trouble with ipfw on FreeBSD 10

2014-09-29 Thread Jack Barber 
We are having trouble getting ipfw to work over a bridged interface.

for example:

machine 1 -> Bridged interface FreeBSD 10 -> machine 2.

machine 1 - 192.168.20.20
machine 2 - 192.168.20.25

now I set something like this in /etc/ipfw.rules:

$IPFWcmd add deny all from 192.168.20.20/24 to any
$IPFWcmd add deny all from any to 192.168.20.20/24

where both machine 1 and machine 2 are on said subnet and already work.

when I reload the rules, I am unable to stop a connection between
machine 1 and machine 2.

I've already made sure that ipfw is running(loaded), and the rules
appear to take, and even show up with "ipfw show".

# ipfw show
...
0170000 deny ip from 192.168.20.0/24 to any
0180000 deny ip from any to 192.168.20.0/24
65535 9227 11389032 allow ip from any to any

However, there is no effect on data travelling over the pipe at all.

This setup was confirmed many times to work with FreeBSD 9.2, but it
does not work on 10. any help is appreciated.
___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"

FreeBSD max pipe size?

2014-10-13 Thread Jack Barber 
I am trying to set up dummynet with FreeBSD 9.3 and a 10 GB Fibre over
ethernet NIC (ix drivers).

Dummynet appears to have a limit of 1.25 gigabits a second, and when I
start setting extremely large pipe values I start running into:

ipfw: bandwidth too large

It doesn't like(in /etc/ipfw.rules)
$IPFWcmd pipe 10 config bw 8000Mbits
but for some reason it likes
$IPFWcmd pipe 20 config bw 10Mbits
and
$IPFWcmd pipe 10 config bw 1Mbits

even if there is no notcable performance diffrence betwen them

$ iperf -c load-server2

Client connecting to load-server2, TCP port 5001
TCP window size:  434 KByte (default)

[  3] local 192.168.20.25 port 56122 connected with 192.168.20.20 port 5001
[ ID] Interval   Transfer Bandwidth
[  3]  0.0-10.0 sec  1.57 GBytes  1.35 Gbits/sec

$ iperf -c load-server1

Client connecting to load-server1, TCP port 5001
TCP window size:  459 KByte (default)

[  3] local 192.168.20.20 port 49028 connected with 192.168.20.25 port 5001
[ ID] Interval   Transfer Bandwidth
[  3]  0.0-10.0 sec  1.36 GBytes  1.17 Gbits/sec


testing is done on a private subnet which houses nothing more than two
loading servers and a FreeBSD bridge in between. All machines have 10
GB/sec ix driver cards.

Now, same set up, but commenting out all dummynet refrences in ipfw.rules:
$ iperf -c load-server1

Client connecting to load-server1, TCP port 5001
TCP window size:  459 KByte (default)

[  3] local 192.168.20.20 port 49029 connected with 192.168.20.25 port 5001
[ ID] Interval   Transfer Bandwidth
[  3]  0.0-10.0 sec  8.44 GBytes  7.24 Gbits/sec

$ iperf -c load-server2

Client connecting to load-server2, TCP port 5001
TCP window size:  434 KByte (default)

[  3] local 192.168.20.25 port 56123 connected with 192.168.20.20 port 5001
[ ID] Interval   Transfer Bandwidth
[  3]  0.0-10.0 sec  7.89 GBytes  6.78 Gbits/sec

___
freebsd-ipfw@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"