FreeBSD Traffic Shaping

freebsdipfwpipetraffic-shaping

I'm trying to do traffic shaping with FreeBSD, here are my rules

su-3.2# ipfw show | grep pipe
08380 1514852  125523804 pipe 1 tcp from any to any dst-port 80
su-3.2# ipfw pipe 1 show
00001:   2.000 Mbit/s    0 ms   50 sl. 1 queues (1 buckets) droptail
    mask: 0x00 0x00000000/0x0000 -> 0x00000000/0x0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp
  0 tcp     64.237.55.83/60598    72.21.81.133/80    6520267 1204533020  0    0 1216
su-3.2#

first of all why when I run ipfw pipe 1 show i get same source and destination ip, that doesnt seem like ever change yet total packets/bytes increasing

and most important question, after donig all that I'm looking at my MRTG stats and I see i'm very well over 2Mbit/s limit.

what am I doing wrong?

here is config file

flush
pipe flush
pipe 1 config bw 2Mbit/s
add 100 allow ip from any to any via lo0
add 200 deny ip from any to 127.0.0.0/8
add 300 deny ip from 127.0.0.0/8 to any
add 8380 pipe 1 tcp from any to any src-port www uid daemon
add 8380 pipe 1 tcp from any to any dst-port www uid daemon
add 65000 pass all from any to any

Best Answer

You restrict http traffic to 2Mb/s, but you let all other traffic pass through. So you can still have 50Mb/s of FTP traffic for example which won't be limited

I used to set policy this way:

# flush all rules
ipfw -f flush

ipfw pipe 1 config bw 256Kbits/s
ipfw pipe 2 config bw 512Kbits/s
ipfw pipe 10 config bw 1Mbits/s
ipfw pipe 50 config bw 20Mbits/s
ipfw pipe 60 config bw 20Mbits/s
ipfw pipe 100 config bw 100Mbits/s


ipfw add 1 pipe 50 ip from X.X.X.X/21 to any out
ipfw add 2 pipe 60 ip from any to X.X.X.X/21 in

So you have 20Mb/s to inside and 20Mb/s to outside. If you only use one pipe, then it's 20Mb/s shared, so 10Mb/s.

Your shapping must include all traffic at the end, so there is no flow without traffic shapping

Related Topic