Date: Sat, 11 Oct 2003 12:34:15 +0300 From: Nikolay Pavlov <temp@roks.biz> To: freebsd-ipfw@freebsd.org Subject: Sequence of dummynet rules whith net.inet.ip.fw.one_pass: 0 Message-ID: <6312716335.20031011123415@roks.biz>
next in thread | raw e-mail | index | archive | help
Hi, folks.
When I started to configure ipfw1 dummynet rules with net.inet.ip.fw.one_pass: 0
(my rule set is rather big and detailed, so I don't wont to reconfigure it),
I have faced a problem with rule that describe "any other traffic" and have the lowest priority.
I cannot place this rule after all others, like with net.inet.ip.fw.one_pass: 1, but where?
Maybe in front of dummynet rule set (I think that, it will call some duplication and increase delays)?
Could I use skipto construction something like this:
${fwcmd} add 1350 ...some queue... skipto 1400
${fwcmd} add 1355 ...some queue... skipto 1400
${fwcmd} add 1355 ...some queue... skipto 1400
..... [snip] .....
${fwcmd} add 1395 queue 100 ip from any to any via ${oif}
where 1395 is the last dummynet rule and queue 100 config weight 1 pipe1
And the last one, what will be if I'll not specially establish this rule,
is it means that "any other traffic" will have the lowest priority by default?
Here my rc.firewall:
==============================================================================================
# Let's configure some pipes and queues. Full-duplex configuration.
${fwcmd} pipe 1 config bw 32Kbit/s queue 6KBytes
${fwcmd} pipe 2 config bw 32Kbit/s queue 6KBytes
${fwcmd} queue 11 config weight 50 pipe 1
${fwcmd} queue 12 config weight 50 pipe 2
${fwcmd} queue 21 config weight 30 pipe 1
${fwcmd} queue 22 config weight 30 pipe 2
${fwcmd} queue 101 config weight 1 pipe 1
${fwcmd} queue 102 config weight 1 pipe 2
# Ok. Let's start traffic shaper. NOTE: sysctl variable net.inet.ip.fw.one_pass is set to 0
# and don't forget about NATd
# Interactive traffic ICQ, IRC, FTP-Commands, SSH
${fwcmd} add 1350 queue 11 ip from 192.168.100.0/24 to any 6667,5190,21,22 out xmit ${oif}
${fwcmd} add 1355 queue 12 ip from any 6667,5190,21,22 to me in recv ${oif}
${fwcmd} add 1360 queue 11 ip from me to any 6667,5190,21,22 out xmit ${oif}
# My SSH daemon. Uncomment this and configure sshd.conf to listen on oif, when not at home :-)
#${fwcmd} add 1365 queue 11 ip from me 22 to any out xmit ${oif}
#${fwcmd} add 1370 queue 12 ip from any to me 22 in recv ${oif}
# WWW traffic, parent SQUID, ICP.
${fwcmd} add 1375 queue 21 ip from me to any 80,3128,3130 out xmit ${oif}
${fwcmd} add 1380 queue 22 ip from any 80,3128,3130 to me in recv ${oif}
# DNS requests and responses. UDP only
${fwcmd} add 1385 queue 21 udp from 192.168.100.0/24 to any 53 out xmit ${oif}
${fwcmd} add 1390 queue 22 udp from any 53 to me in recv ${oif}
${fwcmd} add 1395 queue 21 udp from me to any 53 out xmit ${oif}
# Any other traffic
#${fwcmd} add queue 101 ip from any to any out xmit ${oif}
#${fwcmd} add queue 102 ip from any to any in recv ${oif}
===============================================================================================
Note, please, that it is working server and I cannot be near the console, therefore so much questions :)
P.S Please CC me, because I am in digest mode. Sorry for my English.
Thanks, Nikolay.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6312716335.20031011123415>