ipfw, pf and ALTQ on outbound traffic? (or: "The net is slow
when I upload!")
freebsd-questions at pp.dyndns.biz
Sun Mar 22 02:30:39 PDT 2009
Jubal Kessler wrote:
> Is there a general how-to, or a set of coherent instructions, for
> shaping outbound traffic such that when I upload something over my
> asymmetric cable-modem pipe, doing so doesn't completely kill my Web
> browsing or any other attempts to use my Internet connection?
Daniel Hartmeier's tutorial is the base on which I build my own
I have helped my friends build FreeBSD based routers for a few years
now. I've put together a documentation, mainly to help myself being
consistent, but your free to look at my examples there and the reasoning
behind it. It's in the "Firewall setup" guide but it's rather long since
I explain in detail every part of the firewall rule set:
Be aware that I'm not a very good teacher... ;-)
> (To put it another way: When I max out my upstream, and my upstream is
> capped lower than my downstream, my downstream becomes useless and I am
> forced to wait until the upload finishes before I can resume using the
> downstream. This is a problem, and I'd like to solve it.)
This is exactly the reason why I built my own router several years ago.
> I have looked at various ALTQ + pf setups on the Web, but I have one
> caveat. I use FreeBSD 6.4 on my home gateway, and it is also using the
> default natd server, which relies on an ipfw divert rule. I don't know
> if this matters, or if I need to switch from natd to a pf-based NAT setup.
> Should I use *just* ipfw, or should I switch everything to pf (including
> NAT services) and go from there?
I have no experience running pf and ipfw at the same time. NAT is
handled perfectly by pf and keeping everything in the same config makes
everything much easier. Naturally I recommend you have a look at the
example in my tutorial and the pf man page of course. It's extremely
> Thanks much,
More information about the freebsd-questions