Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 26 Sep 2002 18:24:32 -0400
From:      "Adam Migus" <adam@migus.org>
To:        "Luis Almeida" <laa@orion.ipt.pt>
Cc:        <freebsd-ipfw@freebsd.org>
Subject:   RE: dummynet traffic shaping + nat + rc.firewall ? 
Message-ID:  <HGEBLKNLFOJKKBGJBAKDEEGJCAAA.adam@migus.org>
In-Reply-To: <20020926201014.Q4135-100000@orion.ipt.pt>
next in thread | previous in thread | raw e-mail | index | archive | help 

I believe your problem might be caused by nat.  The packet has already ran
through nat by the time it reaches your rule.  Thus the source address is
that of ${oif}.  Try moving the pipe 10 above the divert rule.

Adam

> -----Original Message-----
> From: owner-freebsd-ipfw@FreeBSD.ORG
> [mailto:owner-freebsd-ipfw@FreeBSD.ORG]On Behalf Of Luis Almeida
> Sent: Thursday, September 26, 2002 3:21 PM
> To: freebsd-ipfw@FreeBSD.ORG
> Cc: laa@ipt.pt
> Subject: dummynet traffic shaping + nat + rc.firewall ?
>
>
>
>
> Hello
>
> Sorry if this mailing-list is just for developer people!
>
> Can anyone suggest the cause (or solution) for the following problem?
>
> I have setup a FreeBSD4.6.2 box to act as a gateway (NAT + IPFW with 2
> NIC).
> I tried to use dummynet to shape the traffic and i created two pipes to
> control the upload and the download  traffic (both pipes with same
> bandwith)(i am using rc.firewall file (simple) to setup the ipfw rules):
>
>   ${fwcmd}  add pipe 10 all from  192.168.1.0/24 to any out via ${oif}
>   ${fwcmd}  add pipe 20 all from any to 192.168.1.0/24   in via ${oif}
>   ${fwcmd}  pipe 10 config mask src-ip 0x000000ff bw 200Kbit/s  queue
> 20Kbytes
>   ${fwcmd}  pipe 20 config mask dst-ip 0x000000ff bw 200Kbit/s  queue
> 20Kbytes
>
> The firewall and NAT runs is OK
>
> The problem is that i can limit the download traffic
> but the upload traffic is higher and not the same (it seems that the
> upload traffic do not pass by pipe 10)
>
> Is there any right place to put those pipes on rc.firewall?
> (i.e. after or before the divert rule)?
> Is there any conflict with nat divert rule and (mask src-ip 0x000000ff) ?


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?HGEBLKNLFOJKKBGJBAKDEEGJCAAA.adam>