pf.conf + altq problem
Gilberto Villani Brito
linux at giboia.org
Tue Nov 7 19:41:44 UTC 2006
Try this rules:
pass in log on xl2 from 172.16.0.228 to 202.57.14.1 keep state flags
S/SA queue (int_out)
pass in log on xl2 from 172.16.0.228 to 202.57.14.1 keep state flags
S/SA queue (int_in)
Gilberto
2006/11/6, Muhammad Reza <beastie at mra.co.id>:
> Dear All.
>
> I start with the simple rule set in my pf bridge machine to limit
> bandwidth 3Mbps from my server on lan to internet and from internet to
> my server on lan
> this my setup:
>
> Internet ---xl1 xl2---LAN
>
> and my pf.conf
>
> lan="172.16.0.0/24"
> #ALTQ at outgoing interface to limit traffic 3 MBps from lan to internet
> altq on xl1 bandwidth 100% cbq queue {int_out,dflt_out}
> queue int_out bandwidth 3Mb
> queue dflt_out bandwidth 16Kb cbq (default)
> #ALTQ at lan interface to limit traffic 3 MBps from internet to lan
> altq on xl2 bandwidth 100% cbq queue {int_in,dflt_in}
> queue int_in bandwidth 3Mb cbq (default)
> queue dflt_in bandwidth 16Kb
>
> block on xl1
> pass in on xl1 from any to $lan
> pass out on xl1 from $lan to any
> pass out log on xl1 from 172.16.0.228 to 202.57.14.1 keep state flags S/SA queue (int_out)
>
> block on xl2
> pass in on xl2 from $lan to any keep state
> pass out on xl2 from any to $lan keep state
> #pass out log on xl2 from 202.57.14.1 to 172.16.0.228 keep state flags S/SA queue (int_in)
>
> I have done some test with iperf with no luck.
> Is there something wrong with this rule set to acompilished my need ?
> Please help
>
> Regards
> Reza
>
>
>
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>
More information about the freebsd-pf
mailing list