I'm trying to do traffic shaping with FreeBSD, here are my rules
su-3.2# ipfw show | grep pipe 08380 1514852 125523804 pipe 1 tcp from any to any dst-port 80 su-3.2# ipfw pipe 1 show 00001: 2.000 Mbit/s 0 ms 50 sl. 1 queues (1 buckets) droptail mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000 BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp 0 tcp 64.237.55.83/60598 72.21.81.133/80 6520267 1204533020 0 0 1216 su-3.2#
first of all why when I run ipfw pipe 1 show i get same source and destination ip, that doesnt seem like ever change yet total packets/bytes increasing
and most important question, after donig all that I'm looking at my MRTG stats and I see i'm very well over 2Mbit/s limit.
what am I doing wrong?
here is config file
flush pipe flush pipe 1 config bw 2Mbit/s add 100 allow ip from any to any via lo0 add 200 deny ip from any to 127.0.0.0/8 add 300 deny ip from 127.0.0.0/8 to any add 8380 pipe 1 tcp from any to any src-port www uid daemon add 8380 pipe 1 tcp from any to any dst-port www uid daemon add 65000 pass all from any to any
Best Answer
You restrict http traffic to 2Mb/s, but you let all other traffic pass through. So you can still have 50Mb/s of FTP traffic for example which won't be limited
I used to set policy this way:
So you have 20Mb/s to inside and 20Mb/s to outside. If you only use one pipe, then it's 20Mb/s shared, so 10Mb/s.
Your shapping must include all traffic at the end, so there is no flow without traffic shapping