From owner-freebsd-stable@FreeBSD.ORG  Thu Feb 13 17:38:25 2014
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 7411B27C
 for <freebsd-stable@freebsd.org>; Thu, 13 Feb 2014 17:38:25 +0000 (UTC)
Received: from mail.bsdinfo.com.br (mail.bsdinfo.com.br [67.212.89.78])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 2D6771C82
 for <freebsd-stable@freebsd.org>; Thu, 13 Feb 2014 17:38:24 +0000 (UTC)
Received: from mail.bsdinfo.com.br (mail.bsdinfo.com.br [127.0.0.1])
 by mail.bsdinfo.com.br (Postfix) with ESMTP id 3B6B9139C9
 for <freebsd-stable@freebsd.org>; Thu, 13 Feb 2014 15:40:11 -0200 (BRST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bsdinfo.com.br;
 h=content-type:content-type:in-reply-to:references:subject
 :subject:to:mime-version:user-agent:from:from:date:date
 :message-id; s=dkim; t=1392313210; x=1393177211; bh=2IUAILgeLQ3J
 TS6miMvHm+jcDgAULdXu+aBT+oMMMck=; b=DS7lOYYdh5JTRYNj3qZAuqZ5lYB0
 pFuOSbxzMtJei4Sx2OcycAVubkBMK5YHT1jyQ6swPTx+LHclhdz77/+ea2PkjuVg
 R8Eeld/bsNWKBTQV4wn4kV7ZfK0vpOdyA7kjNxeEtwyq1RdSvZpDxB1e7zOAvRFC
 1ngTQAJ8bYSnlxw=
X-Virus-Scanned: amavisd-new at mail.bsdinfo.com.br
Received: from mail.bsdinfo.com.br ([127.0.0.1])
 by mail.bsdinfo.com.br (mail.bsdinfo.com.br [127.0.0.1]) (amavisd-new,
 port 10024)
 with ESMTP id sfG_kMHNAJlL for <freebsd-stable@freebsd.org>;
 Thu, 13 Feb 2014 15:40:10 -0200 (BRST)
Received: from MacBook-de-Gondim-2.local (unknown [186.193.48.8])
 by mail.bsdinfo.com.br (Postfix) with ESMTPSA id 7DE6C139C3
 for <freebsd-stable@freebsd.org>; Thu, 13 Feb 2014 15:40:09 -0200 (BRST)
Message-ID: <52FD030D.7010507@bsdinfo.com.br>
Date: Thu, 13 Feb 2014 15:38:21 -0200
From: Marcelo Gondim <gondim@bsdinfo.com.br>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9;
 rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: freebsd-stable@freebsd.org
Subject: Re: dummynet problem in FreeBSD 10.0-STABLE
References: <52FCFB8C.1030800@bsdinfo.com.br>
 <CA+hQ2+ifNHQjgHe1G_jsTfwqRTaqMUABKaP6B7Ei=W02_-mDAw@mail.gmail.com>
In-Reply-To: <CA+hQ2+ifNHQjgHe1G_jsTfwqRTaqMUABKaP6B7Ei=W02_-mDAw@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Content-Filtered-By: Mailman/MimeDel 2.1.17
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 13 Feb 2014 17:38:25 -0000

Hi Luigi,

I found out what happened: when I ran the rules from script file, did 
not show any error messages. But running rules manually, these appeared:

# ipfw pipe 1 config bw 1024Kbit/s queue 128 burst 2M
ipfw: 2 <= queue size <= 100

# ipfw pipe 2 config bw 1024Kbit/s queue 128 burst 2M
ipfw: 2 <= queue size <= 100

I changed the net.inet.ip.dummynet.pipe_slot_limit to 128 and everything 
worked.

Thanks and sorry!

Em 13/02/14 15:30, Luigi Rizzo escreveu:
> hi,
> do you have the dummynet module loaded ?
> what does "ipfw pipe show" say, before and
> after the pipe's configuration ?
>
> cheers
> luigi
>
>
>
> On Thu, Feb 13, 2014 at 9:06 AM, Marcelo Gondim <gondim@bsdinfo.com.br>wrote:
>
>> Hi all,
>>
>> The following rules do not work anymore and block access to outside:
>>
>> ipfw add pipe 1 ip from 67.xxx.89.78 to any 80 out via xn0
>> ipfw add pipe 2 ip from any 80 to 67.xxx.89.78 in via xn0
>> ipfw pipe 1 config bw 1024Kbit/s queue 128 burst 2M
>> ipfw pipe 2 config bw 1024Kbit/s queue 128 burst 2M
>>
>> Using these rules on the server, I can not surf the Internet through the
>> server. In FreeBSD 9.x these rules worked.
>> Doing: links http://www.any_website.com not work
>>
>> My Firewall rules:
>> # ipfw show
>>
>> 00100 67191 13584242 allow ip from any to any via lo0
>> 00200     0        0 deny ip from 127.0.0.0/8 to any
>> 00300     0        0 deny ip from any to 127.0.0.0/8
>> 00400     0        0 check-state
>> 00500     0        0 deny ip from 192.168.0.0/16 to any in via xn0
>> 00600     0        0 deny ip from 10.0.0.0/8 to any in via xn0
>> 00700     0        0 deny ip from 172.16.0.0/12 to any in via xn0
>> 00800     0        0 deny ip from 224.0.0.0/4 to any in via xn0
>> 00900     0        0 deny ip from 255.255.255.255 to any in via xn0
>> 01000     0        0 deny tcp from any to any in tcpflags fin,psh,urg recv
>> xn0
>> 01100     0        0 deny tcp from any to any in tcpflags
>> !syn,!fin,!ack,!psh,!rst,!urg recv xn0
>> 01200     0        0 deny tcp from any to any in tcpflags syn,fin recv xn0
>> 01300     0        0 deny tcp from any to any in tcpflags fin,rst recv xn0
>> 01400     0        0 deny ip from any to any in ipoptions ssrr,lsrr,rr,ts
>> recv xn0
>> 01500 78     2496 deny ip from table(99) to any in via xn0
>> 01600     0        0 deny ip from table(1) to any
>>
>> 01700   276    16560 pipe 1 ip from 67.xxx.89.78 to any dst-port 80 out
>> via xn0
>> 01800     3      144 pipe 2 ip from any 80 to 67.xxx.89.78 in via xn0
>>
>> 01900     4      276 allow icmp from any to any icmptypes 3,11,12
>> 02000     0        0 allow icmp from me to any icmptypes 0,8 keep-state
>> 02100     1       75 deny icmp from any to any
>> 02200  2226   298340 allow tcp from any to me dst-port 4321 in via xn0
>> setup keep-state
>> 02300  1997   768000 allow tcp from any to me dst-port 995 in via xn0
>> setup keep-state
>> 02400  1363   519377 allow tcp from any to me dst-port 25 in via xn0 setup
>> keep-state
>> 02500   733   549931 allow tcp from any to me dst-port 587 in via xn0
>> setup keep-state
>> 02600  8952  8756999 allow tcp from any to me dst-port 80 in via xn0 setup
>> keep-state
>> 02700  2748  2125603 allow tcp from any to me dst-port 443 in via xn0
>> setup keep-state
>> 02800     0        0 allow tcp from any to me dst-port 143 in via xn0
>> setup keep-state
>> 02900     0        0 allow tcp from any to me dst-port 110 in via xn0
>> setup keep-state
>> 03000  1094   360419 allow tcp from any to me dst-port 993 in via xn0
>> setup keep-state
>> 03100     0        0 allow tcp from any to me dst-port 21 in via xn0 setup
>> keep-state
>> 03200     0        0 allow tcp from any to me dst-port 30000-50000 in via
>> xn0 setup keep-state
>> 03300  3558  1151840 allow tcp from me to any out setup keep-state
>> 03400  6693   880724 allow ip from me to any out keep-state
>> 65534   170    20283 deny log logamount 100 ip from any to any
>> 65535    36     5424 allow ip from any to any
>>
>> When I remove the upload rule, navigation back to work:
>>
>> # ipfw delete 1700
>>
>> links http://www.any_website.com work again.
>>
>> # uname -a
>> FreeBSD mail.xxxxx.xxx.xx 10.0-STABLE FreeBSD 10.0-STABLE #2 r261419: Thu
>> Feb  6 16:51:10 BRST 2014 root@mail.xxxxx.xxx.xx:/usr/obj/usr/src/sys/GONDIM
>>   amd64
>>
>> It seems that something has changed and that stopped the bandwidth control.
>>
>> []'s
>> Gondim
>> _______________________________________________
>> freebsd-stable@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
>> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
>>
>
>