ddcommand in Linux or the rawrite application in DOS/Windows as follows:
# dd if=pico.000608.bin of=/dev/fd0
C:\rawrite.exe pico.000608.bin a:\
After this, you just need to configure your system and create pipes and rules to set bandwidth priorities for your network users.
Configuring the system
Take any old machine and make sure it has a diskette drive and two network cards. One network card will connect to your Internet gateway/router, while the other will connect to your internal network. I used two Realtek RTL-8139 NICs, which were detected by the OS and identified as rl0 and rl1 network devices.
Boot the system from the diskette. PicoBSD will automatically detect your network cards and will prompt you to provide an IP address and hostname for one of them. You can skip this step for the time being, as it can be done later on, and just press Enter. Once the OS is up and running, you will see a login prompt. Login as root with "setup" as the password. After logging in, you need to configure your network cards. To do this, first issue the following command to identify the two network cards on the system:
# ifconfig –l
Assign any free IP address available on your internal network to the first NIC (i.e. rl0 in my case) as follows:
# ifconfig rl0 inet 10.0.0.1 netmask 255.255.255.0
Also ensure that the corresponding network card is actually connected to your internal network.
Next assign a public IP address, provided to you by your ISP, to your second NIC as follows:
# ifconfig rl1 inet 184.108.40.206 netmask 255.255.255.224
If your ISP uses DHCP to assign IP addresses, you'll need to run
dhclient, which is not part of PicoBSD by default, but you can add it. After configuring your network cards you need to edit the /etc/rc.conf file in order to set the gateway for the public network so that internal users can access the public network (Internet). Find the
defaultgateway entry in this file and set it equal to the IP address of your Internet router, as provided by your ISP. Next, find the
gateway_enable entry and set it to Yes. Save the file and exit the editor. Now, reinitialize the services by issuing the command:
# sh /etc/rc
The system will start functioning as a router and you can use its private IP address as the default gateway address for the clients connected on your internal network.
At this point, you haven't done anything that will help manage your bandwidth. for that, you need to create bandwidth pipes and set rules to control the flow of the various types of packets (TCP, UDP, and ICMP) that are going to pass through the router. To do this we will use dummynet, a traffic shaper and bandwidth manager that permits you to control traffic going through the various network interfaces, by applying bandwidth and queue size limitations, implementing scheduling and queue management policies, and emulating delays and losses. Dummynet is implemented at the kernel level in the networking protocol stack.
A pipe in a dummynet system emulates a link with given bandwidth, propagation delay, queue size, and packet loss rate. In other words, pipes are used to set hard limits on the bandwidth that a flow can use. Whereas queues in the dummynet system determine how different flows share the available bandwidth. The user interface for dummynet is provided by the ipfw utility, used for creating firewall rules and controlling the dummynet traffic shaper in FreeBSD.
Whatever pipes, queues, and rules you create are solely meant to operate on the packets traversing the first interface of the system (i.e. rl0 interface in our case), which is connected to your internal network. Therefore, you need to be extra careful when identifying your network cards.
Plan out the bandwidth requirements of your organization, then allocate bandwidth for various kinds of network traffic accordingly. For instance, suppose you wish to limit the inbound traffic to 250Kbps for each node on your internal network 10.0.0.0/24. To do this, issue the following commands:
# ipfw add pipe 1 ip from any to 10.0.0.0/24
# ipfw pipe 1 config bw 250Kbit/s queue 20 mask dst-ip 0x000000ff
The first command creates a pipe named
pipe 1 for all the inbound traffic to your internal network. The second command allocates a bandwidth of 250Kbps to
pipe 1 and also creates 20 separate queues. Each of the queues created will correspond to a particular host on the internal network and will get the same bandwidth as defined for the pipe
pipe 1. You can create even more queues depending on the number of hosts in your internal network.
If you want all the nodes on your internal network to evenly share a single link, you should do the following instead:
# ipfw add queue 1 ip from any to 10.0.0.0/24
# ipfw queue 1 config weight 5 pipe 2 mask dst-ip 0x000000ff
# ipfw pipe 2 config bw 250Kbit/s
The above commands create a pipe named
pipe 2 with bandwidth of 250Kbps and attaches and configures a queue named
queue 1 to this pipe. Each flow through this single queue, corresponding to a particular node in the internal network, will share the parent pipe's bandwidth evenly with other flows generated by the same queue. Other queues with different weights can also connected to the same pipe.
Validity of the system
To experimentally see the effectiveness of this bandwidth management solution you can test the setup by applying rules on the ICMP packets that traverse your network. Issue the following commands on your bandwidth management box to set the rules:
# ipfw add pipe 2 icmp from any to any
# ipfw pipe 2 config bw 30Kbit/s queue 10
This limits the total ICMP traffic (inbound and outbound) on your network to 30Kbps. Now, from any host on your internal network, ping your Internet router with its public IP. You will notice that the ping response time has increased. This indicates that your bandwidth management box is functioning. You can delete this pipe and bring the ping response time back to normal with the command:
# ipfw delete pipe 2
In this way you can add and delete pipes and rules and throttle the bandwidth in your LAN according to your needs. For a detailed description of using
ipfw and creating pipes and rules, refer to its online man page .
One final point to remember is that all the rules that you set are lost when you reboot the system. Therefore, you will have to configure the system from scratch after a reboot. You can save all your configuration commands to a shell file and run it after the system boots, but to do so you need to create a custom version of PicoBSD.
Rohit Girhotra is a 22-year-old engineering graduate from NSIT, New Delhi, and a Linux aficionado.