On Sat, Feb 14, 2004 at 12:25:22PM -0600, Vulpes Velox wrote:
> "Markus Kovero" <[EMAIL PROTECTED]> wrote:
> 
> On Sat, 14 Feb 2004 15:19:28 +0200
>
> > I've got 172.16.0.0/24 network that is connected to internet via vpn
> > gre tunnel.
> > And now I've had bit hard time doing bandwidth control, maybe I'm
> > missing something.
> > 
> > I've set ipfw pipes like this:
> > ipfw add queue 1 gre from any to 172.16.0.0/24
> > ipfw queue 1 config weight 5 pipe 2 mask dst-ip 0x000000ff
> > ipfw pipe 2 config bw 1500Kbit/s
> > ipfw add queue 2 gre from 172.16.0.0/24 to any
> > ipfw queue 2 config weight 20 pipe 3 mask src-ip 0x000000ff
> > ipfw pipe 3 config bw 256Kbit/s
> > 
>From my own website, this should work:

pipe 1 config mask dst-ip 0x000000ff bw 256Kbit/s
pipe 2 config mask src-ip 0x000000ff bw  32Kbit/s
add 10310 pipe 1 ip from any to any in
add 10320 pipe 2 ip from any to any out

> > net.inet.ip.fw.one_pass: 0

Depending on this value package are allowed by the pipe rules or passed
to the next rule.

> > 65100 queue 1 gre from any to 172.16.0.0/24
> > 65200 queue 2 gre from 172.16.0.0/24 to any
> > 
> > 00002:   1.500 Mbit/s    0 ms   50 sl. 0 queues (1 buckets) droptail
> >     mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
> > 00003: 256.000 Kbit/s    0 ms   50 sl. 0 queues (1 buckets) droptail
> >     mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
> > q00001: weight 5 pipe 2   50 sl. 0 queues (64 buckets) droptail
> >     mask: 0x00 0x00000000/0x0000 -> 0x000000ff/0x0000
> > q00002: weight 20 pipe 3   50 sl. 0 queues (64 buckets) droptail
> >     mask: 0x00 0x000000ff/0x0000 -> 0x00000000/0x0000
> > 
> > It seems to have no effect on network. What I'm missing?
> > (replacing gre-protocol with ip doesn't help)
> > 
> here is a example from my ftp server...
> 
> ipfw add 200 pipe 2 tcp from me to any out gid ftpusersBWL
> ipfw pipe config 2 bw 16KBps queue 100
> 
> 
> this will pipe any thing from that gid into pipe 2... and pipe 2 is bw
> limited at 16KBps... the only dif is that you will have to change the
> packet matching setup...
> 
That only works if a user has an accound and uses that to login to
something. It not something that can be use for the more general setup.

-- 
Alex

Articles based on solutions that I use:
http://www.kruijff.org/alex/index.php?dir=docs/FreeBSD/
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to