From owner-freebsd-ipfw Thu Sep 26 15:25: 7 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E594C37B401 for ; Thu, 26 Sep 2002 15:25:05 -0700 (PDT) Received: from garple.migus.org (pcp243391pcs.howard01.md.comcast.net [68.55.83.143]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3724D43E75 for ; Thu, 26 Sep 2002 15:25:05 -0700 (PDT) (envelope-from adam@migus.org) Received: from ganyopa (ganyopa.migus.org [192.168.4.2]) by garple.migus.org (8.12.2/8.12.2) with SMTP id g8QMXTlv014210; Thu, 26 Sep 2002 18:33:30 -0400 (EDT) From: "Adam Migus" To: "Luis Almeida" Cc: Subject: RE: dummynet traffic shaping + nat + rc.firewall ? Date: Thu, 26 Sep 2002 18:24:32 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 In-Reply-To: <20020926201014.Q4135-100000@orion.ipt.pt> Importance: Normal Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG I believe your problem might be caused by nat. The packet has already ran through nat by the time it reaches your rule. Thus the source address is that of ${oif}. Try moving the pipe 10 above the divert rule. Adam > -----Original Message----- > From: owner-freebsd-ipfw@FreeBSD.ORG > [mailto:owner-freebsd-ipfw@FreeBSD.ORG]On Behalf Of Luis Almeida > Sent: Thursday, September 26, 2002 3:21 PM > To: freebsd-ipfw@FreeBSD.ORG > Cc: laa@ipt.pt > Subject: dummynet traffic shaping + nat + rc.firewall ? > > > > > Hello > > Sorry if this mailing-list is just for developer people! > > Can anyone suggest the cause (or solution) for the following problem? > > I have setup a FreeBSD4.6.2 box to act as a gateway (NAT + IPFW with 2 > NIC). > I tried to use dummynet to shape the traffic and i created two pipes to > control the upload and the download traffic (both pipes with same > bandwith)(i am using rc.firewall file (simple) to setup the ipfw rules): > > ${fwcmd} add pipe 10 all from 192.168.1.0/24 to any out via ${oif} > ${fwcmd} add pipe 20 all from any to 192.168.1.0/24 in via ${oif} > ${fwcmd} pipe 10 config mask src-ip 0x000000ff bw 200Kbit/s queue > 20Kbytes > ${fwcmd} pipe 20 config mask dst-ip 0x000000ff bw 200Kbit/s queue > 20Kbytes > > The firewall and NAT runs is OK > > The problem is that i can limit the download traffic > but the upload traffic is higher and not the same (it seems that the > upload traffic do not pass by pipe 10) > > Is there any right place to put those pipes on rc.firewall? > (i.e. after or before the divert rule)? > Is there any conflict with nat divert rule and (mask src-ip 0x000000ff) ? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message