Focus on BSD
limiting (prioritizing) traffic with ipfw2 Dec 20 2002 03:32AM
Miha Verlic (miha krneki org) (2 replies)
RE: limiting (prioritizing) traffic with ipfw2 Dec 21 2002 01:10AM
Roger Seielstad (roger wiredeuclid COM) (1 replies)
Not sure you're doing it correctly. Here's a config that works to limit
traffic through the box, doing pretty much what you're doing. For
purposes of this, subnet/24 is the internal network, and publicIP is the
external interface of the fiewall

${fwcmd} add pipe 11 ip from subnet/24 to any
${fwcmd} add pipe 11 ip from publicip/32 to any
${fwcmd} add pipe 12 ip from any to subnet/24
${fwcmd} add pipe 12 ip from any to publicip/32
${fwcmd} pipe 11 config bw 1536kbits/s de0
${fwcmd} pipe 12 config bw 1536kbits/s de0

This effectively creates an T1 speed connect maximum through the box,
based on the external interface (DC0).

Probably a good idea to add this too:
# Remaining
${fwcmd} add pipe 16 ip from any to any
${fwcmd} pipe 16 config bw 128kbits/s de0

To force all unclassified traffic into another pipe, and rate limit it
so you have to figure out what's wrong.

----------
Roger D. Seielstad
Email Geek

-----Original Message-----
From: Miha Verlic [mailto:miha (at) krneki (dot) org [email concealed]]
Sent: Thursday, December 19, 2002 10:33 PM
To: focus-bsd (at) securityfocus (dot) com [email concealed]
Subject: limiting (prioritizing) traffic with ipfw2

Hello,
even though this list seems dead to me, I'm giving it a shot ;-)

I'm setting up opensource mirror, and I would like to allow 45mbit/s of
outgoing bandwidth to networks (approx 40 subnets) our ISP has peerings
to, and 2mbit/s of bandwidth to everyone else.

I've tried the following:

peering="{ network1/20 or network2/24 or network3/22 or etc... }" ipfw
add pipe 30 ip from ${server} to ${peering} out via ${maingw} ipfw pipe
30 config bw 45Mbit/s ipfw add pipe 31 ip from ${server} to any out via
${maingw} ipfw pipe 31 config bw 2Mbit/s

However, this is sending all data through 2 pipes, thus limiting
everyone to 2mbit/s. I've tried several other options, but no luck,
since ! is not allowed in 'or' blocks.

Any ideas?
I'm running freebsd 4.7-stable with ipfw2 compiled in.

--Miha

---------------------------------------------------------------------
To unsubscribe, e-mail: focus-bsd-unsubscribe (at) securityfocus (dot) com [email concealed]
For additional commands, e-mail: focus-bsd-help (at) securityfocus (dot) com [email concealed]

---------------------------------------------------------------------
To unsubscribe, e-mail: focus-bsd-unsubscribe (at) securityfocus (dot) com [email concealed]
For additional commands, e-mail: focus-bsd-help (at) securityfocus (dot) com [email concealed]

[ reply ]
RE: limiting (prioritizing) traffic with ipfw2 Dec 22 2002 12:11AM
Miha Verlic (miha krneki org)
Re: limiting (prioritizing) traffic with ipfw2 Dec 20 2002 07:42PM
Damian Gerow (damian sentex net) (1 replies)
Re: limiting (prioritizing) traffic with ipfw2 Dec 20 2002 10:49PM
Peter van Dijk (peter dataloss nl) (1 replies)
Re: limiting (prioritizing) traffic with ipfw2 Dec 22 2002 12:19AM
Miha Verlic (miha krneki org)


 

Privacy Statement
Copyright 2010, SecurityFocus