From owner-freebsd-questions Mon Nov 6 12:37:33 2000 Delivered-To: freebsd-questions@freebsd.org Received: from relay2.inwind.it (relay2.inwind.it [212.141.53.73]) by hub.freebsd.org (Postfix) with ESMTP id 88D2137B479 for ; Mon, 6 Nov 2000 12:37:26 -0800 (PST) Received: from [62.98.37.70] (62.98.37.70) by relay2.inwind.it (5.1.046) id 3A01ADFF00133DE3 for freebsd-questions@freebsd.org; Mon, 6 Nov 2000 21:37:18 +0100 Received: (qmail 452 invoked by uid 1000); 6 Nov 2000 20:35:21 -0000 Date: Mon, 6 Nov 2000 21:35:21 +0100 From: Francesco Casadei To: freebsd-questions mailing list Subject: setting up dummynet for a PPP link Message-ID: <20001106213521.A310@goku.kasby> Mail-Followup-To: freebsd-questions mailing list Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="rwEMma7ioTxnRzrJ" Content-Disposition: inline User-Agent: Mutt/1.2.5i X-Operating-System: FreeBSD 4.1.1-STABLE i386 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --rwEMma7ioTxnRzrJ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline I have one FreeBSD box running kernel ppp, nat and ipfw. A friend of mine has another PC running Windows 2000 Professional. We share the same PPP link, using my PC as a gateway. I want to dynamically limit the bandwidth between the two boxes. What I want to do is to equally divide the bandwidth if and only if both PCs are using the link, i.e. if my friend is reading a web page (thus not consuming bandwidth) and I'm downloading a file, I want to use all the available bandwidth. Conversely, If both of us are transferring data each of us should have half bandwidth available. Having a V90 PPP link, I don't know the connection speed each time I connect to the Internet, so I can't use the bw parameter to config pipes. What I want to do is to define two pipes (one for input and one for output) without bandwidth limits and then use the mask parameter of the queue command to create four flows (input and output for each PC) with equal weight. Is this correct? The attachment contains the firewall rules I use. What solution do you suggest? Francesco Casadei --rwEMma7ioTxnRzrJ Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=fwrules #!/bin/sh # Firewall rules # Define the firewall command (as in /etc/rc.firewall) for easy reference. fwcmd="/sbin/ipfw" # Force a flushing of the current rules before we reload $fwcmd -f flush # Divert all packets through the network interface $fwcmd add divert natd all from any to any via ppp0 # Allow all data from localhost and my network card $fwcmd add allow ip from any to any via lo0 $fwcmd add allow ip from any to any via ed0 # Once connections are made, allow them to stay open $fwcmd add allow tcp from any to any via ppp0 established # Allow all connections that I initiate $fwcmd add allow tcp from any to any out xmit ppp0 setup # Allow DNS queries $fwcmd add allow udp from any to any 53 out xmit ppp0 $fwcmd add allow udp from any 53 to any in recv ppp0 # This sends a RESET to all ident packets $fwcmd add reset log tcp from any to any 113 in recv ppp0 # Allow data connection on port 6699 used by napster client (only download) #$fwcmd add allow tcp from any to any 6699 in recv ppp0 keep-state # Allow NTP queries out in the world $fwcmd add allow udp from any to any 123 out xmit ppp0 $fwcmd add allow udp from any 123 to any in recv ppp0 # Allow ICMP (for ping and traceroute to work) $fwcmd add allow icmp from any to any # Deny all the rest $fwcmd add 65435 deny log ip from any to any --rwEMma7ioTxnRzrJ-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message