FreeBSD + MPD + PF + ALTQ

Josh Finlay montarotech at optusnet.com.au
Wed Oct 26 19:45:58 PDT 2005 

Excellent!
Patched, recompiled. Working now :)

Except for my PF rules.
I've attached the rules i'm using for PF, I guess I don't really 
"understand" how ALTQ "works".

My rules:
(im attempting to do a QoS-like configuration on a 512/128kbps adsl 
connection)

ExtIF="ng0"
IntIF="de0"

set loginterface $ExtIF
scrub in all
scrub out all random-id max-mss 1440

altq on $ExtIF priq bandwidth 128Kb queue { std_out, ssh_im_out, dns_out, 
tcp_ack_out }
queue std_out     priq(default)
queue ssh_im_out  priority 4 priq(red)
queue dns_out     priority 5
queue tcp_ack_out priority 6

altq on $IntIF cbq bandwidth 512Kb queue { std_in, ssh_im_in, dns_in }
queue std_in    bandwidth 384Kb cbq(default)
queue ssh_im_in bandwidth 64Kb priority 4
queue dns_in    bandwidth 64Kb priority 5

local_net     = "192.168.0.0/24"
ssh_ports     = "{ 22 }"
im_ports      = "{ 1863 5190 5222 }"

nat on $IntIF from $INTERNAL to any -> ($ExtIF)
pass in quick on lo0 all
pass out quick on lo0 all

pass  out on $ExtIF inet proto tcp from ($ExtIF) to any flags S/SA \
        keep state queue(std_out, tcp_ack_out)
pass  out on $ExtIF inet proto { udp icmp } from ($ExtIF) to any keep state
pass  out on $ExtIF inet proto { tcp udp } from ($ExtIF) to any port domain 
\
        keep state queue dns_out
pass  out on $ExtIF inet proto tcp from ($ExtIF) to any port $ssh_ports \
        flags S/SA keep state queue(std_out, ssh_im_out)
pass  out on $ExtIF inet proto tcp from ($ExtIF) to any port $im_ports \
        flags S/SA keep state queue(ssh_im_out, tcp_ack_out)

pass in on $IntIF from $local_net
pass  out on $IntIF proto { tcp udp } from any port domain to $local_net \
        queue dns_in
pass  out on $IntIF proto tcp from any port $ssh_ports to $local_net \
        queue(std_in, ssh_im_in)
pass  out on $IntIF proto tcp from any port $im_ports to $local_net \
        queue ssh_im_in
--EOF--

My knowledge in ALTQ is so limited it isn't funny. Without proper knowledge 
of ALTQ, it makes it difficult for me to perform a simple configuration such 
as this without some help. So thank you in advance for being patient with 
me.

My main aim is to share my link (512kbps down, 128kbps up) evenly over my 
network, but at the same time if only one machine is utilizing the network 
then i believe that computer should have all the bandwidth, if two computers 
then those two should share the bandwidth 50/50, etc etc.

Regards,

Josh Finlay

More information about the freebsd-pf mailing list