MAN page example vs. this?
Sean Hafeez
sahafeez at edgefocus.com
Sat Nov 29 03:07:43 PST 2003
the man pages has this example:
ipfw add pipe 1 ip from 192.168.2.0/24 to any out
ipfw add pipe 2 ip from any to 192.168.2.0/24 in
ipfw pipe 1 config mask src-ip 0x000000ff bw 200Kbit/s queue 20Kbytes
ipfw pipe 2 config mask dst-ip 0x000000ff bw 200Kbit/s queue 20Kbytes
the man page say this does:
...is limiting the outbound traffic on a net with per-host limits,
rather than per-network limits...
my first question is this just outbound? seem to me that pipe 1 is the
outbound limit and pipe 2 is an inbound limit? so this is a symmetric
link? am i reading this wrong? second, the mask only applies to the
last octet of the ip address (ff) - correct? so each host both out
bound user and is upstream target (i.e. www.cnn.com)?
now here is what i got from somewhere else. i am limiting each host (ip
address) to 200kbits/s. rl1 is the internal interface to the users.
ipfw add pipe 1 ip from any to any in recv rl1
ipfw add pipe 2 ip from any to any out xmit rl1
ipfw pipe 1 config mask src-ip 0xffffffff bw 200kbits/s
ipfw pipe 2 config mask dst-ip 0xffffffff bw 200kbits/s
are these 2 examples functionally the same? if not what is the
difference?
also in the first example, if the network was changed to
192.168.0.0/23, the mask would be 0x000003ff (255.255.254.0) ? it is a
reverse mask like a cisco, right?
thanks for your time!
More information about the freebsd-ipfw
mailing list