Hi everyone.
I'm a FreeBSD newbie and so far I'm impressed with its ease of usage when it comes to typical network admin tasks. However, I have a problem with which I've been stuck for over a week now and I really have to solve it soon.
As an ISP we use FreeBSD on our routers. One of their job is to provide efficient shaping. We do it in IPFW, pf does not seem to satisfy us so far. The ruleset has been configured by previous admins so it took me a while to familiarize with it. After that time I realized that even despite proper configurations every user gets somehow redirected to the same pipe. Look:
Here are the rule numbers for a given client
clients download points to some pipe
which actually looks like this
BUT THE CLIENT CAN BE ALSO SEEN IN PIPE 1
which results in that person having his or her download speed reduced to 10Mbps.
My question is: How could this be achieved?
I have read the file containing rules thoroughly and I'm certain there is no such redirection inside.
Any help will be greatly appreciated.
I'm a FreeBSD newbie and so far I'm impressed with its ease of usage when it comes to typical network admin tasks. However, I have a problem with which I've been stuck for over a week now and I really have to solve it soon.
As an ISP we use FreeBSD on our routers. One of their job is to provide efficient shaping. We do it in IPFW, pf does not seem to satisfy us so far. The ruleset has been configured by previous admins so it took me a while to familiarize with it. After that time I realized that even despite proper configurations every user gets somehow redirected to the same pipe. Look:
Here are the rule numbers for a given client
Code:
mcdonalds@router|pts/0|1:18:33|~ # ipfw show | grep 10.15.0.39
00601 356901 366036225 skipto 3008 ip from any to 10.15.0.39 via vlan9 out
00601 255781 10544036 skipto 4023 ip from 10.15.0.39 to any via vlan9 in
Code:
mcdonalds@router|pts/0|1:18:45|~ # ipfw show 3008
03008 359493 368713771 pipe 8 ip from any to any
03008 359490 368709379 skipto 60000 ip from any to any
Code:
mcdonalds@router|pts/0|1:20:01|~ # ipfw pipe show 8
00008: 81.920 Mbit/s 0 ms burst 0
q131080 50 sl. 0 flows (1 buckets) sched 65544 weight 0 lmax 0 pri 0 droptail
sched 65544 type FIFO flags 0x1 64 buckets 1 active
mask: 0x00 0x00000000/0x0000 -> 0xffffffff/0x0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp
57 ip 0.0.0.0/0 10.15.0.39/0 12 13859 0 0 0
Code:
mcdonalds@router|pts/0|1:20:30|~ # ipfw pipe show 1
00001: 10.240 Mbit/s 0 ms burst 0
q131073 50 sl. 0 flows (1 buckets) sched 65537 weight 0 lmax 0 pri 0 droptail
sched 65537 type FIFO flags 0x1 64 buckets 39 active
mask: 0x00 0x00000000/0x0000 -> 0xffffffff/0x0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp
0 ip 0.0.0.0/0 190.142.242.29/0 1 56 0 0 0
192 ip 0.0.0.0/0 46.229.154.11/0 2 88 0 0 0
66 ip 0.0.0.0/0 5.9.88.80/0 27 1080 0 0 0
2 ip 0.0.0.0/0 10.15.0.28/0 153 6120 0 0 0
68 ip 0.0.0.0/0 95.211.155.227/0 24 960 0 0 0
197 ip 0.0.0.0/0 190.199.80.75/0 1 62 0 0 0
136 ip 0.0.0.0/0 217.74.74.28/0 3 1100 0 0 0
15 ip 0.0.0.0/0 10.8.1.31/0 12 14394 0 0 0
25 ip 0.0.0.0/0 74.86.157.180/0 15 1376 0 0 0
153 ip 0.0.0.0/0 189.148.122.177/0 1 56 0 0 0
26 ip 0.0.0.0/0 50.22.209.55/0 1 40 0 0 0
219 ip 0.0.0.0/0 174.36.207.146/0 6 1190 0 0 0
28 ip 0.0.0.0/0 10.15.100.2/0 28 1176 0 0 0
221 ip 0.0.0.0/0 88.208.57.125/0 45 1800 0 0 0
221 ip 0.0.0.0/0 174.37.2.151/0 1 40 0 0 0
221 ip 0.0.0.0/0 190.37.42.151/0 1 56 0 0 0
223 ip 0.0.0.0/0 10.8.3.207/0 21 840 0 0 0
224 ip 0.0.0.0/0 159.253.129.27/0 1 40 0 0 0
226 ip 0.0.0.0/0 187.206.108.126/0 1 86 0 0 0
99 ip 0.0.0.0/0 79.110.204.190/0 7 781 0 0 0
100 ip 0.0.0.0/0 50.22.229.73/0 1 40 0 0 0
167 ip 0.0.0.0/0 74.86.143.10/0 1 40 0 0 0
41 ip 0.0.0.0/0 174.36.204.96/0 1 40 0 0 0
234 ip 0.0.0.0/0 88.208.57.74/0 1529 2288642 0 0 0
43 ip 0.0.0.0/0 10.15.0.53/0 6 840 0 0 0
44 ip 0.0.0.0/0 213.189.45.86/0 1 40 0 0 0
45 ip 0.0.0.0/0 190.179.55.75/0 1 56 0 0 0
238 ip 0.0.0.0/0 173.193.63.108/0 1 40 0 0 0
47 ip 0.0.0.0/0 90.170.36.123/0 1 55 0 0 0
241 ip 0.0.0.0/0 159.253.129.10/0 102 8331 0 0 0
178 ip 0.0.0.0/0 201.255.169.77/0 1 62 0 0 0
114 ip 0.0.0.0/0 181.0.195.115/0 1 62 0 0 0
53 ip 0.0.0.0/0 10.15.0.43/0 258 361102 0 0 12
118 ip 0.0.0.0/0 174.37.236.61/0 2 80 0 0 0
119 ip 0.0.0.0/0 189.91.16.193/0 1 62 0 0 0
120 ip 0.0.0.0/0 174.37.236.51/0 1 40 0 0 0
[B] 57 ip 0.0.0.0/0 10.15.0.39/0 13 12942 0 0 0
[/B]189 ip 0.0.0.0/0 10.15.64.163/0 439 616468 0 0 0
127 ip 0.0.0.0/0 10.15.64.97/0 91 136500 0 0 0My question is: How could this be achieved?
I have read the file containing rules thoroughly and I'm certain there is no such redirection inside.
Any help will be greatly appreciated.