pf altq question

Szukács István leccine at gmail.com
Mon May 2 14:41:56 PDT 2005 

Hi!

I have a little problem with the pf altq, ihave a freebsd GW at home. I 
use pf for nat and for packet filtering, very good and simple tool.

machine1-------
(litch)                |
                        |-------------fxp0 (GW)rl0----INTERNET
machine2-------
(zoli)

The problem is that  I run samba on the GW(listen only for the internal 
net), and  if i define an 1500Kb/s queue (my dl speed) it is limit my 
samba access too not only packets from the internet, if i define 100Mb/s 
queue everything go in the default queue and i dont limit the traffic.

Here is the config

[23:23:40] itthon litch # uname -a
FreeBSD itthon 5.3-RELEASE-p10 FreeBSD 5.3-RELEASE-p10 #5: Thu Apr 28 
15:15:48 CEST 2005

cat /et/pf.conf

ext_if = "rl0"
int_if = "fxp0"

lan_net = "192.168.0.0/24"

litch       = "192.168.0.2" #me
zoli        = "192.168.0.3" #my room mate

altq on $int_if     cbq bandwidth 100Mb queue { internal, litch_in, 
zoli_in  }
queue internal         bandwidth 100Mb cbq(default)
queue zoli_in       bandwidth 750Kb cbq(borrow)
queue litch_in      bandwidth 750Kb cbq(borrow)

nat on $ext_if from $lan_net to any -> ($ext_if)

block all

pass out quick on $int_if from 192.168.0.1 to any       queue belso
pass out quick on $int_if from !192.168.0.1 to $litch   queue litch_in
pass out quick on $int_if from !192.168.0.1 to $zoli    queue zoli_in

queue root_fxp0 bandwidth 100Mb priority 0 cbq( wrr root ) {belso, 
zoli_in, litch_in}
  [ pkts:       3891  bytes:    2718688  dropped pkts:      0 
bytes:      0 ]
  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]
  [ measured:   120.2 packets/s, 1.02Mb/s ]

queue  belso bandwidth 100Mb cbq( default )
  [ pkts:       3891  bytes:    2718688  dropped pkts:      0 
bytes:      0 ]
  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]
  [ measured:   120.2 packets/s, 1.02Mb/s ]

queue  zoli_in bandwidth 750Kb cbq( borrow )
  [ pkts:          0  bytes:          0  dropped pkts:      0 
bytes:      0 ]
  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]
  [ measured:     0.0 packets/s, 0 b/s ]

queue  litch_in bandwidth 750Kb cbq( borrow )
  [ pkts:          0  bytes:          0  dropped pkts:      0 
bytes:      0 ]
  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]
  [ measured:     0.0 packets/s, 0 b/s ]

When I check in the tcpdump i see this

[23:38:22] itthon litch # tcpdump -i fxp0 |grep litch
(litch.intra.net=192.168.0.2)

23:38:22.240368 IP litch.intra.net.2469 > yp.tilos.hu.8000: . ack 86079 
win 63430
23:38:22.276290 IP yp.tilos.hu.8000 > litch.intra.net.2469: P 
86079:86506(427) ack 1 win 5840
23:38:22.285881 IP yp.tilos.hu.8000 > litch.intra.net.2469: P 
86506:86897(391) ack 1 win 5840
23:38:22.286408 IP litch.intra.net.2469 > yp.tilos.hu.8000: . ack 86897 
win 64240
23:38:22.318423 IP yp.tilos.hu.8000 > litch.intra.net.2469: P 
86897:87322(425) ack 1 win 5840


What  can i do to match the packets in the queue?

Thanks

More information about the freebsd-pf mailing list