Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Using several pipes in ipfw (dummynet)
Operating Systems BSD Using several pipes in ipfw (dummynet) Post 302279385 by xenator on Thursday 22nd of January 2009 03:15:36 PM
Old 01-22-2009
Using several pipes in ipfw (dummynet)
Hi!

I've already posted this on the freebsd-questions mailing list, but I thought I could try it here too.

I'm using FreeBSD 7.0 with IPFW DUMMYNET enabled.

I've got a problem with creating a ruleset, which allows me to limit the overall bandwidth of a link and afterwards pass the packets to another pipe for processing.

So far I've got those rules:
Code:
in_if="em0"
out_if="em1"
management_if="em2"
in_ip="100.100.100.1"
out_ip="200.200.200.1"
management_ip="172.16.0.201"
client1_subnet="192.168.5.0/26"
client2_subnet="192.168.6.0/26"
server_subnet="192.168.7.0/24"

download_bandwidth="6144Kbit/s"
upload_bandwidth="1024Kbit/s"
delay="0"
queue_size="10"

cmd="ipfw"

$cmd add 10 allow all from any to any via lo0

$cmd pipe 100 config mask src-ip 0xffffffff bw $upload_bandwidth queue $queue_size delay $delay
$cmd pipe 200 config mask dst-ip 0xffffffff bw $download_bandwidth queue $queue_size

$cmd add pipe 100 all from $client1_subnet to $server_subnet in via $in_if
$cmd add pipe 200 all from $server_subnet to $client1_subnet out via $in_if

$cmd add pipe 100 all from $client2_subnet to $server_subnet in via $in_if
$cmd add pipe 200 all from $server_subnet to $client2_subnet out via $in_if

$cmd add 10000 allow all from any to any via $management_if
$cmd add 20000 allow all from any to any via $in_if
$cmd add 30000 allow all from any to any via $out_if

What I want to add now, is the possibility to limit the bandwidth of the whole link, e.g. 100Mbit/s on em0.

I've tried to add a pipe:

$cmd pipe 50 config bw 100Mbit/s queue $queue_size
$cmd add pipe 50 all from any to any via $in_if


But when I have a look at the pipes with 'ipfw show' I can only see packets go through pipe 50 and nothing goes through the other pipes (which makes sense actually since IPFW works that way?).


Any help is much appreciated.


xenator
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

fBSD nat ipfw

i am running nat on my freeBSD and web/ftp server. The rule allow ip from any to any must always be? or how? if i accept all packets to go on my ep0 which diverts all to my intranet it doesnt help, must the rule allow ip from any to any always be ? even if many rules are between divert rule and... (3 Replies)
Discussion started by: hachik
3 Replies

2. Cybersecurity

ipfw directives and order of precidence...

Is there a general rule I can apply when examining/editing ipfw entries? Also, does each new entry have to have a unique rule number? And, I think I can write a script to block code red infected machines (though I'm not sure it would do more than slim down my web server error message log),... (0 Replies)
Discussion started by: [MA]Flying_Meat
0 Replies

3. Filesystems, Disks and Memory

PIPEs and Named PIPEs (FIFO) Buffer size

Hello! How I can increase or decrease predefined pipe buffer size? System FreeBSD 4.9 and RedHat Linux 9.0 Thanks! (1 Reply)
Discussion started by: Jus
1 Replies

4. UNIX for Dummies Questions & Answers

Need help with IPFW.. Please...

Hi folks, I am a Mac User, and have little knowledge on IPFW. I have a set up at home where my computer (with 2 ethernet cards and static IP adresses) serves Internet to my family's computers. I have already a script that will run automatically at login and called from Cron at certain... (2 Replies)
Discussion started by: fundidor
2 Replies

5. IP Networking

using dummynet to limit bandwidth

Hello I need to limit the bandwidth from a list of ip addresses. I was planning to use the dummynet with lookup tables, so i took the example given in the manual pages: ipfw pipe 1 config bw 1000Kbyte/s ipfw pipe 4 config bw 4000Kbyte/s ... ipfw table 1... (1 Reply)
Discussion started by: Alex_sh
1 Replies

6. Cybersecurity

FreeBSD IPFW Rules clarification please...

Hello. I hope you can help me please. We are about to bring a few servers online which will be hosting different things... For one server, it will be hosting a HTTPd, and just wanted to know whether these rules are correct that I have? To ensure the right interfaces etc, here's a copy of... (1 Reply)
Discussion started by: DanUK
1 Replies

7. BSD

dummynet problem.

I am using dummynet in bridge mode. and its working fine. Now I have built another box (freebsd 7.1) in router mode. On this box I have two NICs, one for lan and one for wan. both networks are segmented physically and logically i-e both interfaces have different ip pools and connected to... (0 Replies)
Discussion started by: azfar
0 Replies

8. UNIX for Advanced & Expert Users

ipfw and dhcp

Hello, I have a little problem with my server configuration. So: I have two PC's with DHCP enable and both of them have two NIC's. PC1 - le0 ADSL PC1 - le1 192.168.10.1 PC2 - le0 192.168.10.10 PC2 - le1 192.168.20.1 One NIC on PC1 is connected to ADSL, another one have IP address... (3 Replies)
Discussion started by: mrowcp
3 Replies

9. Cybersecurity

pass syntax iptables to ipfw

Hello, excuse my English. Please could tell me how I can pass this syntax for iptables to ipfw. iptables -A OUTPUT -p tcp --dport 80 -m state --state NEW -m recent --set --name thor --rdest -j ACCEPT iptables -A INPUT -p tcp -m tcp --tcp-flag RST RST -m state --state ESTABLISHED -m recent... (0 Replies)
Discussion started by: dot357
0 Replies

10. OS X (Apple)

How to enable ipfw.log?

Under Mountain Lion, I want logs from ipfw sent to ipfw.log instead of dumped in system.log I've tried to figure out how OSX handles logs, but... after going back and forth between a syslog.conf which does little if anything, a newsyslog.conf that seems to only handle rotation, an asl.conf that... (3 Replies)
Discussion started by: jnojr
3 Replies

LEARN ABOUT DEBIAN

filter_create_fd

filter_create_fd(3)						   util/filter.h					       filter_create_fd(3)

NAME

       filter_create_fd  - Create a sub process and return the requested pipes

SYNOPSIS

       #include <util/filter.h>

       NEOERR *filter_create_fd(const char *cmd, int *fdin, int *fdout, int *fderr,
				pid_t *pid);

ARGUMENTS

       cmd -> the sub command to execute.  Will be executed with
       /bin/sh -c
       fdin -> pointer to return the stdin pipe, or NULL if you don't
       want the stdin pipe
       fdout -> pointer to return the stdout pipe, or NULL if you don't
       want the stdout pipe
       fderr -> pointer to return the stderr pipe, or NULL if you don't
       want the stderr pipe

DESCRIPTION

       filter_create_fd and filter_create_fp are what popen

       been:  a  mechanism  to	create sub processes and have pipes to all their input/output.	The concept was taken from mutt, though python has
       something similar with popen3/popen4.  You control which pipes the function returns by the fdin/fdout/fderr arguments.  A NULL value  means
       "don't  create a pipe", a pointer to an int will cause the pipes to be created and the value of the file descriptor stored in the int.  You
       will have to close(2) the file descriptors yourself.

RETURN VALUE

       fdin -> the stdin file descriptor of the sub process
       fdout -> the stdout file descriptor of the sub process
       fderr -> the stderr file descriptor of the sub process
       pid -> the pid of the sub process

SEE ALSO

       filter_wait(3), filter_create_fp(3), filter_create_fd

ClearSilver							   12 July 2007 					       filter_create_fd(3)
All times are GMT -4. The time now is 09:56 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy