From owner-freebsd-questions@FreeBSD.ORG Wed Apr 2 22:47:09 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 360A31065678 for ; Wed, 2 Apr 2008 22:47:09 +0000 (UTC) (envelope-from tedm@toybox.placo.com) Received: from mail.freebsd-corp-net-guide.com (mail.freebsd-corp-net-guide.com [65.75.192.90]) by mx1.freebsd.org (Postfix) with ESMTP id EEF178FC12 for ; Wed, 2 Apr 2008 22:47:08 +0000 (UTC) (envelope-from tedm@toybox.placo.com) Received: from TEDSDSK (nat-rtr.freebsd-corp-net-guide.com [65.75.197.130]) by mail.freebsd-corp-net-guide.com (8.13.8/8.13.8) with SMTP id m32Ml7Kd032199; Wed, 2 Apr 2008 15:47:08 -0700 (PDT) (envelope-from tedm@toybox.placo.com) From: "Ted Mittelstaedt" To: , Date: Wed, 2 Apr 2008 14:48:07 -0800 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1914 In-Reply-To: <20080402083804.42843bk8hlfa07y8@mail.top-consulting.net> Importance: Normal X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-3.0 (mail.freebsd-corp-net-guide.com [65.75.192.90]); Wed, 02 Apr 2008 15:47:08 -0700 (PDT) Cc: Subject: RE: FreeBSD Traffic Shaping X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Apr 2008 22:47:09 -0000 > -----Original Message----- > From: owner-freebsd-questions@freebsd.org > [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of > freebsd@top-consulting.net > Sent: Wednesday, April 02, 2008 4:38 AM > To: freebsd-questions@freebsd.org > Subject: RE: FreeBSD Traffic Shaping > > > I can now confirm that these two commands do exactly what I mentioned > originally. > > All outbound connections towards any host port 80 will have a maximum > bandwidth of 100Kbit/s individually ( output ) > > ipfw pipe 2 config mask all bw 100Kbit/s > ipfw add 10 pipe 2 tcp from localip to any 80 > > Problem solved :) > Are you sure about this? If your serving webpages, your listening on port 80 The tcp initiator uses a source port randomly chosen above 80 and a destination port on your host of 80 Your host responds with traffic with a source port of 80 and a destination port of the initiator's choosing. You don't want to limit destination port 80 traffic since your not sending it. I would suggest after deployment that you carefully look at your access lists and keep an eye on your utilization graphs to make sure it's doing what you think it's supposed to be doing. Ted