pipe相关配置呢?
没有mask共用一个pipe。
# If you just configured ipfw in the kernel as a tool to solve network
# problems or you just want to disallow some particular kinds of traffic
# then you will want to change the default policy to open.You can also
# do this as your only action by setting the firewall_type to ``open''.
#
# ${fwcmd} add 65000 pass all from any to any
${fwcmd} add divert 8668 all from any to any via em0
${fwcmd} add pipe 20 ip from 192.168.1.1/24 to any
${fwcmd} pipe 20 config bw 40KBytes/s queue 10
${fwcmd} add pipe 21 ip from any to 192.168.1.1/24
${fwcmd} pipe 21 config bw 1024KBytes/s queue 10
${fwcmd} add queue 20 ip from any to 192.168.1.0/24
${fwcmd} queue 20 config weight 5 pipe 2 mask dst-ip 0x000000ff
${fwcmd} pipe 2 config bw 16Mbit/s
${fwcmd} add allow tcp from 192.168.1.1/24 to any setup limit src-addr 60
上面就是我全部的防火墙限速策略了。回复 11# lsstarboy
网关限速一般适于限制上传而不擅长限制下载。除非是内部网络。
电信发回给你多少数据不是你能决定得了的。当然如果是tcp友好流,察觉到网速不行,会自动降速。如果不是tcp友好流,丢掉部分下载数据,只会导致数据包重传,别的连接也不会因此抢到更多带宽。
你在下载用了queue,而在上传反而没用queue。上传用queue比较适合。你可以先用systat -if看一下上传的流量是不是很大。
还有,你去掉pipe参数queue 10试试看。
把mask放到pipe上再试。
给我个代码吧,我很白的。回复 15# lsstarboy
${fwcmd} add 65000 pass all from any to any
${fwcmd} add divert 8668 all from any to any via em0
${fwcmd} add pipe 20 ip from 192.168.1.1/24 to any
${fwcmd} pipe 20 config bw 40KBytes/s queue 10 mask dst-ip 0x000000ff
${fwcmd} add pipe 21 ip from any to 192.168.1.1/24
${fwcmd} pipe 21 config bw 1024KBytes/s queue 10 mask dst-ip 0x000000ff
${fwcmd} add queue 20 ip from any to 192.168.1.0/24
${fwcmd} queue 20 config weight 5 pipe 2 mask dst-ip 0x000000ff
${fwcmd} pipe 2 config bw 16Mbit/s
${fwcmd} add allow tcp from 192.168.1.1/24 to any setup limit src-addr 60
回复 15# lsstarboy
是这样加吗?
本帖最后由 door10000 于 2013-05-02 18:49 编辑
回复 14# kkkggg
确实,我在下载用了queue后下载速度小了,上传速度反而远远大于下载。看来是这个原因。不过我在pipe限制上传后上传数据就下来了。不过多客户大量使用带宽时会非常大的延迟,即使宽带远未用完。
昨天晚上把buf设置从512k变到10M,这有必要吗?