Visit Our UNIX and Linux User Community


Using several pipes in ipfw (dummynet)


 
Thread Tools Search this Thread
Operating Systems BSD Using several pipes in ipfw (dummynet)
# 1  
Old 01-22-2009
Using several pipes in ipfw (dummynet)

Hi!

I've already posted this on the freebsd-questions mailing list, but I thought I could try it here too.

I'm using FreeBSD 7.0 with IPFW DUMMYNET enabled.

I've got a problem with creating a ruleset, which allows me to limit the overall bandwidth of a link and afterwards pass the packets to another pipe for processing.

So far I've got those rules:

Code:
in_if="em0"
out_if="em1"
management_if="em2"
in_ip="100.100.100.1"
out_ip="200.200.200.1"
management_ip="172.16.0.201"
client1_subnet="192.168.5.0/26"
client2_subnet="192.168.6.0/26"
server_subnet="192.168.7.0/24"

download_bandwidth="6144Kbit/s"
upload_bandwidth="1024Kbit/s"
delay="0"
queue_size="10"

cmd="ipfw"

$cmd add 10 allow all from any to any via lo0

$cmd pipe 100 config mask src-ip 0xffffffff bw $upload_bandwidth queue $queue_size delay $delay
$cmd pipe 200 config mask dst-ip 0xffffffff bw $download_bandwidth queue $queue_size

$cmd add pipe 100 all from $client1_subnet to $server_subnet in via $in_if
$cmd add pipe 200 all from $server_subnet to $client1_subnet out via $in_if

$cmd add pipe 100 all from $client2_subnet to $server_subnet in via $in_if
$cmd add pipe 200 all from $server_subnet to $client2_subnet out via $in_if

$cmd add 10000 allow all from any to any via $management_if
$cmd add 20000 allow all from any to any via $in_if
$cmd add 30000 allow all from any to any via $out_if

What I want to add now, is the possibility to limit the bandwidth of the whole link, e.g. 100Mbit/s on em0.

I've tried to add a pipe:

$cmd pipe 50 config bw 100Mbit/s queue $queue_size
$cmd add pipe 50 all from any to any via $in_if


But when I have a look at the pipes with 'ipfw show' I can only see packets go through pipe 50 and nothing goes through the other pipes (which makes sense actually since IPFW works that way?).


Any help is much appreciated.


xenator

Previous Thread | Next Thread
Test Your Knowledge in Computers #43
Difficulty: Easy
A serial interface transmits two bits of information at the same time, both a one and a zero.
True or False?

10 More Discussions You Might Find Interesting

1. OS X (Apple)

How to enable ipfw.log?

Under Mountain Lion, I want logs from ipfw sent to ipfw.log instead of dumped in system.log I've tried to figure out how OSX handles logs, but... after going back and forth between a syslog.conf which does little if anything, a newsyslog.conf that seems to only handle rotation, an asl.conf that... (3 Replies)
Discussion started by: jnojr
3 Replies

2. Cybersecurity

pass syntax iptables to ipfw

Hello, excuse my English. Please could tell me how I can pass this syntax for iptables to ipfw. iptables -A OUTPUT -p tcp --dport 80 -m state --state NEW -m recent --set --name thor --rdest -j ACCEPT iptables -A INPUT -p tcp -m tcp --tcp-flag RST RST -m state --state ESTABLISHED -m recent... (0 Replies)
Discussion started by: dot357
0 Replies

3. UNIX for Advanced & Expert Users

ipfw and dhcp

Hello, I have a little problem with my server configuration. So: I have two PC's with DHCP enable and both of them have two NIC's. PC1 - le0 ADSL PC1 - le1 192.168.10.1 PC2 - le0 192.168.10.10 PC2 - le1 192.168.20.1 One NIC on PC1 is connected to ADSL, another one have IP address... (3 Replies)
Discussion started by: mrowcp
3 Replies

4. BSD

dummynet problem.

I am using dummynet in bridge mode. and its working fine. Now I have built another box (freebsd 7.1) in router mode. On this box I have two NICs, one for lan and one for wan. both networks are segmented physically and logically i-e both interfaces have different ip pools and connected to... (0 Replies)
Discussion started by: azfar
0 Replies

5. Cybersecurity

FreeBSD IPFW Rules clarification please...

Hello. I hope you can help me please. We are about to bring a few servers online which will be hosting different things... For one server, it will be hosting a HTTPd, and just wanted to know whether these rules are correct that I have? To ensure the right interfaces etc, here's a copy of... (1 Reply)
Discussion started by: DanUK
1 Replies

6. IP Networking

using dummynet to limit bandwidth

Hello I need to limit the bandwidth from a list of ip addresses. I was planning to use the dummynet with lookup tables, so i took the example given in the manual pages: ipfw pipe 1 config bw 1000Kbyte/s ipfw pipe 4 config bw 4000Kbyte/s ... ipfw table 1... (1 Reply)
Discussion started by: Alex_sh
1 Replies

7. UNIX for Dummies Questions & Answers

Need help with IPFW.. Please...

Hi folks, I am a Mac User, and have little knowledge on IPFW. I have a set up at home where my computer (with 2 ethernet cards and static IP adresses) serves Internet to my family's computers. I have already a script that will run automatically at login and called from Cron at certain... (2 Replies)
Discussion started by: fundidor
2 Replies

8. Filesystems, Disks and Memory

PIPEs and Named PIPEs (FIFO) Buffer size

Hello! How I can increase or decrease predefined pipe buffer size? System FreeBSD 4.9 and RedHat Linux 9.0 Thanks! (1 Reply)
Discussion started by: Jus
1 Replies

9. Cybersecurity

ipfw directives and order of precidence...

Is there a general rule I can apply when examining/editing ipfw entries? Also, does each new entry have to have a unique rule number? And, I think I can write a script to block code red infected machines (though I'm not sure it would do more than slim down my web server error message log),... (0 Replies)
Discussion started by: [MA]Flying_Meat
0 Replies

10. UNIX for Dummies Questions & Answers

fBSD nat ipfw

i am running nat on my freeBSD and web/ftp server. The rule allow ip from any to any must always be? or how? if i accept all packets to go on my ep0 which diverts all to my intranet it doesnt help, must the rule allow ip from any to any always be ? even if many rules are between divert rule and... (3 Replies)
Discussion started by: hachik
3 Replies

Featured Tech Videos