On the trail of a dummynet/bridge/ipfw bug.
AT Matik
asstec at matik.com.br
Wed Mar 12 22:11:00 UTC 2008
On Wednesday 12 March 2008 14:33:04 Wade Klaver wrote:
> PROBLEM DESCRIPTION
>
> I have a bridge set up on a 7.0 box and am attempting to use it to limit
> HTTP connections outgoing from a box behind it to 192Kbit/s for testing.
> During this testing I ran into some problems. At first, I found that
> the number of simultaneous pipes was limited to 1024, allowing only 1024
> 192Kbit/s clients. Additional clients were simply blocked. I am using
> a very simple firewall config:
>
> ipfw pipe 1 config bw 192Kbits/s mask all
> ipfw add 00051 skipto 99 ip from 192.168.0.0/16 to 192.168.0.0/16
> ipfw add 00052 skipto 1000 ip from any to any
> ipfw add 00100 pipe 1 ip from 192.168.10.88 80 to any via bridge0
> ipfw add 00200 pipe 1 ip from any 25111 to any via bridge
>
> Regardless of how many clients I threw at the box, I had the limit:
>
> [root at ibm3550b ~]# ipfw pipe show | wc -l
> 1028
>
you must have something wrong there, I just checked on one of my boxes:
# ipfw pipe show | wc -l
1797
--
Atenciosamente, J.M.
Responsável Plantão Site Support Matik
Infomatik Internet Technology
(18)3551.8155 (18)8112.7007
http://info.matik.com.br
A mensagem foi scaneada pelo sistema de e-mail e pode ser considerada segura.
Service fornecido pelo Datacenter Matik https://datacenter.matik.com.br
More information about the freebsd-ipfw
mailing list