From owner-freebsd-ipfw@FreeBSD.ORG Mon Jun 16 08:22:02 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CBE9737B401 for ; Mon, 16 Jun 2003 08:22:02 -0700 (PDT) Received: from goliath.cnchost.com (goliath.cnchost.com [207.155.252.47]) by mx1.FreeBSD.org (Postfix) with ESMTP id 35A0B43FE9 for ; Mon, 16 Jun 2003 08:22:02 -0700 (PDT) (envelope-from sahafeez@edgefocus.com) Received: from edgefocus.com ([12.106.69.222]) by goliath.cnchost.com id LAA03069; Mon, 16 Jun 2003 11:22:01 -0400 (EDT) [ConcentricHost SMTP Relay 1.15] Errors-To: Message-ID: <3EEDE099.9080603@edgefocus.com> Date: Mon, 16 Jun 2003 08:22:01 -0700 From: Sean Hafeez Organization: EdgeFocus, Inc. User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.2) Gecko/20030208 Netscape/7.02 X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: ipfw, dummynet and a large subnet to shape X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: sahafeez@edgefocus.com List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jun 2003 15:22:03 -0000 i have been reading thru all the links on google and the man pages and facts and have come to realize that the information is quite - not right. here is what i need to do: i have a network - 10.0.0.0/22 that is nat'd. the external interface is rl0 and the internal is rl1. i want everyone shaped to 1024kbits/s. when i say everyone i mean each unique user (ie, 10.0.0.23 or 10.0.1.77 or 10.0.2.32) to be limited to a total of 1024kbits/s down and up. here is what i got. ipfw -f flush /sbin/natd -interface rl0 ipfw add 999 divert natd all from any to any via rl0 ipfw add pipe 1 ip from any to any in via rl1 ipfw add pipe 2 ip from any to any in via rl0 ipfw pipe 1 config mask src-ip 0xffffffff bw 1024kbits/s ipfw pipe 2 config mask dst-ip 0xffffffff bw 1024kbits/s i have add: net.inet.ip.fw.one_pass=0 net.inet.ip.dummynet.hash_size=256 net.inet.ip.dummynet.max_chain_len=64 to sysctl.conf. does not seem to be working right. have i got this wrong? thanks!