transparent proxy traffic queue ...
Zeus V Panchenko
zeus at ibs.dn.ua
Mon Apr 11 08:07:04 UTC 2011
Thank you Daniel for reply,
Daniel Hartmeier (daniel at benzedrine.cx) [11.04.11 09:18] wrote:
> On Mon, Apr 11, 2011 at 08:45:44AM +0300, Zeus V Panchenko wrote:
> It seems you want log(all), but are only using log, see pf.conf(5):
it didn't help ...
pftop output still shows no lan_http counters and when i download from
inet anything it eats all bandwidth ...
in pf.conf
pass out log (all) on $if_wan inet proto { tcp, udp } from $if_wan:0 \
to any port { $ports_proxy } keep state queue wan_http
pass out log (all) on $if_lan inet proto { tcp, udp } from any port { $ports_proxy } \
to $if_lan:network queue lan_http
squid is bent to $if_lan:0 and in logs i see the activity (LAN browses inet successfully)
if i tcpdump $if_lan i can see that, but it looks like it is passing by the queue ... why?
in pftop output:
pfTop: Up Queue 1-6/6, View: queue, Cache: 10000 10:59:55
QUEUE BW SCH PRIO PKTS BYTES DROP_P DROP_B QLEN BORROW SUSPEN P/S B/S
root_tun0 1000K cbq 0 12270 1429980 0 0 0 0 0 23 1867
wan_http 150K cbq 2 4180 512946 0 0 0 0 29 0 0
wan_rest 850K cbq 8090 917034 0 0 0 0 0 23 1867
root_ale0 100M cbq 0 11789 9982786 0 0 0 0 0 16 21739
lan_http 2000K cbq 2 0 0 0 0 0 0 0 0 0
lan_rest 98M cbq 13469 11810110 0 0 0 0 1073 38 43015
--
Zeus V. Panchenko
IT Dpt., IBS ltd GMT+2 (EET)
More information about the freebsd-pf
mailing list