Date: Mon, 11 Oct 2004 21:23:06 -0400 From: NetAdmin <daemon@foxchat.net> To: freebsd-questions@freebsd.org Subject: Re: dummynet Message-ID: <1097544186.27725.26.camel@foxdaemon.com> In-Reply-To: <416B29BC.6080108@wirewalk.org> References: <416B29BC.6080108@wirewalk.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-Hb7Wf+tOVJ99Dbv4l+Ga
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
This is what I have on one of my subnet IP's. Did it this way to keep
my kids from sucking up all the upstream from p2p clients and webcam
with their friends. There may be a better way to do it and I'm almost
sure there is, but this seems to do what I need it to do. Hope it
helps.
inwr2 =3D subnet IP/24 Example - 172.16.0.0/24
iif2 =3D inside interface nic Example - ed0
if [ -n "${natd_interface}" ]; then
${fwcmd} add 50 divert natd all from any to any via
${natd_interface}
${fwcmd} add 150 skipto 20000 ip from any to any bridged
${fwcmd} add 151 pipe 1 { tcp or udp } from ${inwr2} to any 80-65000
via ${iif2}
${fwcmd} pipe 1 config mask src-ip 0x000000ff bw 128Kbit/s queue
20Kbytes
${fwcmd} add 152 pipe 2 all from ${inwr2} to any out via ${iif2}
${fwcmd} pipe 2 config mask src-ip 0x000000ff bw 768Kbit/s queue
20Kbytes
${fwcmd} add 153 pipe 3 all from any to ${inwr2} in via ${iif2}
${fwcmd} pipe 3 config mask dst-ip 0x000000ff bw 1280Kbit/s queue
20Kbytes
#ipfw show
00151 112861 101818182 pipe 1 { tcp or udp } from 172.16.0.0/24 to
any dst-port 80-65000 via ed0
00152 4 1312 pipe 2 ip from 172.16.0.0/24 to
any out via ed0
00153 62 10299 pipe 3 ip from any to
172.16.0.0/24 in via ed0
On Mon, 2004-10-11 at 20:47, synrat wrote:
> Can someone tell me about a good way to troubleshoot pipes/queues or=20
> point me in the rigtt direction. I'm trying to restrict outgoing ftp=20
> traffic and create some pipes for VOIP. dummynet and pipe rules load=20
> fine ( and are in the kernel ) but seem to have no effect. I did read=20
> the manual pages 20 times over. I tried adding pipes before doing=20
> "config bw" on them, but that didn't make any difference.
> thanx a lot in advance.
>=20
> something like this :
>=20
> # APPLIES TO INCOMING PACKETS (DOWNLOADS)
>=20
> ${fwcmd} pipe 1 config bw 1300Kbit/s
> ${fwcmd} pipe 3 config bw 100Kbit/s
>=20
> ${fwcmd} queue 1 config weight 5 pipe 1
> ${fwcmd} add queue 1 ip from any to 192.168.1.4
> ${fwcmd} queue 2 config weight 5 pipe 1
> ${fwcmd} add queue 2 ip from any to 192.168.1.3
> ${fwcmd} queue 3 config weight 10 pipe 3
> ${fwcmd} add queue 3 udp from any to 192.168.1.2
>=20
> # APPLIES TO OUTGOING PACKETS (UPLOADS)
>=20
> ${fwcmd} pipe 2 config bw 1000Kbit/s
> ${fwcmd} pipe 4 config bw 100Kbit/s
>=20
> ${fwcmd} queue 4 config weight 5 pipe 2
> ${fwcmd} add queue 4 ip from 192.168.1.4 to any
> ${fwcmd} queue 5 config weight 5 pipe 2
> ${fwcmd} add queue 5 ip from 192.168.1.3 to any
> ${fwcmd} queue 6 config weight 10 pipe 4
> ${fwcmd} add queue 6 udp from 192.168.1.2 to any
>=20
> =09
> THIS IS FOR OUTGOING FTP=09
>=20
> ${fwcmd} add pipe 7 tcp from 216.254.116.226 21 to any out via=20
> ${oif}
> ${fwcmd} pipe 7 config bw 3Kbit/s
>=20
>=20
>=20
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o=
rg"
--=20
NetAdmin for the FoxChat.Net IRC Network.
The FoxSurfer Group
--=-Hb7Wf+tOVJ99Dbv4l+Ga
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)
iD8DBQBBazH6NirmlL8R/7sRAh4dAJwMJCOID0DlRpochKmfExhUMPhANACfULqz
QJSk4JTcDN5NVRhFgjUK/24=
=TGbn
-----END PGP SIGNATURE-----
--=-Hb7Wf+tOVJ99Dbv4l+Ga--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1097544186.27725.26.camel>