From owner-freebsd-questions@FreeBSD.ORG Wed Jan 27 16:40:59 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 57FA41065696 for ; Wed, 27 Jan 2010 16:40:59 +0000 (UTC) (envelope-from kes-kes@yandex.ru) Received: from forward14.mail.yandex.net (forward14.mail.yandex.net [95.108.130.92]) by mx1.freebsd.org (Postfix) with ESMTP id F2D258FC19 for ; Wed, 27 Jan 2010 16:40:58 +0000 (UTC) Received: from smtp15.mail.yandex.net (smtp15.mail.yandex.net [95.108.130.69]) by forward14.mail.yandex.net (Yandex) with ESMTP id 0AFC9268078A; Wed, 27 Jan 2010 19:40:52 +0300 (MSK) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1264610457; bh=VaJQcz3wi8dzlvOOXcf6PR4kcoELuaoMky7n4nrNayo=; h=Date:From:Reply-To:Message-ID:To:CC:Subject:In-Reply-To: References:MIME-Version:Content-Type:Content-Transfer-Encoding; b=RzW6tMLZRIkl53PJC2SqW3KDOF+fve+1VrRdE5vz4ifbPNPreQzYH+oDaUrbpHnbp YdqxxrURM7SAHkvlToWporZuAXYrR+A6Z4QVCjHGuCMq14o3vZmnDB7QlkKQgIYy9X dId21kLY5/kziMhDPDnrUkb1NfsncsqYfZTVwm2k= Received: from HOMEUSER (unknown [77.93.42.18]) by smtp15.mail.yandex.net (Yandex) with ESMTPA id 5F99D4E280A1; Wed, 27 Jan 2010 19:40:44 +0300 (MSK) X-Nat-Received: from [192.168.9.5]:3144 [ident-empty] by SPAM FILTER: with TPROXY id 1264611160.52460 abuse-to kes-kes@yandex.ru Date: Wed, 27 Jan 2010 18:40:45 +0200 From: =?windows-1251?B?yu7t/Oru4iDF4uPl7ejp?= X-Mailer: The Bat! (v4.0.24) Professional Organization: =?windows-1251?B?188gyu7t/Oru4iwgRnJlZUxpbmU=?= X-Priority: 3 (Normal) Message-ID: <181688930.20100127184045@yandex.ru> To: Martin Schweizer In-Reply-To: <20100127045446.GG28438@saturn.pcs.ms> References: <20100127045446.GG28438@saturn.pcs.ms> MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1251 Content-Transfer-Encoding: 8bit X-Yandex-TimeMark: 1264610452 X-Yandex-Spam: 1 X-Yandex-Front: smtp15.mail.yandex.net Cc: Martin Schweizer , freebsd-questions@freebsd.org Subject: Re: ipfw: limit bandwidth X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: =?windows-1251?B?yu7t/Oru4iDF4uPl7ejp?= List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jan 2010 16:40:59 -0000 Hello, Martin. First of all you must decide you want your shaper rule act as allow rule or not: kes# sysctl -a | grep one_pass net.inet.ip.fw.one_pass: 0 or 1 man ipfw pipe pipe_nr Pass packet to a dummynet(4) ``pipe'' (for bandwidth limitation, delay, etc.). See the TRAFFIC SHAPER (DUMMYNET) CONFIGURATION Section for further information. The search terminates; however, on exit from the pipe and if the sysctl(8) variable net.inet.ip.fw.one_pass is not set, the packet is passed again to the firewall code starting from the next rule. Second you do not need to put packet to pipe and to queue at same time. use pipe to just limit rate or use queue to limit rate and process groups of packets in round robin manner. packets are grouped my mask pipe is like this: http://www.mikrotik.com/testdocs/ros/2.9/img/queue_fifo.jpg queue is like this: http://www.mikrotik.com/testdocs/ros/2.9/img/queue_pcq.jpg some doc: http://kes.net.ua/softdev/advanced_firewall.html translated by google: http://translate.google.com/translate?js=y&prev=_t&hl=ru&ie=UTF-8&layout=2&eotf=1&swap=1&u=http%3A%2F%2Fkes.net.ua%2Fsoftdev%2Fadvanced_firewall.html&sl=ru&tl=en MS> Hello MS> I use FreeBSD 7.2 on a amd64. I want to limit the bandwidth thru MS> this machine. Here is the relevante part of /etc/rc.firewall MS> [snip] MS> $ipfwcmd pipe 1 config bw 80kByte/s MS> $ipfwcmd add pipe 1 ip from any to 192.168.10.0/24{100-254} via em1 MS> $ipfwcmd queue 1 config pipe 1 weight 1 mask dst-ip 0xffffffff MS> $ipfwcmd add queue 1 all from any to 192.168.10.0/24{100-254} via em1 MS> [snip] MS> I generate this from different sources but it seems that it is not working. What do I'm wrong? MS> Here the part from ipfw show: MS> 00100 0 0 check-state MS> 00200 24327 1497881 pipe 1 ip from any to 192.168.10.0/24{100-254} via em1 MS> 00300 0 0 queue 1 ip from any to 192.168.10.0/24{100-254} via em1 MS> [snip] MS> Regards, -- С уважением, Коньков mailto:kes-kes@yandex.ru