PF strange problem

Wed Jun 15 08:34:58 GMT 2005

Hello freebsd-questions!
Hello freebsd-isp!

I have a strange problem with pf on freebsd.

Here it is my config:

ext_if="xl0"
int_if="xl1"
internal_net="192.168.3.0/24"
external_addr="217.153.198.65"
icmp_types = "echoreq"

set optimization normal
set block-policy drop
set fingerprints "/etc/pf.os"

scrub in all

altq on $ext_if bandwidth 6218Kb cbq queue { OUT_to_net, external }
altq on $int_if bandwidth 11957Kb cbq queue { IN_from_net, internal }

queue external bandwidth 10% cbq(default)
queue internal bandwidth 10% cbq(default)

queue OUT_to_net bandwidth 6218Kb cbq{326_out, 3216_out, 349_out,
320_out, 321_o... }
    queue 326_out bandwidth 128Kb cbq(red)
    queue 3216_out bandwidth 128Kb cbq(red)
    queue 349_out bandwidth 128Kb cbq(red)
    queue 320_out bandwidth 384Kb cbq(red)
    queue 321_out bandwidth 50Kb cbq(red)
    queue 322_out bandwidth 128Kb cbq(red)
    queue 323_out bandwidth 128Kb cbq(red)
    queue 19866_out bandwidth 256Kb cbq(red)
    .
    .
    .
queue IN_from_net bandwidth 11957Kb cbq{326_in, 3216_in, 349_in,
320_in, 321_in...}
    queue 326_in bandwidth 256Kb cbq(red)
    queue 3216_in bandwidth 256Kb cbq(red)
    queue 349_in bandwidth 256Kb cbq(red)
    queue 320_in bandwidth 384Kb cbq(red)
    queue 321_in bandwidth 256Kb cbq(red)
    queue 322_in bandwidth 265Kb cbq(red)
    queue 323_in bandwidth 256Kb cbq(red)
    queue 19866_in bandwidth 220Kb cbq(red)
    .
    .
    .
and so on with queues

nat on $ext_if from $internal_net to any -> $external_addr

block on {$int_if, $ext_if} all
pass quick on lo0 all

pass in quick on $ext_if proto tcp from any to $ext_if port 22 keep state
pass in quick on $int_if proto tcp from any to $int_if port 22 keep state

pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state

pass in inet proto icmp all icmp-type $icmp_types keep state

pass in quick on $int_if  from 192.168.3.26 to any queue 326_in
pass out quick on $int_if  from any to 192.168.3.26 queue 326_out
pass in quick on $int_if  from 192.168.3.216 to any queue 3216_in
pass out quick on $int_if  from any to 192.168.3.216 queue 3216_out
pass in quick on $int_if  from 192.168.3.49 to any queue 349_in
pass out quick on $int_if  from any to 192.168.3.49 queue 349_out
pass in quick on $int_if  from 192.168.3.20 to any queue 320_in
pass out quick on $int_if  from any to 192.168.3.20 queue 320_out
pass in quick on $int_if  from 192.168.3.21 to any queue 321_in
pass out quick on $int_if  from any to 192.168.3.21 queue 321_out
pass in quick on $int_if  from 192.168.3.22 to any queue 322_in
pass out quick on $int_if  from any to 192.168.3.22 queue 322_out
pass in quick on $int_if  from 192.168.3.23 to any queue 323_in
pass out quick on $int_if  from any to 192.168.3.23 queue 323_out
pass in quick on $int_if  from 217.153.198.66 to any queue 19866_in
pass out quick on $int_if  from any to 217.153.198.66 queue 19866_out

and so on.

The problem is that pfctl -vsr shows that net traffic is correctly
captured by rules. But (this is good) pfctl -vsq shows something
diffrent, the only queue that have antything inside is the default
queue!!
This config is almost similar to default config and I really don't
know what is going on, or where I've made a mistake.

-- 
Greetings,
 KrzychK2