List Info

Thread: pf.conf + altq problem
pf.conf + altq problem
user name
 2006-11-09 12:40:02 
On 37378-12-23 20:59, Muhammad Reza wrote:
> still not work with pass in rule.
> 
> add info with this rule set:
> 
> altq on xl1 bandwidth 100% cbq queue {int_out,dflt_out}
> queue int_out       bandwidth 3Mb
> queue dflt_out      bandwidth  16Kb cbq (default)
> 
> altq on xl2 bandwidth 100% cbq queue {int_in,dflt_in}
> queue int_in       bandwidth 3Mb
> queue dflt_in      bandwidth 16Kb cbq (default)
> 
> pass out log on xl1 from 172.16.0.228 to 202.57.14.1
keep  state flags
> S/SA queue (int_out)
> pass out log on xl2 from 202.57.14.1 to 172.16.0.228
keep state flags
> S/SA queue (int_in)
> 
> if i only enabled altq on in one interface only (xl1 or
xl2) , traffic
> limitation that i want is can be done.
> 
> Is there something that can be done with ALTQ and PF or
my rule is
> bad ???
> 
> please help me...
> 
> 
>> Try this rules:
>> pass in log on xl2 from 172.16.0.228 to 202.57.14.1
keep  state flags
>> S/SA queue (int_out)
>> pass in log on xl2 from 172.16.0.228 to 202.57.14.1
keep  state flags
>> S/SA queue (int_in)
>>
>> Gilberto
>>
>>
>> 2006/11/6, Muhammad Reza <beastiemra.co.id>:
>>> Dear All.
>>>
>>> I start with the simple rule set in my pf
bridge machine to limit
>>> bandwidth 3Mbps  from my server on lan to
internet and from internet to
>>> my server on lan
>>> this my setup:
>>>
>>> Internet ---xl1 xl2---LAN
>>>
>>> and my pf.conf
>>>
>>> lan="172.16.0.0/24"
>>> #ALTQ at outgoing interface to limit traffic 3
MBps from lan to internet
>>> altq on xl1 bandwidth 100% cbq queue
{int_out,dflt_out}
>>> queue int_out       bandwidth 3Mb
>>> queue dflt_out      bandwidth  16Kb cbq
(default)
>>> #ALTQ at lan interface to limit traffic 3 MBps
from internet to lan
>>> altq on xl2 bandwidth 100% cbq queue
{int_in,dflt_in}
>>> queue int_in       bandwidth 3Mb   cbq
(default)
>>> queue dflt_in      bandwidth  16Kb
>>>
>>> block on xl1
>>> pass in on xl1  from any to $lan
>>> pass out on xl1 from $lan to any
>>> pass out log on xl1 from 172.16.0.228 to
202.57.14.1 keep  state flags S/SA queue (int_out)
>>>
>>> block on xl2
>>> pass in on xl2 from $lan to any keep state
>>> pass out on xl2  from any to $lan  keep state
>>> #pass  out  log on xl2 from 202.57.14.1 to
172.16.0.228 keep state flags S/SA queue (int_in)
>>>
>>> I have done some test with iperf with no luck.
>>> Is there something wrong with this rule set to
acompilished my need ?
>>> Please help
>>>
>>> Regards
>>> Reza

Reza,

you're really using just one queue:

> block on xl1
> pass in on xl1  from any to $lan
> pass out on xl1 from $lan to any
> pass out log on xl1 from 172.16.0.228 to 202.57.14.1
keep  state
flags S/SA queue (int_out)

As $lan is 172.16/24 rule number 3 (which goes to queue
dflt_out)
catches all the packets you're wanting for queue int_out.

HTH,

Volker
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )