need help with keep state and shaping

news at topocentras.lt news at topocentras.lt
Wed Jul 30 08:29:18 UTC 2008 

Thanks for suggestion. Is any difference using set state-policy if-bound?
When what state policy to use?

Thanks, Albertas


> PF makes 2 states per connection, so try this
> ($int_if is users LAN)
>
> pass in quick on $int_if from 10.0.0.1 to any tag user1 queue download1
> pass in quick on $ext_if from any to 10.0.0.1 tag user1 queue upload1
> pass out quick on $int_if tagged user1 queue download1
> pass out quick on $ext_if tagged user1 queue upload1
> .....and so on for another users
>
>
> news at topocentras.lt píše v St 30. 07. 2008 v 09:43 +0300:
>> Hello once more,
>> It whould be very interesting to hear from you how to use keep state for
>> router, shaping in and out traffic.
>> I am using around thousand of queues(hfsc) and it makes a lot of
>> performace problems. Using keep state it would reduce it, but as i
>> mention
>> before, i have problems using it.
>>
>> Sincerely Yours,
>> Albertas
>>
>> > ext_if="bge0"
>> > int_if="bge1"
>> >
>> > pass out quick on $ext_if from 10.0.0.1 to any queue upload1
>> > pass out quick on $int_if from any to 10.0.0.1 queue download1
>> >
>> > pass out quick on $ext_if from 10.0.0.2 to any queue upload2
>> > pass out quick on $int_if from any to 10.0.0.2 queue download2
>> >
>> > pass out quick on $ext_if from 10.0.0.3 to any queue upload3
>> > pass out quick on $int_if from any to 10.0.0.3 queue download3
>> >
>> > pass in all
>> > pass out all
>> >
>> > #10.0.0.x users subnet
>> >
>> > Hello,
>> > I have problems with keep state usage. I need to shape ingoing and
>> > outgoing trafic (no nat).
>> > Before I used sintax like above, but then I used it with keyword "keep
>> > state" some useres reported problems with trafic.
>> > With version FreeBSD 7 with keep state on pass rules are not working
>> at
>> > all.
>> > Question is how to deal with keep state for in and out trafic then i
>> need
>> > to shape both? I tried to use set state-policy if-bound but it had no
>> > impact.
>> >
>> > _______________________________________________
>> > freebsd-pf at freebsd.org mailing list
>> > http://lists.freebsd.org/mailman/listinfo/freebsd-pf
>> > To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>> >
>>
>>
>> _______________________________________________
>> freebsd-pf at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
>> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>
>

More information about the freebsd-pf mailing list