On Tue, Jun 19, 2012 at 01:48:45AM +0900, Randy Bush wrote:
> add pipe 1 tcp from 147.28.2.129 to 147.28.2.133
> add pipe 2 tcp from 147.28.2.133 to 147.28.2.129
> pipe 1 config queue 50 delay 200ms
> pipe 2 config queue 50 delay 200ms
>
> is a tcp packet from 147.28.2.129 to 147.28.2.133 delayed by 200ms or
> 400ms, 200 for each interface?
it depends on where the traffic source and destination are,
and on the configuration of the firewall.
See the ascii diagram near PACKET FLOW in the ipfw manpage,
reproduced below. Each [block] can potentially pass the
packet through a pipe.
For better control on the traffic flow, I'd suggest to
use the "in" and "out" keywords in ipfw rules so you
do not risk that through traffic on a router is
intercepted twice.
^ to upper layers V
| |
+----------->-----------+
^ V
[ip(6)_input] [ip(6)_output] net.inet(6).ip(6).fw.enable=1
| |
^ V
[ether_demux] [ether_output_frame] net.link.ether.ipfw=1
| |
+-->--[bdg_forward]-->--+ net.link.bridge.ipfw=1
^ V
| to devices |
cheers
luigi
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
