From owner-freebsd-ipfw@FreeBSD.ORG Mon Nov 1 17:58:51 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7916416A4CE for ; Mon, 1 Nov 2004 17:58:51 +0000 (GMT) Received: from mta9.adelphia.net (mta9.adelphia.net [68.168.78.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id 19F5243D2F for ; Mon, 1 Nov 2004 17:58:51 +0000 (GMT) (envelope-from ababurko@adelphia.net) Received: from ample.adelphia.net ([24.52.224.96]) by mta9.adelphia.net (InterMail vM.6.01.03.02 201-2131-111-104-20040324) with ESMTP id <20041101175848.ETHV2497.mta9.adelphia.net@ample.adelphia.net> for ; Mon, 1 Nov 2004 12:58:48 -0500 Message-Id: <6.0.3.0.0.20041101123154.02265a08@mail.dc2.adelphia.net> X-Sender: ababurko@mail.dc2.adelphia.net X-Mailer: QUALCOMM Windows Eudora Version 6.0.3.0 Date: Mon, 01 Nov 2004 12:58:47 -0500 To: freebsd-ipfw@freebsd.org From: Bob Ababurko Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Subject: assistance dummynet config(need efficiency) X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Nov 2004 17:58:51 -0000 Hello all- WHat I am trying to accomplish with this dummynet config is give priority to udp traffic, namely dns and tcp ack's so that I can send mail to our clients announcement list, as fast and efficient as possible without congestion. So basically, I need this machine to ba able to make dns lookups with out a problem and I need the acks to get back to my machine so that the SMTP conversation can take place with out latency. I am not sure if I have taken all that I need into consideration, but for now I could use some constructive criticism in terms of making it better. Using FreeBSD 5.2.1, I have: /etc/sysctl.conf : net.inet.ip.fw.one_pass=0 /etc/rc.conf : firewall_enable="YES" firewall_script="/etc/rc.dummynet" firewall_type="open" firewall_logging="YES" /etc/rc.dummynet : ipfw -f flush ipfw pipe 1 config bw 300kbits/s ipfw queue 1 config pipe 1 weight 100 ipfw queue 2 config pipe 1 weight 1 mask all ipfw add 100 queue 1 udp from any to any out via fxp0 ipfw add 101 skipto 1000 udp from any to any out via fxp0 ipfw add 110 queue 1 tcp from any to any out via fxp0 tcpflags ack ipfw add 111 skipto 1000 tcp from any to any out via fxp0 tcpflags ack ipfw add queue 2 ip from any to any out via fxp0 ipfw add 1000 allow all from any to any Can I make this better or am I even on the right road?? Thanks in advance for your help. Regards, Bob