dummynet problem.

azfar · Mar 24, 2009

I have a freebsd 7.1 box. It has two interfaces both have puclic ips. Both nics are connected two different network segments.

The problem is when I use the dummynet in bridge mode its working fine but if I disable bridge and use routing (freebsd) the bandwidth rule seems to be applying 4 times and when I aslo define the interface name in rule I am getting half bandwidth.

Here are my config. (half bandwidth)

Code:

#$cmd add pipe 78 ip $src 203.90.14.120 $dest any
$cmd add pipe 79 ip $src any $dest 203.90.14.120 out via le1
can# more /etc/ipfw.rules
#!/bin/sh
######################
# ipfw Firewall Commands
######################
cmd="ipfw -q"
bwd="config bw"
qip="config pipe"
dest="to"
src="from"
lod="weight"
######################
$cmd flush
$cmd pipe flush
#$cmd add deny all from any to any
#$cmd add allow all from any to any

$cmd pipe 78 $bwd 512kbits/s
$cmd pipe 79 $bwd 512kbits/s
#$cmd add pipe 78 ip $src 203.90.14.120 $dest any
$cmd add pipe 79 ip $src any $dest 203.90.14.120 out via le1
can# more /etc/ipfw.rules
#!/bin/sh
######################
# ipfw Firewall Commands
######################
cmd="ipfw -q"
bwd="config bw"
qip="config pipe"
dest="to"
src="from"
lod="weight"
######################
$cmd flush
$cmd pipe flush
#$cmd add deny all from any to any
#$cmd add allow all from any to any

$cmd pipe 78 $bwd 512kbits/s
$cmd pipe 79 $bwd 512kbits/s
#$cmd add pipe 78 ip $src 203.90.14.120 $dest any
$cmd add pipe 79 ip $src any $dest 203.90.14.120 out via le1

azfar · Mar 24, 2009

sysctl.conf

Code:

kern.ipc.somaxconn=8192
kern.ipc.nmbclusters=32768
kern.maxfiles=65000
net.inet.ip.intr_queue_maxlen=5000
kern.ipc.maxsockbuf=8388608
net.inet.tcp.sendspace=3217968
net.inet.tcp.recvspace=3217968
kern.maxfilesperproc=32768
net.inet.udp.recvspace=65535
net.inet.udp.maxdgram=57344
net.local.stream.recvspace=65535
net.local.stream.sendspace=65535
net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1
net.inet.icmp.icmplim=100
net.inet.tcp.msl=2500
net.inet.ip.forwarding=1
net.inet.ip.fw.one_pass=1

azfar · Mar 24, 2009

rc.local

Code:

ipf -D
sysctl -w net.inet.ipf.fr_statemax=21529
sysctl -w net.inet.ipf.fr_statesize=30757
sysctl -w net.inet.ipf.ipf_rdrrules_sz=254
sysctl -w net.inet.ipf.ipf_natrules_sz=254
sysctl -w net.inet.ipf.ipf_nattable_sz=34487
sysctl -w net.inet.ipf.fr_tcpidletimeout=7200
sysctl -w net.inet.ipf.fr_tcpclosewait=120
sysctl -w net.inet.ipf.fr_tcplastack=120
sysctl -w net.inet.ipf.fr_tcptimeout=240
sysctl -w net.inet.ipf.fr_tcpclosed=60
sysctl -w net.inet.ipf.fr_tcphalfclosed=300
sysctl -w net.inet.ipf.fr_udptimeout=90
sysctl -w net.inet.ipf.fr_icmptimeout=35
ipf -E
/etc/netstart

azfar · Mar 24, 2009

rc.conf

Code:

gateway_enable="YES"
hostname="can.eworld.net.pk"
inetd_enable="YES"
keymap="us.iso"
linux_enable="YES"
moused_enable="YES"
sshd_enable="YES"
#le0 WAN, le1 CAN
ifconfig_le1="inet 203.90.14.246  netmask 255.255.255.0"
ifconfig_le0="inet 203.90.15.246  netmask 255.255.255.0"
defaultrouter="203.90.15.243"
firewall_enable="YES"
firewall_script="/etc/ipfw.rules"
firewall_logging="NO"
usbd_enable="YES"
#pppoed_enable="YES"
#pppoed_flags="-d -P /var/run/pppoed.pid -l "default" "
#pppoed_interface="rl0"

azfar · Mar 24, 2009

the ipfw.conf has been pasted twice so dont get it as a problem.

azfar · Mar 24, 2009

kernel options.

Code:

options IPSTEALTH

options IPFIREWALL

options IPFIREWALL_FORWARD

options IPFIREWALL_VERBOSE

options IPFIREWALL_VERBOSE_LIMIT=10

options DUMMYNET

options HZ=1000

options IPDIVERT

options IPFIREWALL_DEFAULT_TO_ACCEPT

options NETGRAPH

options NETGRAPH_PPPOE

options NETGRAPH_SOCKET

options MSGMNB=8192

options MSGMNI=40

options MSGSEG=512

options MSGSSZ=64

options MSGTQL=2048

azfar · Mar 24, 2009

Code:

device if_bridge

azfar · Mar 24, 2009

Any idea why i am getting half bandwidth. le1 is my LAN and le0 is my WAN.
Am I doing any thing wrong in ipfw rules.

azfar · Mar 24, 2009

When I donot mention any interface in bandwidth rule I am getting only 1/4 bandwidth in my download manager but DU meter shows 1/2 bandwidth. Any body tell me why this is happening. I cant mention the interface name as i am using pppoe and every time each client pppoe virtual interface changes i-e tun0, tun1, tun3....

azfar · Mar 24, 2009

ok the du meter problem is rectified, it was configured to all interface i-e one is my pppoe and second is ethernet.