From owner-freebsd-ipfw@FreeBSD.ORG Mon Jun 16 08:56:36 2003 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F2C337B401 for ; Mon, 16 Jun 2003 08:56:36 -0700 (PDT) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id EF42243F93 for ; Mon, 16 Jun 2003 08:56:35 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.8p1/8.12.3) with ESMTP id h5GFuCQg034038; Mon, 16 Jun 2003 08:56:12 -0700 (PDT) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.8p1/8.12.3/Submit) id h5GFuCrc034037; Mon, 16 Jun 2003 08:56:12 -0700 (PDT) (envelope-from rizzo) Date: Mon, 16 Jun 2003 08:56:12 -0700 From: Luigi Rizzo To: Sean Hafeez Message-ID: <20030616085612.C33619@xorpc.icir.org> References: <3EEDE099.9080603@edgefocus.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3EEDE099.9080603@edgefocus.com>; from sahafeez@edgefocus.com on Mon, Jun 16, 2003 at 08:22:01AM -0700 cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw, dummynet and a large subnet to shape X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Jun 2003 15:56:36 -0000 you need to do pass packets through the pipe before the 'divert' from outgoing traffic, and _after_ the divert for incoming. cheers luigi On Mon, Jun 16, 2003 at 08:22:01AM -0700, Sean Hafeez wrote: > i have been reading thru all the links on google and the man pages and > facts and have come to realize that the information is quite - not > right. > > here is what i need to do: > > i have a network - 10.0.0.0/22 that is nat'd. the external interface > is rl0 and the internal is rl1. i want everyone shaped to 1024kbits/s. > when i say everyone i mean each unique user (ie, 10.0.0.23 or > 10.0.1.77 or 10.0.2.32) to be limited to a total of 1024kbits/s down > and up. > > here is what i got. > > ipfw -f flush > /sbin/natd -interface rl0 > ipfw add 999 divert natd all from any to any via rl0 > ipfw add pipe 1 ip from any to any in via rl1 > ipfw add pipe 2 ip from any to any in via rl0 > ipfw pipe 1 config mask src-ip 0xffffffff bw 1024kbits/s > ipfw pipe 2 config mask dst-ip 0xffffffff bw 1024kbits/s > > i have add: > > net.inet.ip.fw.one_pass=0 > net.inet.ip.dummynet.hash_size=256 > net.inet.ip.dummynet.max_chain_len=64 > > to sysctl.conf. > > does not seem to be working right. have i got this wrong? > > thanks! > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"