Date: Thu, 13 Feb 2014 15:38:21 -0200 From: Marcelo Gondim <gondim@bsdinfo.com.br> To: freebsd-stable@freebsd.org Subject: Re: dummynet problem in FreeBSD 10.0-STABLE Message-ID: <52FD030D.7010507@bsdinfo.com.br> In-Reply-To: <CA%2BhQ2%2BifNHQjgHe1G_jsTfwqRTaqMUABKaP6B7Ei=W02_-mDAw@mail.gmail.com> References: <52FCFB8C.1030800@bsdinfo.com.br> <CA%2BhQ2%2BifNHQjgHe1G_jsTfwqRTaqMUABKaP6B7Ei=W02_-mDAw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Luigi, I found out what happened: when I ran the rules from script file, did not show any error messages. But running rules manually, these appeared: # ipfw pipe 1 config bw 1024Kbit/s queue 128 burst 2M ipfw: 2 <= queue size <= 100 # ipfw pipe 2 config bw 1024Kbit/s queue 128 burst 2M ipfw: 2 <= queue size <= 100 I changed the net.inet.ip.dummynet.pipe_slot_limit to 128 and everything worked. Thanks and sorry! Em 13/02/14 15:30, Luigi Rizzo escreveu: > hi, > do you have the dummynet module loaded ? > what does "ipfw pipe show" say, before and > after the pipe's configuration ? > > cheers > luigi > > > > On Thu, Feb 13, 2014 at 9:06 AM, Marcelo Gondim <gondim@bsdinfo.com.br>wrote: > >> Hi all, >> >> The following rules do not work anymore and block access to outside: >> >> ipfw add pipe 1 ip from 67.xxx.89.78 to any 80 out via xn0 >> ipfw add pipe 2 ip from any 80 to 67.xxx.89.78 in via xn0 >> ipfw pipe 1 config bw 1024Kbit/s queue 128 burst 2M >> ipfw pipe 2 config bw 1024Kbit/s queue 128 burst 2M >> >> Using these rules on the server, I can not surf the Internet through the >> server. In FreeBSD 9.x these rules worked. >> Doing: links http://www.any_website.com not work >> >> My Firewall rules: >> # ipfw show >> >> 00100 67191 13584242 allow ip from any to any via lo0 >> 00200 0 0 deny ip from 127.0.0.0/8 to any >> 00300 0 0 deny ip from any to 127.0.0.0/8 >> 00400 0 0 check-state >> 00500 0 0 deny ip from 192.168.0.0/16 to any in via xn0 >> 00600 0 0 deny ip from 10.0.0.0/8 to any in via xn0 >> 00700 0 0 deny ip from 172.16.0.0/12 to any in via xn0 >> 00800 0 0 deny ip from 224.0.0.0/4 to any in via xn0 >> 00900 0 0 deny ip from 255.255.255.255 to any in via xn0 >> 01000 0 0 deny tcp from any to any in tcpflags fin,psh,urg recv >> xn0 >> 01100 0 0 deny tcp from any to any in tcpflags >> !syn,!fin,!ack,!psh,!rst,!urg recv xn0 >> 01200 0 0 deny tcp from any to any in tcpflags syn,fin recv xn0 >> 01300 0 0 deny tcp from any to any in tcpflags fin,rst recv xn0 >> 01400 0 0 deny ip from any to any in ipoptions ssrr,lsrr,rr,ts >> recv xn0 >> 01500 78 2496 deny ip from table(99) to any in via xn0 >> 01600 0 0 deny ip from table(1) to any >> >> 01700 276 16560 pipe 1 ip from 67.xxx.89.78 to any dst-port 80 out >> via xn0 >> 01800 3 144 pipe 2 ip from any 80 to 67.xxx.89.78 in via xn0 >> >> 01900 4 276 allow icmp from any to any icmptypes 3,11,12 >> 02000 0 0 allow icmp from me to any icmptypes 0,8 keep-state >> 02100 1 75 deny icmp from any to any >> 02200 2226 298340 allow tcp from any to me dst-port 4321 in via xn0 >> setup keep-state >> 02300 1997 768000 allow tcp from any to me dst-port 995 in via xn0 >> setup keep-state >> 02400 1363 519377 allow tcp from any to me dst-port 25 in via xn0 setup >> keep-state >> 02500 733 549931 allow tcp from any to me dst-port 587 in via xn0 >> setup keep-state >> 02600 8952 8756999 allow tcp from any to me dst-port 80 in via xn0 setup >> keep-state >> 02700 2748 2125603 allow tcp from any to me dst-port 443 in via xn0 >> setup keep-state >> 02800 0 0 allow tcp from any to me dst-port 143 in via xn0 >> setup keep-state >> 02900 0 0 allow tcp from any to me dst-port 110 in via xn0 >> setup keep-state >> 03000 1094 360419 allow tcp from any to me dst-port 993 in via xn0 >> setup keep-state >> 03100 0 0 allow tcp from any to me dst-port 21 in via xn0 setup >> keep-state >> 03200 0 0 allow tcp from any to me dst-port 30000-50000 in via >> xn0 setup keep-state >> 03300 3558 1151840 allow tcp from me to any out setup keep-state >> 03400 6693 880724 allow ip from me to any out keep-state >> 65534 170 20283 deny log logamount 100 ip from any to any >> 65535 36 5424 allow ip from any to any >> >> When I remove the upload rule, navigation back to work: >> >> # ipfw delete 1700 >> >> links http://www.any_website.com work again. >> >> # uname -a >> FreeBSD mail.xxxxx.xxx.xx 10.0-STABLE FreeBSD 10.0-STABLE #2 r261419: Thu >> Feb 6 16:51:10 BRST 2014 root@mail.xxxxx.xxx.xx:/usr/obj/usr/src/sys/GONDIM >> amd64 >> >> It seems that something has changed and that stopped the bandwidth control. >> >> []'s >> Gondim >> _______________________________________________ >> freebsd-stable@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-stable >> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" >> > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52FD030D.7010507>