help with traffic shaping

Jayel Villamin jarthel at gmail.com
Mon Jan 22 00:27:53 UTC 2007 

not sure if this is the right place to ask about this but pf and altq
are interconnected so...
====================
I am downloading something via FTP (usings socks5) and HTTP browsing
(via squid) at the same time. Web browsing is going slow. I thought I
have given HTTP higher priority than socks. So I am under the
impression that web browsing should be very responsive.

Can some please check my pf.conf?

This is my pf.conf.

thanks for the help
=====================
#copy to /etc
#########################################################################
#macros
##############################################
#interfaces
ext_if = "tun0"
sakaki_nic2_if = "fxp1"
loopback_if = "lo0"

##############################################
sakaki_nic2_if_in_tcp_to_others = "{ gmail_pop3 gmail_smtp chikka 5050 }"

tomo_only_voip = "{ 5060, 16384:16482 }"

#########################################################################
#Tables
table <osaka> persist { 192.168.0.2/32 }
table <tomo> persist { 192.168.0.3/32 }

#########################################################################
#PF options
set limit { frags 20000, states 20000 }
set loginterface $ext_if
set optimization normal
set block-policy drop

#########################################################################
#Scrub packets
scrub all reassemble tcp fragment reassemble

#########################################################################
#ALTQ
altq on $ext_if priq bandwidth 82Kb queue { q_default, q_ssh,
q_apache, q_udp, q_tcp_ack }
queue q_default priq (default)
queue q_ssh priority 3 priq(red)
queue q_apache priority 5
queue q_udp priority 12
queue q_tcp_ack priority 14

altq on $sakaki_nic2_if cbq bandwidth 100% queue { q2_out, q2_local }

queue q2_out bandwidth 452Kb { q2_out_socks, q2_out_default, q2_out_squid }
        queue q2_out_socks bandwidth 148Kb priority 1 cbq (borrow)
        queue q2_out_default bandwidth 41Kb priority 4 cbq (default borrow)
        queue q2_out_squid bandwidth 263Kb priority 7 cbq (borrow)
queue q2_local bandwidth 97% cbq (red borrow)

#########################################################################
#NAT
#pass in quick on $ext_if inet proto udp from any port voip_proxy to
<tomo> keep state queue q_udp
nat on $ext_if from $sakaki_nic2_if:network to any -> ($ext_if)

#########################################################################
#Redirection
#rdr on $ext_if proto udp from any port voip_proxy -> <tomo>

rdr on $ext_if proto { tcp udp } from any to ($ext_if) port bittorrent
-> <osaka>

#########################################################################
#Packet filtering
##############################################
#Default block
block log all

##############################################
#Outbound rules for ext_if
pass out quick on $ext_if inet proto udp all keep state queue q_udp
pass out quick on $ext_if inet proto tcp all keep state queue
(q_default_out, q_tcp_ack)
pass out quick on $ext_if inet proto icmp all keep state

#Inbound rules for ext_if
pass in quick on $ext_if inet proto tcp from any to ($ext_if) port
apache_squid flags S/SA keep state queue q_apache
pass in quick on $ext_if inet proto tcp from any to ($ext_if) port ssh
flags S/SA keep state queue (q_default, q_ssh)
pass in quick on $ext_if inet proto tcp from any to ($ext_if) port
ident flags S/SA keep state queue (q_default, q_tcp_ack)
pass in quick on $ext_if inet proto tcp from any port squid to any
queue (q_default_out, q_tcp_ack_out)

#for the redirect rules above
pass in quick on $ext_if inet proto { tcp udp} from any to <osaka>
port bittorrent flags S/SA keep state queue q_default

##############################################
#Inbound rules for sakaki_nic2_if
pass in quick on $sakaki_nic2_if proto udp from
$sakaki_nic2_if:network to ($sakaki_nic2_if) keep state queue q2_local
pass in quick on $sakaki_nic2_if proto tcp from
$sakaki_nic2_if:network to ($sakaki_nic2_if) flags S/SA keep state
queue q2_local

pass in quick on $sakaki_nic2_if proto tcp from
$sakaki_nic2_if:network to ($sakaki_nic2_if) port socks flags S/SA
keep state queue q2_out_socks
pass in quick on $sakaki_nic2_if proto tcp from
$sakaki_nic2_if:network to ($sakaki_nic2_if) port squid flags S/SA
keep state queue q2_out_squid
pass in quick on $sakaki_nic2_if proto tcp from
$sakaki_nic2_if:network to any port $sakaki_nic2_if_in_tcp_to_others
flags S/SA keep state queue q2_out_default

#Outbound rules for sakaki_nic2_if
pass out quick on $sakaki_nic2_if all keep state queue q2_local

##############################################
#Allow loopback connections
pass quick on $loopback_if all

##############################################
#Antispoof all interfaces
antispoof log quick for { $ext_if, $sakaki_nic2_if }

More information about the freebsd-pf mailing list