FW: [5.2.1-RC, IPFW] Traffic Shaping
oops, sent to wrong list -Original Message- From: Lee Dilkie [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 8:00 AM To: 'Bjorn Eikeland'; 'Jaco van Tonder'; '[EMAIL PROTECTED]' Subject: RE: [5.2.1-RC, IPFW] Traffic Shaping There isnt much you can really do as to shape incomming traffic, however you can limit how fast you accept the incomming data. (At least this is what im used to from my little experience with linux.) I tried* the following rule, and in theroy it sounds up to the job: ipfw add pipe 1 tcp from not me to me smtp *)when I say tried I really mean ipfw didnt complain, but no traffic actually saw it. Obviously you can replace 'me' with your actual ip and 'smtp' with 25, but I find its easier to read english. Feel free to try that though :) I'm running IPFW on 4.9 and inbound traffic shaping does work, I've verified that. my rule section... ipfw -f pipe flush # do pipes first or later rules will tigger and pipes won't be used # newfiechick in/out ipfw pipe 1 config bw 100Kbit/s ipfw pipe 2 config bw 60Kbit/s # sendmail limits in/out ipfw pipe 3 config bw 80Kbit/s ipfw pipe 4 config bw 80Kbit/s # testing #ipfw pipe 5 config bw 80Kbit/s #ipfw pipe 6 config bw 80Kbit/s # bandwidth throttling #ipfw add pipe 1 ip from any to newfiechick in #ipfw add pipe 2 ip from newfiechick to any out ipfw add pipe 3 tcp from any to spock smtp in ipfw add pipe 3 tcp from any to spock pop3 in ipfw add pipe 4 tcp from spock to any smtp out ipfw add pipe 4 tcp from spock pop3 to any out #ipfw add pipe 5 udp from any to 206.51.1.220 in #ipfw add pipe 6 udp from 206.51.1.220 to any out These come before any deny/allow rules. The commented out testing rule was to an internet phone and i was able to turn down the b/w and affect the voice quality in either direction so I'm confident that this works. -lee Hi all, I am using FreeBSD 5.2.1-RC + IPFW2 + DUMMYNET to do traffic shaping. This works well for my setup. I have the following configuration: The machine has 2 NIC's, xl0, dc0. The kernel is configured to do bridging. The bridged packets is passed to IPFW (net.link.ether.bridge.ipfw=1). I shape traffic this way: The bridge is setup between a router and an internal mail server. I am limiting bandwith using the following rules: pipe 1 config bw 16KBytes/s pipe 2 config bw 12KBytes/s and then: add pipe 1 tcp from any to any 25 (limit incoming traffic towards smtp) add pipe 2 tcp from any 110 to any (limit outgoing traffic from pop3) Yesterday, while browsing through Absolute BSD by Michael Lucas I read an interesting part: You cannot shape incoming traffic the way that I do at the moment. Now, my question: How can I limit the incoming traffic towards my smtp server properly? Any advice would be apreciated. Thank you, Regards Jaco van Tonder ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
[5.2.1-RC, IPFW] Traffic Shaping
Hi all, I am using FreeBSD 5.2.1-RC + IPFW2 + DUMMYNET to do traffic shaping. This works well for my setup. I have the following configuration: The machine has 2 NIC's, xl0, dc0. The kernel is configured to do bridging. The bridged packets is passed to IPFW (net.link.ether.bridge.ipfw=1). I shape traffic this way: The bridge is setup between a router and an internal mail server. I am limiting bandwith using the following rules: pipe 1 config bw 16KBytes/s pipe 2 config bw 12KBytes/s and then: add pipe 1 tcp from any to any 25 (limit incoming traffic towards smtp) add pipe 2 tcp from any 110 to any (limit outgoing traffic from pop3) Yesterday, while browsing through Absolute BSD by Michael Lucas I read an interesting part: You cannot shape incoming traffic the way that I do at the moment. Now, my question: How can I limit the incoming traffic towards my smtp server properly? Any advice would be apreciated. Thank you, Regards Jaco van Tonder ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [5.2.1-RC, IPFW] Traffic Shaping
There isnt much you can really do as to shape incomming traffic, however you can limit how fast you accept the incomming data. (At least this is what im used to from my little experience with linux.) I tried* the following rule, and in theroy it sounds up to the job: ipfw add pipe 1 tcp from not me to me smtp *)when I say tried I really mean ipfw didnt complain, but no traffic actually saw it. Obviously you can replace 'me' with your actual ip and 'smtp' with 25, but I find its easier to read english. Feel free to try that though :) Hi all, I am using FreeBSD 5.2.1-RC + IPFW2 + DUMMYNET to do traffic shaping. This works well for my setup. I have the following configuration: The machine has 2 NIC's, xl0, dc0. The kernel is configured to do bridging. The bridged packets is passed to IPFW (net.link.ether.bridge.ipfw=1). I shape traffic this way: The bridge is setup between a router and an internal mail server. I am limiting bandwith using the following rules: pipe 1 config bw 16KBytes/s pipe 2 config bw 12KBytes/s and then: add pipe 1 tcp from any to any 25 (limit incoming traffic towards smtp) add pipe 2 tcp from any 110 to any (limit outgoing traffic from pop3) Yesterday, while browsing through Absolute BSD by Michael Lucas I read an interesting part: You cannot shape incoming traffic the way that I do at the moment. Now, my question: How can I limit the incoming traffic towards my smtp server properly? Any advice would be apreciated. Thank you, Regards Jaco van Tonder ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [5.2.1-RC, IPFW] Traffic Shaping
Ok, so miss read the question a bit... (Was thinking the bridge was the mail server too - used to my own hardware shortage :) But still, I think you'll get it working by swapping 'me' with the ip of your mail server. Can also use subnet to allow your own net unlimited access. There isnt much you can really do as to shape incomming traffic, however you can limit how fast you accept the incomming data. (At least this is what im used to from my little experience with linux.) I tried* the following rule, and in theroy it sounds up to the job: ipfw add pipe 1 tcp from not me to me smtp *)when I say tried I really mean ipfw didnt complain, but no traffic actually saw it. Obviously you can replace 'me' with your actual ip and 'smtp' with 25, but I find its easier to read english. Feel free to try that though :) Hi all, I am using FreeBSD 5.2.1-RC + IPFW2 + DUMMYNET to do traffic shaping. This works well for my setup. I have the following configuration: The machine has 2 NIC's, xl0, dc0. The kernel is configured to do bridging. The bridged packets is passed to IPFW (net.link.ether.bridge.ipfw=1). I shape traffic this way: The bridge is setup between a router and an internal mail server. I am limiting bandwith using the following rules: pipe 1 config bw 16KBytes/s pipe 2 config bw 12KBytes/s and then: add pipe 1 tcp from any to any 25 (limit incoming traffic towards smtp) add pipe 2 tcp from any 110 to any (limit outgoing traffic from pop3) Yesterday, while browsing through Absolute BSD by Michael Lucas I read an interesting part: You cannot shape incoming traffic the way that I do at the moment. Now, my question: How can I limit the incoming traffic towards my smtp server properly? Any advice would be apreciated. Thank you, Regards Jaco van Tonder ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
