PF + ALTQ... help please!!

Josh Finlay montarotech at optusnet.com.au
Fri Dec 2 11:30:06 GMT 2005 

Hi,

Sorry this has no relevence to your post, I just thought I would comment on 
the pretty network diagram you did =P

Regards,

----- Original Message ----- 
From: "Marcelo Celleri" <marceloc at espoltel.net>
To: "'Jon Simola'" <jon at abccomm.com>
Cc: <freebsd-pf at freebsd.org>
Sent: Friday, December 02, 2005 2:27 AM
Subject: RE: PF + ALTQ... help please!!


>
>
> I tried to change the rules to what you tell me, but now the outgoing
> traffic from em1 to my clients it's not restricted...Look at this address,
> there is a diagram of my case and what I'm trying to do:
>
> http://host-242-33.espoltel.net/diagram.jpg
>
>
> It's important the order of the rules? Which it could be for my needs?
>
>
> -----Mensaje original-----
> De: jsimola at gmail.com [mailto:jsimola at gmail.com] En nombre de Jon Simola
> Enviado el: Miércoles, 30 de Noviembre de 2005 19:14
> Para: Marcelo Celleri
> CC: freebsd-pf at freebsd.org
> Asunto: Re: PF + ALTQ... help please!!
>
> On 11/30/05, Marcelo Celleri <marceloc at espoltel.net> wrote:
>
>> int_if="em1"
>>
>> altq on $int_if bandwidth 100Mb cbq queue { std, uees, lnaval, marcelo,
> ... }
>> queue std bandwidth 10.0Mb cbq(default)
>> #Then for each one of the subqueues:
>> queue marcelo bandwidth 128Kb cbq { gold, silver, default }
>>         queue gold bandwidth 70% priority 3 cbq(borrow red)
>>         queue silver bandwidth 20% priority 2 cbq(borrow red)
>>         queue default bandwidth 10% cbq(borrow)
>
>> #These are the rules:
>>
>> pass in on $int_if from any to xxx.xxx.xxx.xxx keep state queue default
>> pass in on $int_if proto { tcp } from any port { 25,110 } to
> xxx.xxx.xxx.xxx
>> keep state queue silver
>> pass in on $int_if proto { tcp } from any port { 22,53,80,443  } to
>> xxx.xxx.xxx.xxx keep state queue gold
>
> You cannot duplicate the gold/silver/default queue names, just in case
> you're doing that.
> The other problem is that you're trying to queue on an inbound interface.
>
> Going back to my example:
> # External interface -> OC3
> altq on em0 cbq bandwidth 100Mb queue { default_ext, throttle_ext }
> queue default_ext bandwidth 40Mb qlimit 1000 priority 5 cbq(default red 
> ecn)
> queue throttle_ext bandwidth 64Kb priority 1 cbq(red ecn)
>
> # Internal interface -> LAN clients
> altq on em1 cbq bandwidth 100Mb queue { default_int, throttle_int }
> queue default_int bandwidth 40Mb qlimit 1000 priority 5 cbq(default red 
> ecn)
> queue throttle_int bandwidth 64Kb priority 1 cbq(red ecn)
>
> The queueing rule for this is:
> pass out on em0 from <throttled_ips> to any queue throttle_ext
>
> Or you can specify a queue on the outbound interface (em0) with a rule
> on the inbound (em1), for a basically similar effect:
> pass in on em1 from <throttled_ips> to any queue throttle_ext
>
> Hope that helps a bit.
>
> --
> Jon Simola
> Systems Administrator
> ABC Communications
>
>
>
> -- 
> Este mensaje ha sido analizado por el antivirus de ESPOLTEL S.A.
> en busca de virus y otros contenidos peligrosos,
> y se considera que está limpio.
>
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>

More information about the freebsd-pf mailing list