2 tcp from me to any out gid ftpusersBWL > ipfw pipe config 2 bw 16KBps queue 100 > > > this will pipe any thing from that gid into pipe 2... and pipe 2 is bw > limited at 16KBps... the only dif is that you will have to change the > packet matching setup... > That only works if a user has an accound and uses that to login to something. It not something that can be use for the more general setup. -- Alex Articles based on solutions that I use: http://www.kruijff.org/alex/index.php?dir=docs/FreeBSD/