List Info

Thread: Using PF + ALTQ in FreeBSD 6.2
Using PF + ALTQ in FreeBSD 6.2
country flaguser name
Indonesia		 2007-08-12 22:44:18 
Dear All,

I'm using ALTQ + PF in my BSD 6.2 box.
This machiine acting as router.
After try to configuring ALT+PF, I have some problem to
limit incoming 
and outgoing traffic.
Does anyone could help me to solve my problem ?

JFI : my router interface are fxp0 and rl0 with diagram :

client -> rl0------fxp0 ---> internet
             (router)

I could limit outgoing traffic from client, but not incoming
traffic.

Thanks,

Dian
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
Re: Using PF + ALTQ in FreeBSD 6.2
user name
 2007-08-12 23:30:50 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dian Candra <dianspin.net.id> wrote:
>
> client -> rl0------fxp0 ---> internet
>             (router)
> 
> I could limit outgoing traffic from client, but not
incoming traffic.

I'm curious what you think your router can do to prevent
hosts on the
internet from sending traffic too fast.

Once you have received the packets, it is too late to limit
their
arrival rate.

- -- 
David DeSimone == Network Admin == foxverio.net
  "It took me fifteen years to discover that I had no
   talent for writing, but I couldn't give it up because
   by that time I was too famous.  -- Robert Benchley
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFGv955FSrKRjX5eCoRApZ2AJ9uvyIL3W1F/g1T/8J6OKAepKSK+gCe
Kpzq
14DXl/Ayjo2ZsR07s9FHfH8=
=qCr3
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
Re: Using PF + ALTQ in FreeBSD 6.2
country flaguser name
United States		 2007-08-13 08:01:30 
David DeSimone wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> I'm curious what you think your router can do to
prevent hosts on the
> internet from sending traffic too fast.
> 
> Once you have received the packets, it is too late to
limit their
> arrival rate.
> 

Can't ipfw do this through dummynet? It seems to work fine
for me in my 
tests.

Now yes it's not really preventing them from sending
traffic, but it 
should still be able to queue it and invoke latency to
simulate a slower 
link/pipe.

Regards,

	Chris
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
Re: Using PF + ALTQ in FreeBSD 6.2
country flaguser name
Indonesia		 2007-08-13 08:59:57 
Yes, it's work with Dummynet well, cause I'm using dummynet
for some 
years. The problem is, with dummynet I could not do
"borrow" bandwidth 
from the parent.
So, I should move to ALTQ+PF, but unfortunately I'm facing a
problem 
with it.
Please give me some comment, If I use ALTQ+PF in my router,
it's really 
  could not limit incoming and outgoing traffic from/to my
client ?
Does no one have a bettter experience ?

regards,

Dian

Chris Marlatt wrote:
> David DeSimone wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> I'm curious what you think your router can do to
prevent hosts on the
>> internet from sending traffic too fast.
>>
>> Once you have received the packets, it is too late
to limit their
>> arrival rate.
>>
> 
> Can't ipfw do this through dummynet? It seems to work
fine for me in my 
> tests.
> 
> Now yes it's not really preventing them from sending
traffic, but it 
> should still be able to queue it and invoke latency to
simulate a slower 
> link/pipe.
> 
> Regards,
> 
>     Chris
> _______________________________________________
> freebsd-pffreebsd.org mailing list
> 
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
> 
> 
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
Re: Using PF + ALTQ in FreeBSD 6.2
country flaguser name
United States		 2007-08-13 09:05:15 
Dian Candra wrote:
> Yes, it's work with Dummynet well, cause I'm using
dummynet for some 
> years. The problem is, with dummynet I could not do
"borrow" bandwidth 
> from the parent.
> So, I should move to ALTQ+PF, but unfortunately I'm
facing a problem 
> with it.
> Please give me some comment, If I use ALTQ+PF in my
router, it's really 
>  could not limit incoming and outgoing traffic from/to
my client ?
> Does no one have a bettter experience ?
> 
> regards,
> 
> Dian
> 

I haven't had time to test this idea yet, maybe someone else
can shed 
some light on this, but seeing as ALTQ can only queue
outbound traffic, 
have you thought about queuing on both your external and
internal 
interfaces? Simply changing perspective of the rules?

This is dependent upon pf/ALTQ actually taking two
"altq" statements in 
the pf.conf which I'm not certain it can do. It doesn't
complain about 
the syntax but like I said before, I haven't tested this
yet.

You could also try to use a combination of pf and ipfw. I
used such an 
implementation when I needed to do per ip bw limits and
needed more 
queues than ALTQ would support. ipfw's "mask
src-ip" and "mask dst-ip" 
work nicely for this.

Best of luck in finding a functional solution.

Regards,

	Chris
_______________________________________________
freebsd-pffreebsd.org mailing list

http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to
"freebsd-pf-unsubscribefreebsd.org"
Re: Using PF + ALTQ in FreeBSD 6.2
country flaguser name
Germany		 2007-08-13 09:23:46 
On Monday 13 August 2007, Chris Marlatt wrote:
> Dian Candra wrote:
> > Yes, it's work with Dummynet well, cause I'm using
dummynet for some
> > years. The problem is, with dummynet I could not
do "borrow"
> > bandwidth from the parent.
> > So, I should move to ALTQ+PF, but unfortunately
I'm facing a problem
> > with it.
> > Please give me some comment, If I use ALTQ+PF in
my router, it's
> > really could not limit incoming and outgoing
traffic from/to my
> > client ? Does no one have a bettter experience ?
> >
> > regards,
> >
> > Dian
>
> I haven't had time to test this idea yet, maybe someone
else can shed
> some light on this, but seeing as ALTQ can only queue
outbound traffic,
> have you thought about queuing on both your external
and internal
> interfaces? Simply changing perspective of the rules?

Yes, this is a functional approach.  It's silly, but it does
what you are 
asking for.  It doesn't matter if you use ALTQ or dummynet
for this, btw.

> This is dependent upon pf/ALTQ actually taking two
"altq" statements in
> the pf.conf which I'm not certain it can do. It doesn't
complain about
> the syntax but like I said before, I haven't tested
this yet.
>
> You could also try to use a combination of pf and ipfw.
I used such an
> implementation when I needed to do per ip bw limits and
needed more
> queues than ALTQ would support. ipfw's "mask
src-ip" and "mask dst-ip"
> work nicely for this.
>
> Best of luck in finding a functional solution.



-- 
/"  Best regards,                      | mlaierfreebsd.org
 /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.l
ove2party.net/  | mlaierEFnet
/   ASCII Ribbon Campaign              | Against HTML Mail
and News
[1-6]

about | contact  Other archives ( Real Estate discussion Medical topics )