Ниже приведу результат ipfw show, подправленный только для удобочитаемости.
Проблема возникает при включении общих pipe - которыми, как я считаю
, должна ограничиваться общая полоса ( провайдер мне не режет 1Мбит в мир и 10Мбит к городу, чисто на хороших отношениях, должен не превышать ) .. как не крутил, либо скорость у клиентов в два раза меньше необходимой, либо вообще 1-2 кб/с .. и таймауты на Яндекс тот же увеличиваются со 100мс до 2000 - 3000 мс. Помогите плиз советом, до этого только с iptables работал, сложно сразу перестроиться .. не улаживается ipfw пока в голове 
в rc.local прописал ..ip.fw.one_pass=0
table(10, xx) - ip-шники пользователей с указанием скорости в мир
table(11, xx) - ip-шники пользователей с указанием скорости к городу
Код: Выделить всё
00010 0 0 allow ip from any to any via lo0
00011 21 2532 deny ip from any to 172.16.0.0/12 in via {if_out}
00012 0 0 deny ip from any to 10.0.0.0/8 in via {if_out}
00013 0 0 deny ip from any to 192.168.0.0/16 in via {if_out}
00014 0 0 deny ip from any to 0.0.0.0/8 in via {if_out}
00015 0 0 deny ip from any to 169.254.0.0/16 in via {if_out}
00016 156 5616 deny ip from any to 240.0.0.0/4 in via {if_out}
00017 0 0 deny icmp from any to any frag
00018 0 0 deny log logamount 200 icmp from any to 255.255.255.255 in via {if_out}
00019 0 0 deny log logamount 200 icmp from any to 255.255.255.255 out via {if_out}
00020 3 288 reject log logamount 200 ip from not {clients} to any in via {if_lan}
00060 14 3337 allow udp from any to me dst-port 53 in via {if_out}
00061 14 1069 allow udp from me to any dst-port 53 out via {if_out}
00092 38896 34929687 skipto 106 ip from any to {City}
00093 5478 1402485 skipto 105 ip from {City} to any
00100 23288 11751509 pipe 1 ip from {clients} to any in via {if_lan}
00101 1406 964544 pipe 2 ip from any to {clients} out via {if_lan}
00105 3753 298531 pipe 3 ip from {City} to any out via {if_lan}
00106 12656 16513273 pipe 4 ip from any to {City} in via {if_lan}
01000 38587 34692248 skipto 25000 ip from any to {City}
20001 5 365 pipe 20001 ip from table(10,48) to any out via {if_out}
20002 169 7312 pipe 20002 ip from table(10,56) to any out via {if_out}
20003 13496 6888587 pipe 20003 ip from table(10,64) to any out via {if_out}
20004 28 1284 pipe 20004 ip from table(10,96) to any out via {if_out}
20005 85 77725 pipe 20005 ip from table(10,128) to any out via {if_out}
20006 336 34164 pipe 20006 ip from table(10,160) to any out via {if_out}
21000 23261 9959331 skipto 30000 ip from any to any
25001 0 0 pipe 25001 ip from table(11,96) to any out via {if_out}
25002 0 0 pipe 25002 ip from table(11,112) to any out via {if_out}
25003 5 1224 pipe 25003 ip from table(11,128) to any out via {if_out}
25004 7 280 pipe 25004 ip from table(11,160) to any out via {if_out}
25005 0 0 pipe 25005 ip from table(11,256) to any out via {if_out}
25006 128 8518 pipe 25006 ip from table(11,320) to any out via {if_out}
25007 0 0 pipe 25007 ip from table(11,1024) to any out via {if_out}
25008 0 0 pipe 25008 ip from table(11,4096) to any out via {if_out}
25009 12419 16392035 pipe 25009 ip from table(11,5120) to any out via {if_out}
26000 21381 14833039 skipto 30100 ip from {City} to any
26005 13940 18549874 skipto 30100 ip from 10.40.0.0/24 to {City}
30000 848 543500 skipto 31000 ip from {моя статика} to any out via {if_out}
30005 1013 187630 skipto 31000 ip from any to {моя статика} in via {if_out}
30100 8971 9876673 divert 8668 ip from 10.40.0.0/24 to any out via {if_out}
30105 4986 1227074 divert 8668 ip from any to {ip_out} in via {if_out}
31000 35789 26084649 skipto 45000 ip from {City} to any
40001 6 879 pipe 40001 ip from any to table(10,48) in via {if_out}
40002 184 256568 pipe 40002 ip from any to table(10,56) in via {if_out}
40003 537 420885 pipe 40003 ip from any to table(10,64) in via {if_out}
40004 28 6430 pipe 40004 ip from any to table(10,96) in via {if_out}
40005 66 3929 pipe 40005 ip from any to table(10,128) in via {if_out}
40006 331 231227 pipe 40006 ip from any to table(10,160) in via {if_out}
41000 25987 18534676 skipto 46000 ip from any to any
45001 0 0 pipe 45001 ip from any to table(11,96) in via {if_out}
45002 0 0 pipe 45002 ip from any to table(11,112) in via {if_out}
45003 0 0 pipe 45003 ip from any to table(11,128) in via {if_out}
45004 13 3849 pipe 45004 ip from any to table(11,160) in via {if_out}
45005 2 112 pipe 45005 ip from any to table(11,256) in via {if_out}
45006 100 13614 pipe 45006 ip from any to table(11,320) in via {if_out}
45007 0 0 pipe 45007 ip from any to table(11,1024) in via {if_out}
45008 0 0 pipe 45008 ip from any to table(11,4096) in via {if_out}
45009 6864 428189 pipe 45009 ip from any to table(11,5120) in via {if_out}
50011 0 0 deny ip from 172.16.0.0/12 to any out via {if_out}
50012 3 168 deny ip from 10.0.0.0/8 to any out via {if_out}
50013 0 0 deny ip from 192.168.0.0/16 to any out via {if_out}
50014 0 0 deny ip from 0.0.0.0/8 to any out via {if_out}
50015 0 0 deny ip from 169.254.0.0/16 to any out via {if_out}
50016 0 0 deny ip from 240.0.0.0/4 to any out via {if_out}
50050 44637 36884864 allow tcp from any to any established
50060 1127 461532 allow ip from {ip_out} to any out xmit {if_out}
50070 433 95426 allow ip from {моя статика} to any out xmit {if_out}
50080 0 0 allow udp from any 53 to any via {if_out}
50090 0 0 allow udp from any to any dst-port 53 via {if_out}
50100 0 0 allow udp from any to any dst-port 123 via {if_out}
50110 0 0 allow tcp from any to {ip_out} dst-port 21 via {if_out}
50120 0 0 allow tcp from any to {ip_out} dst-port 49152-65535 via {if_out}
50130 1537 788678 allow icmp from any to any icmptypes 0,8,11
50140 0 0 allow tcp from any to {ip_out} dst-port 22 via {if_out}
50150 13229 6265508 allow ip from any to any via {if_lan}
50500 0 0 allow ip from 10.40.0.0/24 to any
50500 83 15935 allow ip from any to 10.40.0.0/24
50500 0 0 allow ip from {моя статика} to any
50500 669 82421 allow ip from any to {моя статика}
65535 1384 859985 allow ip from any to any
