need help with keep state and shaping

Michal Buchtik buchtajz at borsice.net
Wed Jul 30 08:23:19 UTC 2008 

PF makes 2 states per connection, so try this
($int_if is users LAN)

pass in quick on $int_if from 10.0.0.1 to any tag user1 queue download1
pass in quick on $ext_if from any to 10.0.0.1 tag user1 queue upload1
pass out quick on $int_if tagged user1 queue download1
pass out quick on $ext_if tagged user1 queue upload1
.....and so on for another users


news at topocentras.lt píše v St 30. 07. 2008 v 09:43 +0300:
> Hello once more,
> It whould be very interesting to hear from you how to use keep state for
> router, shaping in and out traffic.
> I am using around thousand of queues(hfsc) and it makes a lot of
> performace problems. Using keep state it would reduce it, but as i mention
> before, i have problems using it.
> 
> Sincerely Yours,
> Albertas
> 
> > ext_if="bge0"
> > int_if="bge1"
> >
> > pass out quick on $ext_if from 10.0.0.1 to any queue upload1
> > pass out quick on $int_if from any to 10.0.0.1 queue download1
> >
> > pass out quick on $ext_if from 10.0.0.2 to any queue upload2
> > pass out quick on $int_if from any to 10.0.0.2 queue download2
> >
> > pass out quick on $ext_if from 10.0.0.3 to any queue upload3
> > pass out quick on $int_if from any to 10.0.0.3 queue download3
> >
> > pass in all
> > pass out all
> >
> > #10.0.0.x users subnet
> >
> > Hello,
> > I have problems with keep state usage. I need to shape ingoing and
> > outgoing trafic (no nat).
> > Before I used sintax like above, but then I used it with keyword "keep
> > state" some useres reported problems with trafic.
> > With version FreeBSD 7 with keep state on pass rules are not working at
> > all.
> > Question is how to deal with keep state for in and out trafic then i need
> > to shape both? I tried to use set state-policy if-bound but it had no
> > impact.
> >
> > _______________________________________________
> > freebsd-pf at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> > To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
> >
> 
> 
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"

More information about the freebsd-pf mailing list