pf/altq/nat with multiple interfaces.

Lewis Thompson lewiz at fajita.org
Tue Dec 7 16:30:15 PST 2004 

Hi,

I've spent a good deal of time reading the OpenBSD pf FAQ but haven't
figured out how to do altq with more than one interface.

I have a tri-homed machine -- one wireless (ath0), one wired (sis0) and
one Internet uplink (tun0):

Internet --- tun0 | SERVER | sis0 (192.168.0.0/24) --- wired network
		     |
		     \____ | ath0 (192.168.1.1/24) --- wireless network

I want to perform altq on my Internet connection, so that ssh/dns/acks,
etc. have higher priority than bulk traffic.

The pf FAQ has an example with two interfaces, where tun0 is limited to
the uplink (256Kbps) and the wired interfaces is limited to the
downstream (1Mbps, in my case).  I *think* I could achieve this and
still use 99Mbps for my wired network <-> server something like this:

altq on sis0 cbq queue { internet, wired }
queue internet bandwidth 1Mbps { internet_foo, internet_bar }
  queue internet_foo ...
  queue internet_bar ...
queue wired bandwidth 99Mbps cbq(borrow)

(that might not be entirely right, I'm just trying to convey the concept
of what I had in mind)

In theory I could do that for both sis0 and ath0 but I don't think that
will work -- the sum ``downstream'' would be 2Mbps, which is more than I
have, so problems will occur under certain circumstances (i.e. wired and
wireless in use at the same time).

I wondered if it might be possible to do something like this for traffic
to the Internet:

sis0 -> altq0 -> tun0
ath0 -> altq0 -> tun0

and then use altq on altq0 bandwidth 1Mbps.

I really haven't managed to get much further than this.  Is it possible?
Am I missing the picture?  Any suggestions would be greatly appreciated.

  Thanks a lot,

-lewiz.

-- 
I was so much older then, I'm younger than that now.  --Bob Dylan, 1964.
------------------------------------------------------------------------
-| msn:lewiz at fajita.org | jabber:lewiz at jabber.org | url:www.lewiz.org |-
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20041208/714b8a92/attachment.bin

More information about the freebsd-pf mailing list