From owner-freebsd-ipfw@FreeBSD.ORG Thu Sep 21 18:27:18 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F1CD16A407 for ; Thu, 21 Sep 2006 18:27:18 +0000 (UTC) (envelope-from budiyt@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.186]) by mx1.FreeBSD.org (Postfix) with ESMTP id D7FD743D55 for ; Thu, 21 Sep 2006 18:27:17 +0000 (GMT) (envelope-from budiyt@gmail.com) Received: by nf-out-0910.google.com with SMTP id n29so1045493nfc for ; Thu, 21 Sep 2006 11:27:16 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=UIE0hGDKG9i7ZkPjfnJ1JoG4CwZqg/T1A3NQ6hfW3KWrPIQ3K6r31Hvbn65V0oPTJdgdYVYXDJpLEczJRIP5+epRtTkfbyLFGMvsrSHXEtLJynFKyJLhmEprrAoAziY6Y6AC4nMKj6DM4egTK3LdC32XmM2hNIf+gWeEyAPHdAo= Received: by 10.48.48.15 with SMTP id v15mr959052nfv; Thu, 21 Sep 2006 11:27:16 -0700 (PDT) Received: by 10.49.27.3 with HTTP; Thu, 21 Sep 2006 11:27:16 -0700 (PDT) Message-ID: <4d4dc3640609211127u5fa2d843j58cb989a229d7b4b@mail.gmail.com> Date: Fri, 22 Sep 2006 01:27:16 +0700 From: budsz To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Help about dynamic rule Dummynet X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Sep 2006 18:27:18 -0000 Hi, I've old problem with dynamic rule dummynet. I've internet cafe and of couse they could using download accelerator for download large file from HTTP/FTP server. In this case they use Freshget or something like that. In /etc/rc.firewall I have rule like: # Downstream for client ipcl="192.168.0.0/24{1,10,11,12,13,14,50}" bwdown="68Kbit/s" ${fwcmd} add 52 queue 1 ip from any to ${ipcl} out via ${ifint} ${fwcmd} queue 1 config weight 5 pipe 2 mask dst-ip 0x000000ff ${fwcmd} pipe 2 config bw ${bwdown} # Upstream for client bwup="36Kbit/s" ${fwcmd} add 53 queue 2 ip from ${ipcl} to any in via ${ifint} ${fwcmd} queue 2 config weight 5 pipe 3 mask src-ip 0x000000ff ${fwcmd} pipe 3 config bw ${bwup} My LAN using private ip address block C (192.168.0.0/24), my client's ip address 192.168.0.1, 192.168.0.10 - 192.168.0.14, ${ifint} is inside interface, also I use 4.10-STABLE FreeBSD. This illustration with output iftop: www.yahoo.com <=> client10.example.com 1.91Kb 1.93Kb 1.82Kb www.hotmail.com <=> client11.example.com 1.90Kb 1.91Kb 1.80Kb www.friendster.com <=> client12.example.com 1.50Kb 1.52Kb 1.51Kb www.geocities.com <=> client13.example.com 1.60Kb 1.64Kb 1.61Kb www.geocities.com <=> client14.example.com 1.54Kb 1.57Kb 1.53Kb ftp.freebsd.org <=> client01.example.com 10.92Kb 10.90Kb 10.89Kb ftp.freebsd.org <=> client01.example.com 11.87Kb 11.91Kb 11.90Kb ftp.freebsd.org <=> client01.example.com 12.88Kb 12.91Kb 12.89Kb ftp.freebsd.org <=> client01.example.com 10.70Kb 10.72Kb 10.71Kb ftp.freebsd.org <=> client01.example.com 10.75Kb 10.78Kb 10.77Kb If 192.168.0.1 using accelerator to download large file and splited to 5 file simultantly, the client's (192.168.0.10 - 192.168.0.14) will exhausted bandwidht. How to resolve this problem, any suggestion? TIA -- budsz