RE: ipfw bandwidth limit
I got it working, thanks you guys. -Original Message- From: Alex de Kruijff [mailto:[EMAIL PROTECTED] Sent: 15. helmikuuta 2004 1:39 To: Vulpes Velox Cc: Markus Kovero; [EMAIL PROTECTED] Subject: Re: ipfw bandwidth limit On Sat, Feb 14, 2004 at 12:25:22PM -0600, Vulpes Velox wrote: Markus Kovero [EMAIL PROTECTED] wrote: On Sat, 14 Feb 2004 15:19:28 +0200 I've got 172.16.0.0/24 network that is connected to internet via vpn gre tunnel. And now I've had bit hard time doing bandwidth control, maybe I'm missing something. I've set ipfw pipes like this: ipfw add queue 1 gre from any to 172.16.0.0/24 ipfw queue 1 config weight 5 pipe 2 mask dst-ip 0x00ff ipfw pipe 2 config bw 1500Kbit/s ipfw add queue 2 gre from 172.16.0.0/24 to any ipfw queue 2 config weight 20 pipe 3 mask src-ip 0x00ff ipfw pipe 3 config bw 256Kbit/s From my own website, this should work: pipe 1 config mask dst-ip 0x00ff bw 256Kbit/s pipe 2 config mask src-ip 0x00ff bw 32Kbit/s add 10310 pipe 1 ip from any to any in add 10320 pipe 2 ip from any to any out net.inet.ip.fw.one_pass: 0 Depending on this value package are allowed by the pipe rules or passed to the next rule. 65100 queue 1 gre from any to 172.16.0.0/24 65200 queue 2 gre from 172.16.0.0/24 to any 2: 1.500 Mbit/s0 ms 50 sl. 0 queues (1 buckets) droptail mask: 0x00 0x/0x - 0x/0x 3: 256.000 Kbit/s0 ms 50 sl. 0 queues (1 buckets) droptail mask: 0x00 0x/0x - 0x/0x q1: weight 5 pipe 2 50 sl. 0 queues (64 buckets) droptail mask: 0x00 0x/0x - 0x00ff/0x q2: weight 20 pipe 3 50 sl. 0 queues (64 buckets) droptail mask: 0x00 0x00ff/0x - 0x/0x It seems to have no effect on network. What I'm missing? (replacing gre-protocol with ip doesn't help) here is a example from my ftp server... ipfw add 200 pipe 2 tcp from me to any out gid ftpusersBWL ipfw pipe config 2 bw 16KBps queue 100 this will pipe any thing from that gid into pipe 2... and pipe 2 is bw limited at 16KBps... the only dif is that you will have to change the packet matching setup... That only works if a user has an accound and uses that to login to something. It not something that can be use for the more general setup. -- Alex Articles based on solutions that I use: http://www.kruijff.org/alex/index.php?dir=docs/FreeBSD/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
ipfw bandwidth limit
I've got 172.16.0.0/24 network that is connected to internet via vpn gre tunnel. And now I've had bit hard time doing bandwidth control, maybe I'm missing something. I've set ipfw pipes like this: ipfw add queue 1 gre from any to 172.16.0.0/24 ipfw queue 1 config weight 5 pipe 2 mask dst-ip 0x00ff ipfw pipe 2 config bw 1500Kbit/s ipfw add queue 2 gre from 172.16.0.0/24 to any ipfw queue 2 config weight 20 pipe 3 mask src-ip 0x00ff ipfw pipe 3 config bw 256Kbit/s net.inet.ip.fw.one_pass: 0 65100 queue 1 gre from any to 172.16.0.0/24 65200 queue 2 gre from 172.16.0.0/24 to any 2: 1.500 Mbit/s0 ms 50 sl. 0 queues (1 buckets) droptail mask: 0x00 0x/0x - 0x/0x 3: 256.000 Kbit/s0 ms 50 sl. 0 queues (1 buckets) droptail mask: 0x00 0x/0x - 0x/0x q1: weight 5 pipe 2 50 sl. 0 queues (64 buckets) droptail mask: 0x00 0x/0x - 0x00ff/0x q2: weight 20 pipe 3 50 sl. 0 queues (64 buckets) droptail mask: 0x00 0x00ff/0x - 0x/0x It seems to have no effect on network. What I'm missing? (replacing gre-protocol with ip doesn't help) Markus Kovero ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw bandwidth limit
here is a example from my ftp server... ipfw add 200 pipe 2 tcp from me to any out gid ftpusersBWL ipfw pipe config 2 bw 16KBps queue 100 this will pipe any thing from that gid into pipe 2... and pipe 2 is bw limited at 16KBps... the only dif is that you will have to change the packet matching setup... On Sat, 14 Feb 2004 15:19:28 +0200 Markus Kovero [EMAIL PROTECTED] wrote: I've got 172.16.0.0/24 network that is connected to internet via vpn gre tunnel. And now I've had bit hard time doing bandwidth control, maybe I'm missing something. I've set ipfw pipes like this: ipfw add queue 1 gre from any to 172.16.0.0/24 ipfw queue 1 config weight 5 pipe 2 mask dst-ip 0x00ff ipfw pipe 2 config bw 1500Kbit/s ipfw add queue 2 gre from 172.16.0.0/24 to any ipfw queue 2 config weight 20 pipe 3 mask src-ip 0x00ff ipfw pipe 3 config bw 256Kbit/s net.inet.ip.fw.one_pass: 0 65100 queue 1 gre from any to 172.16.0.0/24 65200 queue 2 gre from 172.16.0.0/24 to any 2: 1.500 Mbit/s0 ms 50 sl. 0 queues (1 buckets) droptail mask: 0x00 0x/0x - 0x/0x 3: 256.000 Kbit/s0 ms 50 sl. 0 queues (1 buckets) droptail mask: 0x00 0x/0x - 0x/0x q1: weight 5 pipe 2 50 sl. 0 queues (64 buckets) droptail mask: 0x00 0x/0x - 0x00ff/0x q2: weight 20 pipe 3 50 sl. 0 queues (64 buckets) droptail mask: 0x00 0x00ff/0x - 0x/0x It seems to have no effect on network. What I'm missing? (replacing gre-protocol with ip doesn't help) Markus Kovero ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: ipfw bandwidth limit
On Sat, Feb 14, 2004 at 12:25:22PM -0600, Vulpes Velox wrote: Markus Kovero [EMAIL PROTECTED] wrote: On Sat, 14 Feb 2004 15:19:28 +0200 I've got 172.16.0.0/24 network that is connected to internet via vpn gre tunnel. And now I've had bit hard time doing bandwidth control, maybe I'm missing something. I've set ipfw pipes like this: ipfw add queue 1 gre from any to 172.16.0.0/24 ipfw queue 1 config weight 5 pipe 2 mask dst-ip 0x00ff ipfw pipe 2 config bw 1500Kbit/s ipfw add queue 2 gre from 172.16.0.0/24 to any ipfw queue 2 config weight 20 pipe 3 mask src-ip 0x00ff ipfw pipe 3 config bw 256Kbit/s From my own website, this should work: pipe 1 config mask dst-ip 0x00ff bw 256Kbit/s pipe 2 config mask src-ip 0x00ff bw 32Kbit/s add 10310 pipe 1 ip from any to any in add 10320 pipe 2 ip from any to any out net.inet.ip.fw.one_pass: 0 Depending on this value package are allowed by the pipe rules or passed to the next rule. 65100 queue 1 gre from any to 172.16.0.0/24 65200 queue 2 gre from 172.16.0.0/24 to any 2: 1.500 Mbit/s0 ms 50 sl. 0 queues (1 buckets) droptail mask: 0x00 0x/0x - 0x/0x 3: 256.000 Kbit/s0 ms 50 sl. 0 queues (1 buckets) droptail mask: 0x00 0x/0x - 0x/0x q1: weight 5 pipe 2 50 sl. 0 queues (64 buckets) droptail mask: 0x00 0x/0x - 0x00ff/0x q2: weight 20 pipe 3 50 sl. 0 queues (64 buckets) droptail mask: 0x00 0x00ff/0x - 0x/0x It seems to have no effect on network. What I'm missing? (replacing gre-protocol with ip doesn't help) here is a example from my ftp server... ipfw add 200 pipe 2 tcp from me to any out gid ftpusersBWL ipfw pipe config 2 bw 16KBps queue 100 this will pipe any thing from that gid into pipe 2... and pipe 2 is bw limited at 16KBps... the only dif is that you will have to change the packet matching setup... That only works if a user has an accound and uses that to login to something. It not something that can be use for the more general setup. -- Alex Articles based on solutions that I use: http://www.kruijff.org/alex/index.php?dir=docs/FreeBSD/ ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]