From owner-freebsd-net Wed Mar 24 2:21:44 1999 Delivered-To: freebsd-net@freebsd.org Received: from labinfo.iet.unipi.it (labinfo.iet.unipi.it [131.114.9.5]) by hub.freebsd.org (Postfix) with SMTP id BF635150F6 for ; Wed, 24 Mar 1999 02:19:29 -0800 (PST) (envelope-from luigi@labinfo.iet.unipi.it) Received: from localhost (luigi@localhost) by labinfo.iet.unipi.it (8.6.5/8.6.5) id JAA09727; Wed, 24 Mar 1999 09:04:36 +0100 From: Luigi Rizzo Message-Id: <199903240804.JAA09727@labinfo.iet.unipi.it> Subject: Re: Bridge and dummynet To: mbretter@sbox.tu-graz.ac.at (Michael Bretterklieber) Date: Wed, 24 Mar 1999 09:04:36 +0100 (MET) Cc: freebsd-net@FreeBSD.ORG In-Reply-To: <99032411090200.05750@babsi.tu-graz.ac.at> from "Michael Bretterklieber" at Mar 24, 99 10:51:51 am X-Mailer: ELM [version 2.4 PL23] Content-Type: text Content-Length: 2920 Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Hi, > > I have the following scenario: > > PC1:192.168.0.238 PC2:192.168.0.96 > |---------| Bridge, FBSD3.1 |---------| > | | |-------------------| | | > | xl0|------|ed1 ed0|-------| | > | | |-------------------| | | > |---------| |---------| > > The bridge works with the patch /sys/i386/isa/if_ed.c Version 1.150. > Now I'd like to limit the transferrate down to 64KBit/s between PC1 and PC2. > Here are my rules: > > 00020 0 0 pipe 20 ip from 192.168.0.238 to any out xmit ed0 > 00021 8 712 pipe 21 ip from 192.168.0.238 to any out xmit ed1 > 00022 0 0 pipe 22 ip from any to 192.168.0.238 out xmit ed1 > 00023 11 600 pipe 23 ip from any to 192.168.0.238 out xmit ed0 > 00150 0 0 allow ip from any to any via lo0 > 00200 0 0 deny ip from any to 127.0.0.0/8 > 00300 405 23772 allow ip from any to any out xmit ed0 > 00400 56 6149 allow ip from any to any in recv ed0 > 00500 262 42583 allow ip from any to any out xmit ed1 > 00600 73 5263 allow ip from any to any in recv ed1 > 65535 31 0 allow ip from any to any > > I configuered the pipes with: > ipfw pipe 20 config bw 64KBits/s > ipfw pipe 21 config bw 64KBits/s > ipfw pipe 22 config bw 64KBits/s > ipfw pipe 23 config bw 64KBits/s > > Result: > The connect between PC1 and PC2 broke up, on the bridge I got > the kernel message: "dummynet: bad switch 3!" hmmmm there is probably a missing #include "opt_bdg.h" in the beginning of ip_dummynet.c near the #ifdef BRIDGE section > I deleted the pipes and everything was ok. > > I was wondering why no packets passed rule 20 and 22. two reasons: 1) you also have to update sys/net/bridge.c and sys/netinet/ip_fw.c and (probably) sys/netinet/ip_dummynet.c 2) the 'out' specifier in ipfw rules does not work with briding cannot work because the bridging code does not know which output interface will be used (it could be sent to all). You can only do selection basing on input interface or better just on addresses -- the firewall will act only once on bridged packets instead of the two times with routed pkts. cheers luigi > The firewall-verbose-logformat changed between 3.0 and 3.1, > no ports are displayed, only source and destination-ip are > printed out?! > > Thanx, > -- > \|/ > @ @ > +---------------------------oOO-(_)-OOo---------------------------+ > Michael Bretterklieber > Office: Michael.Bretterklieber@gamed.com > Privat: mbretter@sbox.tu-graz.ac.at > URL: http://www.sbox.tu-graz.ac.at/home/m/mbretter/ > +-----------------------------------------------------------------+ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message