• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
TCP Bandwidth Management on OSX: Can the same TCP traffic be passed through TWO ipfw divert rules?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

TCP Bandwidth Management on OSX: Can the same TCP traffic be passed through TWO ipfw divert rules?

  • Subject: TCP Bandwidth Management on OSX: Can the same TCP traffic be passed through TWO ipfw divert rules?
  • From: R Blake <email@hidden>
  • Date: Thu, 07 Aug 2003 19:20:28 -0700
hi all,

I recently discovered a GPL'd util named "Throttled" which bring ipfw-based bandwidth management to OSX, in lieu of "dummynet" (ne1 know WHY dummynet is missing from OSX in the 1st place?). For reference, "Throttled" can be found at: http://www.intrarts.com/throttled.html


Throttled "does its thing" by running port-specific tcp traffic through an ipfw divert rule; e.g. -

in order to limit upload (outbound) traffic from a port:80 Apache server to $MAXSPEED KB/s, you first initialize throttled (here, to ITS default port:17777)

/usr/local/sbin/throttled -s $MAXSPEED -d 17777

and then add an ipfw rule, e.g.:

/sbin/ipfw add divert 17777 tcp from $IP 80 to any out xmit $INTERFACE

where
$IP == machine's PUBLIC IP address, or "any", and
$INTERFACE == machine's WAN ethernet interface (e.g., "en0")

this works quite nicely, and is straightforward/clear to me, ..... but, NOT when I consider integrating into my NATd env/config.

I'm interested in integrating Throttled into my OSX ipfw+natd+dhcp environment.

specifically, my NATd runs on $INTERFACE, as is common, at a dynamically assigned public IP (requiring "any" for $IP ...)

my gateway LAN address is IP = 10.0.0.1, and my internal web server is IP = 10.0.0.2

NATd is command-line configured with:

/usr/sbin/natd -interface $INTERFACE -dynamic -port 8668 -unregistered_only -use_sockets -redirect_port tcp 10.0.0.2:80 80

and the natd ipfw rule is:

/sbin/ipfw add 1000 divert natd ip from any to any via $INTERFACE


i'm a bit confused as to whether the two divert rules (throttled and natd) will conflict, and/or whether there is an order/priority issue ....

bottom line: can throttled & natd CO-EXIST? and if so, what's the proper configuration?

i've contacted the Throttled author re: this question, and altho he wasn't certain of the answer, he speculated that divert sockets DO NOT GET REINSERTED into the ipfw rule list after they are processed, thus preventing passing the TCP traffic through BOTH divert rules ... but that there are changeable kernel directives to change this behavior ...

any wisdom/insight is much appreciated!

blakers
_______________________________________________
darwin-kernel mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/darwin-kernel
Do not post admin requests to the list. They will be ignored.
  • Prev by Date: Re: Q: Darwin panicing too soon?
  • Next by Date: How to send an all ones broadcast
  • Previous by thread: Re: Q: Darwin panicing too soon?
  • Next by thread: How to send an all ones broadcast
  • Index(es):
    • Date
    • Thread