From owner-freebsd-ipfw@FreeBSD.ORG  Wed Sep 10 06:57:02 2003
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D3EE016A4BF
	for <freebsd-ipfw@freebsd.org>; Wed, 10 Sep 2003 06:57:02 -0700 (PDT)
Received: from mail.1wisp.com (uslec-66-255-6-131.cust.uslec.net
	[66.255.6.131])	by mx1.FreeBSD.org (Postfix) with ESMTP id 3C8F843FBF
	for <freebsd-ipfw@freebsd.org>; Wed, 10 Sep 2003 06:57:00 -0700 (PDT)
	(envelope-from tscrum@1wisp.com)
Received: from 1wispadmin ([192.168.1.94])
	(authenticated)
	by mail.1wisp.com (8.11.6/8.11.6) with ESMTP id h8ADuxD19166
	for <freebsd-ipfw@freebsd.org>; Wed, 10 Sep 2003 09:56:59 -0400
Message-ID: <001501c377a3$694aa4e0$5e01a8c0@1wispadmin>
From: "Thomas S. Crum - 1WISP, Inc." <tscrum@1wisp.com>
To: <freebsd-ipfw@freebsd.org>
Date: Wed, 10 Sep 2003 09:57:02 -0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Subject: dummynet help
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Sep 2003 13:57:03 -0000

Hi List,

I thank anyone, in advance, who might offer some light to my question below.

At our office, we have a T1 circuit that I am trying to divy up bandwidth as
you see below.  I would like to give a greater amount of pipe to "web"
associated ports and allow the rest of the traffic to fall into a default
queue, both up and down.  When I run this config it seems that the "web"
associated ports are simply falling into the default queue, which of course
slows everything to a crawl since the default queues are so small.

Can anyone give me some insight as to why this is happening and offer a
solution that will accomplish what I am attempting.

I am running dummynet as a bridge behind my router and in front of
everyhting elese on freebsd. My config is below.

###################

# TOM'S PLAYGROUND

# DO THIS CAUSE THEY SAY ITS GOOD
add check-state

# BLOCK BAD IP'S
#add deny ip from 192.168.1.27 to any
#add deny ip from any to 192.168.1.27

# Keep those nasty viruses, worms and critters away.
add deny udp from any to any 8998
add deny tcp from any to any 135
add deny udp from any to any 69
add deny tcp from any to any 4444
add deny tcp from any to any 707
add deny tcp from any to any 137
add deny udp from any to any 137
add deny tcp from any to any 138
add deny udp from any to any 138
add deny tcp from any to any 139
add deny udp from any to any 139
add deny tcp from any to any 593
add deny udp from any to any 593

# GIVE ME FULL PIPE WHEN SSH FROM OUTSIDE
add allow tcp from 66.255.6.221 to any 22
add allow tcp from any to 66.255.6.221 22

# ALLOW LOCAL IP'S TO PASS W/ EACH OTHER
add allow ip from 192.168.1.0/24 to 192.168.1.0/24
add allow ip from 192.168.1.0/24 to 66.255.6.0/24
add allow ip from 66.255.6.0/24 to 66.255.6.0/24
add allow ip from 66.255.6.0/24 to 192.168.1.0/24

# MAILSERVER "DUPLEX"
add queue 10 ip from any to 66.255.6.131
add queue 11 ip from 66.255.6.131 to any
queue 10 config weight 1 pipe 10 mask src-ip 0xffffffff
queue 11 config weight 1 pipe 10 mask dst-ip 0xffffffff
pipe 10 config bw 50Kbit/s

# EVERYBODY "DOWN 80, 443 AND 53 PORT" 80/20
add queue 30 tcp from any to 192.168.1.0/24 80
add queue 30 tcp from any to 66.255.6.0/24 80
add queue 30 tcp from any to 192.168.1.0/24 53
add queue 30 tcp from any to 66.255.6.0/24 53
add queue 30 udp from any to 192.168.1.0/24 53
add queue 30 udp from any to 66.255.6.0/24 53
add queue 30 tcp from any to 192.168.1.0/24 443
add queue 30 tcp from any to 66.255.6.0/24 443
add queue 30 udp from any to 192.168.1.0/24 443
add queue 30 udp from any to 66.255.6.0/24 443
queue 30 config weight 1 pipe 30 mask dst-ip 0xffffffff
pipe 30 config bw 960Kbit/s

# EVERYBODY "DOWN ALL PORTS"
add queue 31 ip from any to 192.168.1.0/24
add queue 31 ip from any to 66.255.6.0/24
queue 31 config weight 1 pipe 31 mask dst-ip 0xffffffff
pipe 31 config bw 240Kbit/s

# EVERYBODY "UP 80, 443 AND 53 PORT" 60/40
add queue 32 tcp from 192.168.1.0/24 80 to any
add queue 32 tcp from 66.255.6.0/24 80 to any
add queue 32 tcp from 192.168.1.0/24 53 to any
add queue 32 tcp from 66.255.6.0/24 53 to any
add queue 32 udp from 192.168.1.0/24 53 to any
add queue 32 udp from 66.255.6.0/24 53 to any
add queue 32 tcp from 192.168.1.0/24 443 to any
add queue 32 tcp from 66.255.6.0/24 443 to any
add queue 32 udp from 192.168.1.0/24 443 to any
add queue 32 udp from 66.255.6.0/24 443 to any
queue 32 config weight 1 pipe 32 mask src-ip 0xffffffff
pipe 32 config bw 150Kbit/s

# EVERYBODY "UP ALL PORTS"
add queue 33 ip from 192.168.1.0/24 to any
add queue 33 ip from 66.255.6.0/24 to any
queue 33 config weight 1 pipe 33 mask src-ip 0xffffffff
pipe 33 config bw 100Kbit/s

# THIS SHOULD MAKE DHCP WORK? PS. IT DID.
add queue 250 ip from any to any
queue 250 config weight 1 pipe 250 mask src-ip 0xffffffff
pipe 250 config bw 10Kbit/s