PF + ALTQ... help please!!

Marcelo Celleri marceloc at espoltel.net
Thu Dec 1 16:28:32 GMT 2005 


I tried to change the rules to what you tell me, but now the outgoing
traffic from em1 to my clients it's not restricted...Look at this address,
there is a diagram of my case and what I'm trying to do:

http://host-242-33.espoltel.net/diagram.jpg


It's important the order of the rules? Which it could be for my needs? 


-----Mensaje original-----
De: jsimola at gmail.com [mailto:jsimola at gmail.com] En nombre de Jon Simola
Enviado el: Miércoles, 30 de Noviembre de 2005 19:14
Para: Marcelo Celleri
CC: freebsd-pf at freebsd.org
Asunto: Re: PF + ALTQ... help please!!

On 11/30/05, Marcelo Celleri <marceloc at espoltel.net> wrote:

> int_if="em1"
>
> altq on $int_if bandwidth 100Mb cbq queue { std, uees, lnaval, marcelo,
... }
> queue std bandwidth 10.0Mb cbq(default)
> #Then for each one of the subqueues:
> queue marcelo bandwidth 128Kb cbq { gold, silver, default }
>         queue gold bandwidth 70% priority 3 cbq(borrow red)
>         queue silver bandwidth 20% priority 2 cbq(borrow red)
>         queue default bandwidth 10% cbq(borrow)

> #These are the rules:
>
> pass in on $int_if from any to xxx.xxx.xxx.xxx keep state queue default
> pass in on $int_if proto { tcp } from any port { 25,110 } to
xxx.xxx.xxx.xxx
> keep state queue silver
> pass in on $int_if proto { tcp } from any port { 22,53,80,443  } to
> xxx.xxx.xxx.xxx keep state queue gold

You cannot duplicate the gold/silver/default queue names, just in case
you're doing that.
The other problem is that you're trying to queue on an inbound interface.

Going back to my example:
# External interface -> OC3
altq on em0 cbq bandwidth 100Mb queue { default_ext, throttle_ext }
queue default_ext bandwidth 40Mb qlimit 1000 priority 5 cbq(default red ecn)
queue throttle_ext bandwidth 64Kb priority 1 cbq(red ecn)

# Internal interface -> LAN clients
altq on em1 cbq bandwidth 100Mb queue { default_int, throttle_int }
queue default_int bandwidth 40Mb qlimit 1000 priority 5 cbq(default red ecn)
queue throttle_int bandwidth 64Kb priority 1 cbq(red ecn)

The queueing rule for this is:
pass out on em0 from <throttled_ips> to any queue throttle_ext

Or you can specify a queue on the outbound interface (em0) with a rule
on the inbound (em1), for a basically similar effect:
pass in on em1 from <throttled_ips> to any queue throttle_ext

Hope that helps a bit.

--
Jon Simola
Systems Administrator
ABC Communications



-- 
Este mensaje ha sido analizado por el antivirus de ESPOLTEL S.A.
en busca de virus y otros contenidos peligrosos,
y se considera que está limpio.

More information about the freebsd-pf mailing list