Date: Mon, 16 Jun 2003 09:23:57 -0700 From: Sean Hafeez <sahafeez@edgefocus.com> To: Ben Pfountz <netprince@vt.edu> Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw, dummynet and a large subnet to shape Message-ID: <3EEDEF1D.9080107@edgefocus.com> References: <3EEDE099.9080603@edgefocus.com> <001101c33420$37493bd0$6511a8c0@benspiece>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks. Just did that. I will see how it goes. I have one question: ipfw pipe show 0001: 1.024 Mbit/s 0 ms 50 sl. 29 queues (256 buckets) droptail mask: 0x00 0xffffffff/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 32 ip 10.0.128.16/0 0.0.0.0/0 14 924 0 0 0 64 ip 10.0.128.32/0 0.0.0.0/0 1 70 0 0 0 00002: 1.024 Mbit/s 0 ms 50 sl. 23 queues (256 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0xffffffff/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 17 ip 0.0.0.0/0 10.0.128.16/0 7 658 0 0 0 33 ip 0.0.0.0/0 10.0.128.32/0 1 147 0 0 0 35 ip 0.0.0.0/0 10.0.128.34/0 1 147 0 0 0 Sorry if it is hard to read - I just want to know why the IP's show up as 0.0.0.0/0 and does it matter? Is there any better docs on dummynet - the man page is not the best. I would be interested on seeing any work that anyone has does. Google does not really have alot of good stuff. Thanks! Ben Pfountz wrote: > You probably want something more like this: > > ipfw -f flush > /sbin/natd -interface rl0 > ipfw add divert natd all from any to any via rl0 > ipfw add pipe 1 ip from any to any in recv rl1 > ipfw add pipe 2 ip from any to any out xmit rl1 > ipfw pipe 1 config mask src-ip 0xffffffff bw 1024kbits/s > ipfw pipe 2 config mask dst-ip 0xffffffff bw 1024kbits/s > > Remember that incoming packets are destined for your outside interface until > the firewall diverts the packets to natd. For this reason, your pipe for > packets coming in in rl0 would have always had a dst-ip of your outside > interface. > > Hope this helps. > > Ben > > > ----- Original Message ----- > From: "Sean Hafeez" <sahafeez@edgefocus.com> > To: <freebsd-ipfw@freebsd.org> > Sent: Monday, June 16, 2003 11:22 AM > Subject: ipfw, dummynet and a large subnet to shape > > > >>i have been reading thru all the links on google and the man pages and >>facts and have come to realize that the information is quite - not >>right. >> >>here is what i need to do: >> >>i have a network - 10.0.0.0/22 that is nat'd. the external interface >>is rl0 and the internal is rl1. i want everyone shaped to 1024kbits/s. >>when i say everyone i mean each unique user (ie, 10.0.0.23 or >>10.0.1.77 or 10.0.2.32) to be limited to a total of 1024kbits/s down >>and up. >> >>here is what i got. >> >>ipfw -f flush >>/sbin/natd -interface rl0 >>ipfw add 999 divert natd all from any to any via rl0 >>ipfw add pipe 1 ip from any to any in via rl1 >>ipfw add pipe 2 ip from any to any in via rl0 >>ipfw pipe 1 config mask src-ip 0xffffffff bw 1024kbits/s >>ipfw pipe 2 config mask dst-ip 0xffffffff bw 1024kbits/s >> >>i have add: >> >>net.inet.ip.fw.one_pass=0 >>net.inet.ip.dummynet.hash_size=256 >>net.inet.ip.dummynet.max_chain_len=64 >> >>to sysctl.conf. >> >>does not seem to be working right. have i got this wrong? >> >>thanks! >> >>_______________________________________________ >>freebsd-ipfw@freebsd.org mailing list >>http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >>To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" >> >> > > > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3EEDEF1D.9080107>