Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 28 Nov 2004 23:51:45 +0200
From:      mzk <mzk@anti-offline.net>
To:        <freebsd-pf@freebsd.org>
Subject:   PF strange problem.
Message-ID:  <20041128235145.942843@mzk>
next in thread | raw e-mail | index | archive | help 
First sorry my English and sorry my other mistakes, but that is my first=
 post in mailing list ever. :-)
Today i understood my pf doesn't work properly. For each host of my network=
 i have 4 rules, 2 out (from int_if) and 2 in like:

pass out quick on $int_if from <peering> to $host queue peering_host_in
pass out quick on $int_if from any to $host queue host_in
pass in quick on $int_if proto { tcp, udp } from $host to <peering> port=
 $ports
pass in quick on $int_if proto { tcp, udp } from $host to any port $ports

The problem is, that the first `peering` rule works like the second one ->=
 it pass everything from anyone using the peering_host_in queue. If i=
 comment it, the second rule works, but that's not the idea. So my=
 international connection (the second rules) is overloaded and i could not=
 make good QoS. I am using GENERIC with these options, added by me ->

# custom options;

# pf support;
device          pf
device          pflog
device          pfsync

# ALTQ options;
options         ALTQ            #alternate queueing
options         ALTQ_CBQ        #class based queueing
##options               ALTQ_WFQ        #weighted fair queueing
##options               ALTQ_FIFOQ      #fifo queueing
options         ALTQ_RED        #random early detection
##options               ALTQ_FLOWVALVE  #flowvalve for RED (needs RED)
options         ALTQ_RIO        #triple red for diffserv (needs RED)
##options               ALTQ_LOCALQ     #local use
options         ALTQ_HFSC       #hierarchical fair service curve
##options               ALTQ_ECN        #ecn extention to tcp (needs RED)
##options               ALTQ_IPSEC      #check ipsec in IPv4
options         ALTQ_CDNR       #diffserv traffic conditioner
##options               ALTQ_BLUE       #blue by wu-chang feng
options         ALTQ_PRIQ       #priority queue
options         ALTQ_NOPCC      #don't use processor cycle counter
#options                ALTQ_DEBUG      #for debugging

#options        IPDIVERT
options         IPSTEALTH
#options        IPFILTER

My pf.conf is abot 600 lines, so i will not paste it here. If you request it=
 i can upload it somewhere. Thanks in advance and sorry for every my=
 mistake!

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041128235145.942843>