From owner-freebsd-pf@FreeBSD.ORG Sun Nov 28 21:49:39 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A822B16A4D3 for ; Sun, 28 Nov 2004 21:49:39 +0000 (GMT) Received: from sparky.gotobg.net (sparky.gotobg.net [212.36.9.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2445243D41 for ; Sun, 28 Nov 2004 21:49:39 +0000 (GMT) (envelope-from mzk@anti-offline.net) Received: from [83.228.114.66] (helo=mzk) by sparky.gotobg.net with smtp (Exim 4.43 (FreeBSD)) id 1CYWvA-000760-M0 for freebsd-pf@freebsd.org; Sun, 28 Nov 2004 23:49:28 +0200 From: mzk To: X-Mailer: PocoMail 3.2 (2000) - Licensed Version Date: Sun, 28 Nov 2004 23:51:45 +0200 Message-ID: <20041128235145.942843@mzk> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - sparky.gotobg.net X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [26 6] X-AntiAbuse: Sender Address Domain - anti-offline.net X-Source: X-Source-Args: X-Source-Dir: Subject: PF strange problem. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Nov 2004 21:49:39 -0000 First sorry my English and sorry my other mistakes, but that is my first= post in mailing list ever. :-) Today i understood my pf doesn't work properly. For each host of my network= i have 4 rules, 2 out (from int_if) and 2 in like: pass out quick on $int_if from to $host queue peering_host_in pass out quick on $int_if from any to $host queue host_in pass in quick on $int_if proto { tcp, udp } from $host to port= $ports pass in quick on $int_if proto { tcp, udp } from $host to any port $ports The problem is, that the first `peering` rule works like the second one ->= it pass everything from anyone using the peering_host_in queue. If i= comment it, the second rule works, but that's not the idea. So my= international connection (the second rules) is overloaded and i could not= make good QoS. I am using GENERIC with these options, added by me -> # custom options; # pf support; device pf device pflog device pfsync # ALTQ options; options ALTQ #alternate queueing options ALTQ_CBQ #class based queueing ##options ALTQ_WFQ #weighted fair queueing ##options ALTQ_FIFOQ #fifo queueing options ALTQ_RED #random early detection ##options ALTQ_FLOWVALVE #flowvalve for RED (needs RED) options ALTQ_RIO #triple red for diffserv (needs RED) ##options ALTQ_LOCALQ #local use options ALTQ_HFSC #hierarchical fair service curve ##options ALTQ_ECN #ecn extention to tcp (needs RED) ##options ALTQ_IPSEC #check ipsec in IPv4 options ALTQ_CDNR #diffserv traffic conditioner ##options ALTQ_BLUE #blue by wu-chang feng options ALTQ_PRIQ #priority queue options ALTQ_NOPCC #don't use processor cycle counter #options ALTQ_DEBUG #for debugging #options IPDIVERT options IPSTEALTH #options IPFILTER My pf.conf is abot 600 lines, so i will not paste it here. If you request it= i can upload it somewhere. Thanks in advance and sorry for every my= mistake!