Sveiki, Yep, it was a problem at the upstream which was seeing the packets twice and adding them into the pipe twice because of that. There were no skipto rules at the upstream.
------------------- HG> Timofej Dod wrote: >> Hi, >> >> I got a firewall with ipfw + dummynet. >> system is: >> FreeBSD 6.1-RELEASE-p10 >> >> table 1 contains 211 IP addresses. >> >> 00502 pipe 11 ip from any to table(1) out via rl0 >> 00502 skipto 2000 ip from any to table(1) >> >> and with pipe configured >> ipfw -q pipe 11 config mask dst-ip 0xffffffff bw 256Kbit/s >> >> however everybody only getting half of it i.e. 128 Kbits. >> also net.inet.ip.fw.one_pass: 1 doesn't seem to work properly since >> counters show that skipto rule is being triggered and it should not with >> the one_pass activated. >> Any clues how to make it give the speed it is supposed to? HG> I'm absolutely no expert on this matter, but I think you have to define HG> where the packets are going. It's got something to do with DUMMYNET or HG> IPFW seeing the packet twice. You're probably looking for: HG> 00502 pipe 11 ip from any to table(1) out xmit rl0 HG> A similar rule for incoming would be: HG> pipe 12 ip from table(1) to any in recv rl0 HG> -- HG> Håkon Granlund -- Timofej Dod Interneto programuotojas / Web Developer UAB "Eilorita" , 4you.ltT Tel./Faks:+370 52 349 379 Mob. +375 29 7783581 ICQ 136621403 http://www.4you.lt _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
