Re: Traffic Shapping (IPFW + DUMMYNET) Question

2005-04-15 Thread RW 
On Thursday 14 April 2005 14:53, Timothy Radigan wrote:
 Hi all,

 I'm new to the entire idea of traffic shaping and I came up with some rules
 for my BSD firewall/router/VoIP gateway 

...

 Does this seem like it will perform as I am thinking it will?

I've not tried this kind of thing myself, but I wouldn't be very optimistic 
about what you are trying to do. AFAIK dummynet works through IP packet 
queueing. That means that it can do a good job of shaping outgoing traffic,  
but the only control it has on incoming traffic is through dropping packets 
that have already been received, which isn't very efficient. 

To achieve what you want would really need some something that can hook into 
the tcp/ip stack and affect tcp window sizes. I dont know of anything that 
would do that.
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Traffic Shapping (IPFW + DUMMYNET) Question

2005-04-15 Thread Chris Haulmark 
On Thu, 2005-04-14 at 09:53 -0400, Timothy Radigan wrote:
 Hi all,
 
 I'm new to the entire idea of traffic shaping and I came up with some rules
 for my BSD firewall/router/VoIP gateway and I just wanted to make sure that
 what I am trying to accomplish is actually going to happen with these rules
 in place.  Currently, my broadband connection is a 4Mb down and 384Mb up
 pipe.  My VoIP service requires 90Kb up and down.  I have 3 separate
 internal networks at my house.  I have my wired 100Mb switched LAN
 (192.168.15.0/24), I have my IPSec enabled Wireless LAN (192.168.20.0/24),
 and I have my VoIP LAN (192.168.10.0/30).  What I want to do with these
 traffic shaping rules, is dedicate 100Kb up and down to the VoIP LAN, and
 then I want to have equally shared bandwidth (the remaining speeds of my
 broadband connection) for the wired and wireless LANs.  Here are the rules I
 have come up with so far:

Can you post your ifconfig output of your BSD box?

How about the output of this:

sysctl -a | grep net.inet.ip.fw.one_pass

Chris


 
 --- (START) /etc/ipfw.rules 
 
 # flush all rules
 ipfw -f flush
 
 # configure the pipe main pipes - have 4000kbits/s down 384kbits/s up
 
 # define 200kbits/s for the voip pipes
 ipfw pipe 1 config bw 100Kbits/s
 ipfw pipe 2 config bw 100Kbits/s
 
 # wired / wifi lans - get all but 100kbits/s for both up and down
 ipfw pipe 3 config bw 3900Kbits/s
 ipfw pipe 4 config bw 284Kbits/s
 
 # wired/wifi LAN internal transmission
 ipfw pipe 5 config bw 100Mbits/s mask dst-ip 0x
 ipfw pipe 6 config bw 100Mbits/s mask dst-ip 0x
 ipfw pipe 7 config bw 100Mbits/s mask dst-ip 0x
 ipfw pipe 8 config bw 100Mbits/s mask dst-ip 0x
 
 # make sure the voip gets all of the bandwidth for the pipes
 ipfw add 1 pipe 1 ip from 192.168.10.2 to any
 ipfw add 1 pipe 2 ip from any to 192.168.10.2
 
 # make sure the wired and wifi lans get all of the bandwidth for those pipes
 ipfw add 2 pipe 5 ip from 192.168.15.0/24 to 192.168.0.0/16
 ipfw add 2 pipe 6 ip from 192.168.0.0/16 to 192.168.15.0/24
 ipfw add 3 pipe 7 ip from 192.168.20.0/24 to 192.168.0.0/16
 ipfw add 3 pipe 8 ip from 192.168.0.0/16 to 192.168.20.0/24
 
 # the wired / wifi lans will split the up and down pipes
 ipfw queue 3 config weight 50 pipe 3 mask dst-ip 0x00ff
 ipfw queue 4 config weight 50 pipe 3 mask dst-ip 0x00ff
 ipfw queue 5 config weight 50 pipe 4 mask dst-ip 0x00ff
 ipfw queue 6 config weight 50 pipe 4 mask dst-ip 0x00ff
 
 # add inbound/outbound queues for the wired lan
 ipfw add 100 queue 3 ip from any to 192.168.15.0/24
 ipfw add 105 queue 5 ip from 192.168.15.0/24 to any
 
 # add inbound/outbound queues for the wifi lan
 ipfw add 200 queue 4 ip from any to 192.168.20.0/24
 ipfw add 205 queue 6 ip from 192.168.20.0/24 to any
 
  (END) /etc/ipfw.rules -
 
 Does this seem like it will perform as I am thinking it will?
 
 Thanks
 --Tim
 
 ___
 freebsd-questions@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to [EMAIL PROTECTED]
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Traffic Shapping (IPFW + DUMMYNET) Question

2005-04-14 Thread Timothy Radigan 
Hi all,

I'm new to the entire idea of traffic shaping and I came up with some rules
for my BSD firewall/router/VoIP gateway and I just wanted to make sure that
what I am trying to accomplish is actually going to happen with these rules
in place.  Currently, my broadband connection is a 4Mb down and 384Mb up
pipe.  My VoIP service requires 90Kb up and down.  I have 3 separate
internal networks at my house.  I have my wired 100Mb switched LAN
(192.168.15.0/24), I have my IPSec enabled Wireless LAN (192.168.20.0/24),
and I have my VoIP LAN (192.168.10.0/30).  What I want to do with these
traffic shaping rules, is dedicate 100Kb up and down to the VoIP LAN, and
then I want to have equally shared bandwidth (the remaining speeds of my
broadband connection) for the wired and wireless LANs.  Here are the rules I
have come up with so far:

--- (START) /etc/ipfw.rules 

# flush all rules
ipfw -f flush

# configure the pipe main pipes - have 4000kbits/s down 384kbits/s up

# define 200kbits/s for the voip pipes
ipfw pipe 1 config bw 100Kbits/s
ipfw pipe 2 config bw 100Kbits/s

# wired / wifi lans - get all but 100kbits/s for both up and down
ipfw pipe 3 config bw 3900Kbits/s
ipfw pipe 4 config bw 284Kbits/s

# wired/wifi LAN internal transmission
ipfw pipe 5 config bw 100Mbits/s mask dst-ip 0x
ipfw pipe 6 config bw 100Mbits/s mask dst-ip 0x
ipfw pipe 7 config bw 100Mbits/s mask dst-ip 0x
ipfw pipe 8 config bw 100Mbits/s mask dst-ip 0x

# make sure the voip gets all of the bandwidth for the pipes
ipfw add 1 pipe 1 ip from 192.168.10.2 to any
ipfw add 1 pipe 2 ip from any to 192.168.10.2

# make sure the wired and wifi lans get all of the bandwidth for those pipes
ipfw add 2 pipe 5 ip from 192.168.15.0/24 to 192.168.0.0/16
ipfw add 2 pipe 6 ip from 192.168.0.0/16 to 192.168.15.0/24
ipfw add 3 pipe 7 ip from 192.168.20.0/24 to 192.168.0.0/16
ipfw add 3 pipe 8 ip from 192.168.0.0/16 to 192.168.20.0/24

# the wired / wifi lans will split the up and down pipes
ipfw queue 3 config weight 50 pipe 3 mask dst-ip 0x00ff
ipfw queue 4 config weight 50 pipe 3 mask dst-ip 0x00ff
ipfw queue 5 config weight 50 pipe 4 mask dst-ip 0x00ff
ipfw queue 6 config weight 50 pipe 4 mask dst-ip 0x00ff

# add inbound/outbound queues for the wired lan
ipfw add 100 queue 3 ip from any to 192.168.15.0/24
ipfw add 105 queue 5 ip from 192.168.15.0/24 to any

# add inbound/outbound queues for the wifi lan
ipfw add 200 queue 4 ip from any to 192.168.20.0/24
ipfw add 205 queue 6 ip from 192.168.20.0/24 to any

 (END) /etc/ipfw.rules -

Does this seem like it will perform as I am thinking it will?

Thanks
--Tim

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

[with additional question] Re: ipfw//dummynet question

2004-02-25 Thread Nathan Kinkade 
On Wed, Feb 25, 2004 at 06:47:30AM +0100, Hugo (6s-gaming.com) wrote:
 Hi list,
 
 Say I want to limit the bandwidth from all inside my lan to the outside.
 I'd create the pipes and make 2 rules to pipe any traffic (inout). My
 question is, would creating these 2 rules make all traffic be promptly
 accepted, or would they be accepted or blocked based on the rest of the
 ruleset? If they're accepted upon the pipe rule, how to make they be piped
 BUT only accepted if they match any of the rules on the ruleset? Do I need
 to create pipe rules for _everything_ ?
 
 Regards,
 
 Hugo

If I understand your question, you can have any number of rules that all
use a single pipe.  For example, you could have something like:

ipfw add pipe 1 ip from 10.0.0.0/24 to any dst-port 
ipfw add pipe 1 ip from 10.0.0.0/24 to www.somedomain.com
ipfw add pipe 1 ip from 10.0.1.50 to any

And maybe pipe 1 is configured as such:
pipe 1 config bw 50Kbyte/s

This actually brings me to a question of my own.  The ipfw manpage talks
about making sure to keep in mind that packets are checked both 'in' and
'out'.  I see that some people have implemented bandwidth rules using 2
separate rules for in and out.  I have a setup that uses a 'keep-state'
on a single 'in' rule and it seems to work fine.  What is the effective
or functional difference between using two separate rules for in and out
or a single rule using a keep-state?  Is one more efficient than
another, or would the two do totally different things?

Thanks,
Nathan
-- 
gpg --keyserver pgp.mit.edu --recv-keys D8527E49


pgp0.pgp
Description: PGP signature

ipfw//dummynet question

2004-02-24 Thread Hugo (6s-gaming.com) 
Hi list,

Say I want to limit the bandwidth from all inside my lan to the outside.
I'd create the pipes and make 2 rules to pipe any traffic (inout). My
question is, would creating these 2 rules make all traffic be promptly
accepted, or would they be accepted or blocked based on the rest of the
ruleset? If they're accepted upon the pipe rule, how to make they be piped
BUT only accepted if they match any of the rules on the ruleset? Do I need
to create pipe rules for _everything_ ?

Regards,

Hugo


-- 
http://www.6s-gaming.com - your online store!

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]