Limiting bandwidth by ip or group of IPs using ipfw and dummynet (I'm ok to change if required....)

Hi everyone :)

We are starting a very small ISP for a city here that has no DSL.
We bring internet from an other big city at 120Kms away..

I try to have a bandwidth limit _by_ IP or by group of IPs but so far,
I have been very unlucky in the bandwidth limitation.
I use ipfw/dummynet (Not used to it, I come from linux.)
I want different bandwidth for outgoing and incoming traffic

My config is pretty simple:

The internet connection,
The FreeBSd server acting as NAT
A switch with customers connection

In the config files I show up, I have a computer acting as "customer computer"
that should be limited in bandwidth beeing 172.16.50.2.
the server has two NICs on internet side and one customer's side.
respectively for the test,
192.168.47.7 (internet side) dc0
172.16.50.1 (customers side) dc1

I enabled successfully the NAT functionnality but can't manage the bandwidth limitation.
as for now, I don't have yet the T1 that will connect me, so my current connection is at
15Kb/s which explains I try to limit the bandwidth to 3Kb/s to make sure everything works
properly.

Here is my ifpw config:
ipfw -f flush

# for some reason, this blocks the connection
#ipfw add divert natd all from 172.16.50.0/24 to any via dc0

ipfw add divert natd ip from any to any via dc0
ipfw add allow ip from any to any via lo0
ipfw add deny ip from any to 127.0.0.0/8
ipfw add deny ip from 127.0.0.0/8 to any
#ipfw add allow ip from any to any

ipfw pipe 1 config bw 3Kbit/s
ipfw add pipe 1 all from 172.16.50.2 to any

I test the bandwidth limitation with wget on an http ressource.

Thanks for any help you could provide, I really need this.



--
__________________________________________________
Now you can search for products and services
http://search.mail.com
_______________________________________________
freebsd-isp@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • Re: Bandwidth Hogging by server communication...
    ... Active Directory Replication Events During Scheduled Available Windows ... software found on the Internet, and Microsoft cautions you to make sure ... | Subject: Re: Bandwidth Hogging by server communication... ... | -> Internet connection is through a Netscreen Firewall, ...
    (microsoft.public.win2000.networking)
  • Re: Multihomed Terminal Server
    ... Concerning other routing matters,... ... faster line,...you don't get more bandwidth by adding another Line, that is ... CableTV internet line ... be handled by our LAN Router to move the traffic to the correct connection. ...
    (microsoft.public.windows.terminal_services)
  • Re: Time Warner setting up to gouge all their internet customers
    ... and the speed of my connection ... It's much cheaper and you aren't paying for bandwidth you don't need. ... People get their internet cable because it's touted as fast. ... As long as you get the speed you pay for? ...
    (alt.tv.tech.hdtv)
  • Re: Internet speed on MPLS-VPN network
    ... bandwidth you are currently using and checking all the routers that the ... slow then it make internet browsing appear "slow". ... can break into your network. ... connection with the central site, ...
    (comp.dcom.sys.cisco)
  • Re: Fbsd gateway+restrictions
    ... > I want This Box to work as a Internet gateway, ... > connection, and i want to block that one. ... use ipfw to deny specific ports to specific users / ips. ... FreeBSD unregistered;) user ...
    (freebsd-questions)