Solved (ipfw) Limit in/out bandwidth of a single machine in a NAT’ed LAN

O

obsigna

Profile disabled
I am in need to limit the bandwidth which my son’s computers consumes when he plays Apex Legends while talking to his friends/team by the way of Discord. On occasion every network speed goes down to a crawl. For the time being, I do not want to simply prohibit him gaming. Because of the pandemic there are not so much other choices for him to meeting with and talking to friends.

The gateway runs FreeBSD 12.2-RELEASE-p2 and it got a working stateful NAT’ed ipfw firewall. However, dummynet and traffic shaping is new to me. I did the following:

1. In /boot/loader.conf I added dummynet_load="YES".

2. In the ipfw configuration file I configured 2 pipes:
Code: 
# Configure 2 pipes for traffic shaping
/sbin/ipfw -q pipe 1 config delay 10ms bw 2Mbit/s
/sbin/ipfw -q pipe 2 config delay 10ms bw 2Mbit/s
3. For outgoing traffic, I added the rule for pipe 1 right before the incoming NAT rule:
Code: 
...
# Pipe 1 before NAT for shaping outgoing traffic of the gaming machine
/sbin/ipfw -q add 99 pipe 1 ip4 from 192.168.0.7 to any

# NAT rule for incoming packets.
/sbin/ipfw -q add 100 nat 1 ip4 from any to any in recv $WAN
...
4. For incoming traffic, I added the rule for pipe 2 right after the outgoing NAT rule:
Code: 
...
# NAT rule for outgoing packets.
/sbin/ipfw -q add 10000 nat 1 ip4 from any to any out xmit $WAN

# Pipe 2 after NAT for shaping incoming traffic
/sbin/ipfw -q add 10001 pipe 2 ip4 from any to 192.168.0.7
...
Does this look reasonable? The two pipes got a heavy traffic count. The gaming computer is a Windows 10 machine. Is there a way to find out whether the bandwidth limitation does actually work?
 
obsigna said:
I am in need to limit the bandwidth which my son’s computers consumes when he plays Apex Legends while talking to his friends/team by the way of Discord. On occasion every network speed goes down to a crawl
Click to expand...
I think the network speed slowing down has little to do with gaming or discord. Both don't take up much bandwidth. Discord certainly doesn't use a lot of bandwidth. A game might but most online games are actually not that heavy a load. I suspect the slow downs are caused by something else (ISP congestion is the most obvious).
 
I never had problems in our network until he started playing Apex Legends. Now that you wrote, that games do not consume much bandwidth, I did a quick Google search and found tons of notices that Apex does. According to this post it will go up to 1,2 Mbit/s if the internet connection does support it. This is yet below 2 Mbit/s which I adjusted for the pipes, I will see what happens when I reduce it to 512 kbit/s.

Forgetting gaming for a moment, the question remains, whether my setup does look reasonable.
 
I have this running for some days now, and it does simply work as it was supposed to do. I needed to adjust the pipe's parameters a little bit, because initially my son was complaining, that his ping:-D went up from 7-10 ms to 50-70 ms and downloading something took forever. OK, I then gave his computer half of the house’s bandwidth of 10/2 Mbit/s (down/up), and I removed the delays.
Code: 
# Configure 2 pipes for traffic shaping
/sbin/ipfw -q pipe 1 config delay 0 bw 1Mbit/s
/sbin/ipfw -q pipe 2 config delay 0 bw 5Mbit/s
This solved the problem for everybody. The son may play Apex Legends reasonably well and the rest of the family does not suffer from a deteriorated network access because of his gaming.
 
You must log in or register to reply here.
Back
Top