Site Navigation

Date:      Mon, 7 May 2001 16:45:48 -0400 (EDT)
From:      Momma Bear Trish <trish@listmistress.org>
To:        Luigi Rizzo <luigi@info.iet.unipi.it>
Cc:        freebsd-ipfw@FreeBSD.ORG
Subject:   Re: dummynet issues
Message-ID:  <Pine.BSO.4.21.0105071511520.21937-100000@superconductor.rush.net>
In-Reply-To: <200105071908.VAA01496@info.iet.unipi.it>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

On Mon, 7 May 2001, Luigi Rizzo wrote:

> there are many things which can go wrong. A common mistake is to
> push all traffic from a bridged segment into a dummynet pipe,
> with the result that all the background traffi saturates your
> pipe and gives the symptoms you mention.
> 
> To tell more i'd have to know a bit more on how you use the firewall
> (is this a bridge or router), your config, your pipe
> setting, and last not least the FreeBSD version you are using
> (there are known bugs with some).


Its a bridge, right after the router in ingress

I;ve tried it different ways, but always 

07000 102154250 105301608403 pipe 1 ip from 64.28.67.0/24 to any
07001  81785362   6862740312 pipe 2 ip from any to 64.28.67.0/24

either before or after other rules.

(so the rule number changes)

the pipes are configured at 80Mbit/s out and 25Mbit/s in (its also a
100Mbit full-duplex line, but we're limiting per cost)

ipfw pipe 1 config bw 80Mbit/s delay 2ms

ipfw pipe 2 config bw 25Mbit/s delay 2s

kernel config has these lines in it:

options         HZ=20
options         DUMMYNET
options         BRIDGE
options 	NMBCLUSTERS=10240
options         IPFIREWALL              #firewall
options         IPFIREWALL_VERBOSE      #print information about
                                        # dropped packets
options         IPFIREWALL_FORWARD      #enable transparent proxy support
options         IPFIREWALL_VERBOSE_LIMIT=100    #limit verbosity
options         IPFIREWALL_DEFAULT_TO_ACCEPT    #allow everything by
default
options         IPV6FIREWALL            #firewall for IPv6
options         IPV6FIREWALL_VERBOSE
options         IPV6FIREWALL_VERBOSE_LIMIT=100
options         IPV6FIREWALL_DEFAULT_TO_ACCEPT
options         IPDIVERT                #divert sockets
options         TCPDEBUG


version:

firewall# uname -a
FreeBSD firewall.andover.net 4.2-STABLE FreeBSD 4.2-STABLE #7: Mon Feb 12
08:20:09 EST 2001
root@firewall.andover.net:/usr/src/sys/compile/FIREWALL  i386


-trish

__

Trish Lynch		
FreeBSD - The Power to Serve 			trish@bsdunix.net
New England Area BSD Users Group		trish@neabug.org
Listar Core Committee				www.listar.org
List Mistress BDSM Community List Project    	trish@listmistress.org
MommaBear @ IRC		AilleCat @ Slashdot	MommaBearTrish @ AIM
              http://www.advogato.com/person/AilleCat/
---

	"Through the darkness, I would walk the streets,
	 Confessions never seemed to provide me with a release,
	 Held me down and tried to cure me, tried to give me reason,
	 But nothing could separate this burdened mind from me,
	 Here and now, I feel that I'm embracing freedom,
	 Even though I may be alone, but thats ok."
		-Delerium with Joanna Stevens (Solar Twins), 
			"A Poem for Byzantium"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSO.4.21.0105071511520.21937-100000>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact