need help with keep state and shaping

Michal Buchtik buchtajz at borsice.net
Fri Aug 1 10:20:31 UTC 2008


as i write in last mail

I use default state-policy (floating).
As I can remember, if-bound policy works diferent.

leave default (floating) there

news at topocentras.lt píše v Pá 01. 08. 2008 v 13:07 +0300:
> Hello once more,
> What difference in state-policy floating and if-bound?
> If i am using tagging for incoming and outgoing traffic? Which policy I
> need to use?
> 
> Thanks,
> Albertas
> 
> > Thanks for suggestion. Is any difference using set state-policy if-bound?
> > When what state policy to use?
> >
> > Thanks, Albertas
> >
> >
> >> PF makes 2 states per connection, so try this
> >> ($int_if is users LAN)
> >>
> >> pass in quick on $int_if from 10.0.0.1 to any tag user1 queue download1
> >> pass in quick on $ext_if from any to 10.0.0.1 tag user1 queue upload1
> >> pass out quick on $int_if tagged user1 queue download1
> >> pass out quick on $ext_if tagged user1 queue upload1
> >> .....and so on for another users
> >>
> >>
> >> news at topocentras.lt píše v St 30. 07. 2008 v 09:43 +0300:
> >>> Hello once more,
> >>> It whould be very interesting to hear from you how to use keep state
> >>> for
> >>> router, shaping in and out traffic.
> >>> I am using around thousand of queues(hfsc) and it makes a lot of
> >>> performace problems. Using keep state it would reduce it, but as i
> >>> mention
> >>> before, i have problems using it.
> >>>
> >>> Sincerely Yours,
> >>> Albertas
> >>>
> >>> > ext_if="bge0"
> >>> > int_if="bge1"
> >>> >
> >>> > pass out quick on $ext_if from 10.0.0.1 to any queue upload1
> >>> > pass out quick on $int_if from any to 10.0.0.1 queue download1
> >>> >
> >>> > pass out quick on $ext_if from 10.0.0.2 to any queue upload2
> >>> > pass out quick on $int_if from any to 10.0.0.2 queue download2
> >>> >
> >>> > pass out quick on $ext_if from 10.0.0.3 to any queue upload3
> >>> > pass out quick on $int_if from any to 10.0.0.3 queue download3
> >>> >
> >>> > pass in all
> >>> > pass out all
> >>> >
> >>> > #10.0.0.x users subnet
> >>> >
> >>> > Hello,
> >>> > I have problems with keep state usage. I need to shape ingoing and
> >>> > outgoing trafic (no nat).
> >>> > Before I used sintax like above, but then I used it with keyword
> >>> "keep
> >>> > state" some useres reported problems with trafic.
> >>> > With version FreeBSD 7 with keep state on pass rules are not working
> >>> at
> >>> > all.
> >>> > Question is how to deal with keep state for in and out trafic then i
> >>> need
> >>> > to shape both? I tried to use set state-policy if-bound but it had no
> >>> > impact.
> >>> >
> >>> > _______________________________________________
> >>> > freebsd-pf at freebsd.org mailing list
> >>> > http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> >>> > To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
> >>> >
> >>>
> >>>
> >>> _______________________________________________
> >>> freebsd-pf at freebsd.org mailing list
> >>> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> >>> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
> >>
> >>
> >
> >
> > _______________________________________________
> > freebsd-pf at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> > To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
> >
> 
> 
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"



More information about the freebsd-pf mailing list