Date: Fri, 9 Jul 2004 10:16:33 -0300 From: "Pedro Paulo de Magalhaes Oliveira Junior" <ppj@netfilter.com.br> To: <freebsd-ipfw@freebsd.org> Subject: RE: freebsd-ipfw Digest, Vol 67, Issue 3 Message-ID: <20040709131620.56858575E3@hearts.netfilter.com.br>
next in thread | raw e-mail | index | archive | help
Sorry for the wrong message... -----Original Message----- From: Pedro Paulo de Magalhaes Oliveira Junior = [mailto:ppj@netfilter.com.br] Sent: sexta-feira, 9 de julho de 2004 10:16 To: 'freebsd-ipfw@freebsd.org' Subject: RE: freebsd-ipfw Digest, Vol 67, Issue 3 No kit de adm precisa pedir ao Z=E9 para colocar um fazedor de blacklist = local e whitelist local -----Original Message----- From: owner-freebsd-ipfw@freebsd.org = [mailto:owner-freebsd-ipfw@freebsd.org] On Behalf Of freebsd-ipfw-request@freebsd.org Sent: sexta-feira, 9 de julho de 2004 09:01 To: freebsd-ipfw@freebsd.org Subject: freebsd-ipfw Digest, Vol 67, Issue 3 Send freebsd-ipfw mailing list submissions to freebsd-ipfw@freebsd.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw or, via email, send a message with subject or body 'help' to freebsd-ipfw-request@freebsd.org You can reach the person managing the list at freebsd-ipfw-owner@freebsd.org When replying, please edit your Subject line so it is more specific than "Re: Contents of freebsd-ipfw digest..." Today's Topics: 1. Dummynet Queue Weighting (Thomas S. Crum - 1WISP, Inc.) 2. Blackhole issues when booting into a wm. (Chris) 3. Re: Dummynet Queue Weighting (Louis A. Mamakos) 4. Re: Turning off submission (587) port (Thomas Wolf) 5. Strings (Pedro Paulo Jr) 6. Re: Strings (Darcy Buskermolen) 7. Re: Dummynet Queue Weighting (Ian FREISLICH) 8. Re: Blackhole issues when booting into a wm. (Ian FREISLICH) 9. Re: Dummynet Queue Weighting (Luigi Rizzo) ---------------------------------------------------------------------- Message: 1 Date: Thu, 8 Jul 2004 11:36:59 -0400 From: "Thomas S. Crum - 1WISP, Inc." <tscrum@1wisp.com> Subject: Dummynet Queue Weighting To: "'FreeBSD IPFW'" <freebsd-ipfw@freebsd.org> Message-ID: <002601c46501$904a7d30$0200a8c0@wolf> Content-Type: text/plain; charset=3D"us-ascii" # SAMPLE CONFIG ipfw queue 1 ip from A to B ipfw queue 1 config weight 10 pipe 1 ipfw queue 2 ip from C to D ipfw queue 2 config weight 5 pipe 1 ipfw queue 3 ip from E to F ipfw queue 3 config weight 1 pipe 1 ipfw pipe 1 config bw 1000Kbit/s Question? When setting up queues as I have done above with different weights they = (the queues) will share the assigned pipe proportionate to their weight. For example if you had traffic on all three queues, the A&B(1), C&D(2), = and E&F(3); they would get 10/16, 5/16, and 1/16 of the pipe, respectively. But, what if A&B(1) had no traffic? It is my understanding that queue 2 = and 3 would still only get 5/16 and 1/16 of the pipe regardless. In this example, 3/8 or 375Kb/s total. Or would 2 and 3 share the whole pipe if queue 1 is inactive, which would make my questions moot? What I am trying to accomplish here is to give a greater amount of = bandwidth between 2 ip's when they are active. But they are hardly ever active = and therefore I want the rest of the network to use the whole pipe until = they become active. Any comments and particularly suggestions are appreciated. If I'm = entirely wrong with my presumptions mention that too. :) Best, =20 Thomas S. Crum Senior Technical Associate tscrum@aaawebsolution.com Toll-free: (800) 834-0626 =20 AAA Web Solution, Inc. 11924 W Forest Hill Boulevard Building 22 - Mailstop 200 Wellington, FL 33414 USA =20 Providing full-service website design, maintenance, hosting, and = marketing. No task is too small or enterprise too large for us to help you! =20 -------------------------------------------------------------------------= --- ------------------------------ Message: 2 Date: Thu, 8 Jul 2004 10:57:11 -0500 From: Chris <racerx@makeworld.com> Subject: Blackhole issues when booting into a wm. To: FreeBSD IPFW <freebsd-ipfw@freebsd.org> Message-ID: <200407081057.11657.racerx@makeworld.com> Content-Type: text/plain; charset=3D"us-ascii" Can someone explain to me why when I add blackhole to my sysctl file, booting=20 into a wm is slow as hell? As expected, when I comment out the tcp and = udp=20 blackhole lines, the system responds as normal. Some info -=20 AMD 1.6 FBSD 5.2.1-RELEASE-p9 and FBSD 4.10 --=20 Best regards, Chris --=20 This message has been scanned for viruses and dangerous=20 content by MailScanner, and is believed to be clean. ClamAV virus dat updated: Thu Jul 8 2004 at 03:02:52 daily.cvd updated (version: 398, sigs: 758, f-level: 2, builder: tomek) ------------------------------ Message: 3 Date: Thu, 08 Jul 2004 14:48:53 -0400 From: "Louis A. Mamakos" <louie@TransSys.COM> Subject: Re: Dummynet Queue Weighting=20 To: "Thomas S. Crum - 1WISP, Inc." <tscrum@1wisp.com> Cc: 'FreeBSD IPFW' <freebsd-ipfw@freebsd.org> Message-ID: <20040708184853.7B9BB20F72@whizzo.transsys.com> Content-Type: text/plain; charset=3Dus-ascii > # SAMPLE CONFIG > ipfw queue 1 ip from A to B > ipfw queue 1 config weight 10 pipe 1 > ipfw queue 2 ip from C to D > ipfw queue 2 config weight 5 pipe 1 > ipfw queue 3 ip from E to F > ipfw queue 3 config weight 1 pipe 1 > ipfw pipe 1 config bw 1000Kbit/s >=20 > Question? >=20 > When setting up queues as I have done above with different weights = they (the > queues) will share the assigned pipe proportionate to their weight. >=20 > For example if you had traffic on all three queues, the A&B(1), = C&D(2), and > E&F(3); they would get 10/16, 5/16, and 1/16 of the pipe, = respectively. >=20 > But, what if A&B(1) had no traffic? It is my understanding that queue = 2 and > 3 would still only get 5/16 and 1/16 of the pipe regardless. In this > example, 3/8 or 375Kb/s total. Or would 2 and 3 share the whole pipe = if > queue 1 is inactive, which would make my questions moot? I use a similar configuration to prioritize VoIP traffic on my "upstream" network connection. I create a pipe with the bandwidth sized to the actual capacity of the network link and the multiple queues just as you did. =20 The answer to your question is that idle queue do not consume capacity on the pipe they are associated with. I have queue with weights 100 (for VoIP), 20 (for interactive SSH, NTP) and 1 (everything else) and the "everything else" traffic can use the full capacity of the pipe with the other queues are idle. louie ------------------------------ Message: 4 Date: Thu, 8 Jul 2004 21:12:15 -0000 From: Thomas Wolf <tw@wsf.at> Subject: Re: Turning off submission (587) port To: Gregory Neil Shapiro <gshapiro@freebsd.org>, Thomas Wolf <tw@wsf.at> Cc: FreeBSD IPFW <freebsd-ipfw@freebsd.org> Message-ID: <20040708231215.fsp0rn91py8gw0@.mailhost.wsf.at> Content-Type: text/plain; charset=3Dus-ascii Gregory Neil Shapiro <gshapiro@freebsd.org> schrieb: > > AFAIK, it is sufficient to edit /etc/mail/sendmail.cf and > > comment or delete the follwoing line: > > O DaemonPortOptions=3DPort=3D587, Name=3DMSA, M=3DE > > and restart sendmail afterwards. >=20 > Hand editing the sendmail.cf is a bad idea. You're right. Bad habit. Sorry for advising this. Thomas -- Thomas Wolf Wiener Software Fabrik Dubas u. Wolf GMBH 1050 Wien, Mittersteig 4 ------------------------------ Message: 5 Date: Thu, 8 Jul 2004 18:47:00 -0300 From: "Pedro Paulo Jr" <ppj@netfilter.com.br> Subject: Strings To: <freebsd-ipfw@freebsd.org> Message-ID: <002501c46535$19890a20$2c1906c9@vilapnq0uu055v> Content-Type: text/plain; charset=3D"iso-8859-1" Sorry for another post ... I was planning to use freebsd to avoid P2P in my network. The problem is that every gpl solution for this uses de string module of iptables. There are something similar in IPFW? Thanks in advance, Pedro Paulo Jr ------------------------------ Message: 6 Date: Thu, 8 Jul 2004 16:22:24 -0700 From: Darcy Buskermolen <darcy@wavefire.com> Subject: Re: Strings To: freebsd-ipfw@freebsd.org Message-ID: <200407081622.24343.darcy@wavefire.com> Content-Type: text/plain; charset=3D"iso-8859-1" On July 8, 2004 02:47 pm, Pedro Paulo Jr wrote: > Sorry for another post ... > > I was planning to use freebsd to avoid P2P in my network. The problem = is > that every gpl solution for this uses de string module of iptables. > > There are something similar in IPFW? ipfw is not a content firewall, if you are looking to do that perhaps = you=20 should look at something like hogwash. (based of the same code as snort) > > Thanks in advance, > > Pedro Paulo Jr > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to = "freebsd-ipfw-unsubscribe@freebsd.org" --=20 Darcy Buskermolen Wavefire Technologies Corp. ph: 250.717.0200 fx: 250.763.1759 http://www.wavefire.com ------------------------------ Message: 7 Date: Fri, 09 Jul 2004 10:19:17 +0200 From: Ian FREISLICH <if@hetzner.co.za> Subject: Re: Dummynet Queue Weighting=20 To: "Louis A. Mamakos" <louie@TransSys.COM> Cc: 'FreeBSD IPFW' <freebsd-ipfw@freebsd.org> Message-ID: <E1BiqbF-000DWn-00@hetzner.co.za> > > # SAMPLE CONFIG > > ipfw queue 1 ip from A to B > > ipfw queue 1 config weight 10 pipe 1 > > ipfw queue 2 ip from C to D > > ipfw queue 2 config weight 5 pipe 1 > > ipfw queue 3 ip from E to F > > ipfw queue 3 config weight 1 pipe 1 > > ipfw pipe 1 config bw 1000Kbit/s > > > > Question? > > > > When setting up queues as I have done above with different weights > > they (the queues) will share the assigned pipe proportionate to > > their weight. > > > > For example if you had traffic on all three queues, the A&B(1), > > C&D(2), and E&F(3); they would get 10/16, 5/16, and 1/16 of the > > pipe, respectively. > > > > But, what if A&B(1) had no traffic? It is my understanding that > > queue 2 and 3 would still only get 5/16 and 1/16 of the pipe > > regardless. In this example, 3/8 or 375Kb/s total. Or would 2 and > > 3 share the whole pipe if queue 1 is inactive, which would make my > > questions moot? > > The answer to your question is that idle queue do not consume capacity > on the pipe they are associated with. I have queue with weights 100 > (for VoIP), 20 (for interactive SSH, NTP) and 1 (everything else) and > the "everything else" traffic can use the full capacity of the pipe > with the other queues are idle. This raises another question: how do the idle queues get shared? Using the above sample configuration, if queue 2 is idle, does the pipe get shared between queue 1 and queue 3 in proportions 10/11 and 1/11 respectively or 10/16 and 1/16 respectivly with the remaining 5/16 shared evenly between them? Ian -- Ian Freislich ------------------------------ Message: 8 Date: Fri, 09 Jul 2004 10:29:14 +0200 From: Ian FREISLICH <if@hetzner.co.za> Subject: Re: Blackhole issues when booting into a wm.=20 To: racerx@makeworld.com Cc: FreeBSD IPFW <freebsd-ipfw@freebsd.org> Message-ID: <E1Biqks-000DYs-00@hetzner.co.za> > Can someone explain to me why when I add blackhole to my sysctl file, booting > into a wm is slow as hell? As expected, when I comment out the tcp and = udp > blackhole lines, the system responds as normal. >=20 > Some info -=20 > AMD 1.6 > FBSD 5.2.1-RELEASE-p9 and FBSD 4.10 The window manager (at least mine does) may be trying to resolve your machine's IP address. If you don't have a resolver listening then with blackhole turned on, your WM won't get any icmp port unreachable messages back and it will have to wait until the query times out before continuing. Maybe it's not trying to resolve, but trying to connect to some port that doesn't have a listner. Either way, you can use tcpdump on your loopback device to figure out what's going on. If that's too complicated, try adding an entry in /etc/hosts for your IP address and host name and see if that fixes it. Ian -- Ian Freislich ------------------------------ Message: 9 Date: Fri, 9 Jul 2004 01:41:07 -0700 From: Luigi Rizzo <rizzo@icir.org> Subject: Re: Dummynet Queue Weighting To: Ian FREISLICH <if@hetzner.co.za> Cc: 'FreeBSD IPFW' <freebsd-ipfw@freebsd.org> Message-ID: <20040709014107.A35991@xorpc.icir.org> Content-Type: text/plain; charset=3Dus-ascii On Fri, Jul 09, 2004 at 10:19:17AM +0200, Ian FREISLICH wrote: ... > > > But, what if A&B(1) had no traffic? It is my understanding that > > > queue 2 and 3 would still only get 5/16 and 1/16 of the pipe > > > regardless. In this example, 3/8 or 375Kb/s total. Or would 2 and > > > 3 share the whole pipe if queue 1 is inactive, which would make my > > > questions moot? > > > > The answer to your question is that idle queue do not consume = capacity > > on the pipe they are associated with. I have queue with weights 100 > > (for VoIP), 20 (for interactive SSH, NTP) and 1 (everything else) = and > > the "everything else" traffic can use the full capacity of the pipe > > with the other queues are idle. >=20 > This raises another question: how do the idle queues get shared? the only thing that is shared is the total pipe's capacity, and it is shared by non-idle queues in proportion to their weights. That's as simple as that. No special cases. There is a copious literature on Proportional Share algorithms, if you google for WF2Q+ (which is the algorithm implemented in dummynet) you should come up with a lot of papers to answer your doubts. We are finishing up a tutorial paper on the topic for which i will post a URL in a week or two when it is ready. cheers luigi ------------------------------ _______________________________________________ freebsd-ipfw@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" End of freebsd-ipfw Digest, Vol 67, Issue 3 *******************************************
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040709131620.56858575E3>