need help with keep state and shaping

Michal Buchtik buchtajz at borsice.net
Wed Jul 30 09:59:56 UTC 2008 

I use default state-policy (floating).
As I can remember, if-bound policy works diferent.


news at topocentras.lt píše v St 30. 07. 2008 v 11:29 +0300:
> Thanks for suggestion. Is any difference using set state-policy if-bound?
> When what state policy to use?
> 
> Thanks, Albertas
> 
> 
> > PF makes 2 states per connection, so try this
> > ($int_if is users LAN)
> >
> > pass in quick on $int_if from 10.0.0.1 to any tag user1 queue download1
> > pass in quick on $ext_if from any to 10.0.0.1 tag user1 queue upload1
> > pass out quick on $int_if tagged user1 queue download1
> > pass out quick on $ext_if tagged user1 queue upload1
> > .....and so on for another users
> >
> >
> > news at topocentras.lt píše v St 30. 07. 2008 v 09:43 +0300:
> >> Hello once more,
> >> It whould be very interesting to hear from you how to use keep state for
> >> router, shaping in and out traffic.
> >> I am using around thousand of queues(hfsc) and it makes a lot of
> >> performace problems. Using keep state it would reduce it, but as i
> >> mention
> >> before, i have problems using it.
> >>
> >> Sincerely Yours,
> >> Albertas
> >>
> >> > ext_if="bge0"
> >> > int_if="bge1"
> >> >
> >> > pass out quick on $ext_if from 10.0.0.1 to any queue upload1
> >> > pass out quick on $int_if from any to 10.0.0.1 queue download1
> >> >
> >> > pass out quick on $ext_if from 10.0.0.2 to any queue upload2
> >> > pass out quick on $int_if from any to 10.0.0.2 queue download2
> >> >
> >> > pass out quick on $ext_if from 10.0.0.3 to any queue upload3
> >> > pass out quick on $int_if from any to 10.0.0.3 queue download3
> >> >
> >> > pass in all
> >> > pass out all
> >> >
> >> > #10.0.0.x users subnet
> >> >
> >> > Hello,
> >> > I have problems with keep state usage. I need to shape ingoing and
> >> > outgoing trafic (no nat).
> >> > Before I used sintax like above, but then I used it with keyword "keep
> >> > state" some useres reported problems with trafic.
> >> > With version FreeBSD 7 with keep state on pass rules are not working
> >> at
> >> > all.
> >> > Question is how to deal with keep state for in and out trafic then i
> >> need
> >> > to shape both? I tried to use set state-policy if-bound but it had no
> >> > impact.
> >> >
> >> > _______________________________________________
> >> > freebsd-pf at freebsd.org mailing list
> >> > http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> >> > To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
> >> >
> >>
> >>
> >> _______________________________________________
> >> freebsd-pf at freebsd.org mailing list
> >> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> >> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
> >
> >
> 
> 
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"

More information about the freebsd-pf mailing list