Date: Fri, 9 Dec 2011 17:39:11 -0800 From: alan yang <alancyang@gmail.com> To: freebsd-ipfw@freebsd.org Subject: ipfw + altq + pf + ipfw-classifyd identifying/queuing ftp traffic Message-ID: <CAPATHO14v85MnVAYYU0=yyqCfQLEOXVjaTT=u60W-ftH%2BnoP1g@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello, I have the following setup in trying to identify ftp traffic with ipfw-classifyd and direct ftp traffic into ALTQ CBQ queue, and non-ftp traffic should not go through the ftp queue. With 'ipfw show' and 'pfctl -s queue -v' command, at run time with ping and ftp, I have couple questions; 1) the re-injected diverted packet with fwrule (1000), should it match rule 63001 and be directed to ftp queue? 2) for non ftp traffic, should it match rule 1000 and NOT be directed to ftp queue? >From 'pfctl -s queue -v' command, it seems ALL traffics got through ALTQ ftp queue. Wonder people could shed some light on the right rule configuration, and how to verify the ipfw processing of reinjected diverted packets with more ALTQ debugging? Thanks in advance! Alan --- ipfw rules: #! /bin/sh ipfw -f flush ipfw pipe 1 config bw 256Kbit/s queue 30 ipfw pipe 2 config bw 256Kbit/s queue 30 ipfw add 400 divert 7777 tcp from any to any via em0 ipfw add 410 divert 7777 udp from any to any via em0 ipfw add 1000 allow ip from any to any ipfw add 63000 allow altq ftp ip from any to any in diverted ipfw add 63001 allow altq ftp ip from any to any out diverted ipfw add 64000 pipe 1 log ip from any to any in diverted ipfw add 64001 pipe 2 log ip from any to any out diverted /etc/pf.conf altq on emo cbq bandwidth 5Mb queue { ftp } queue ftp bandwidth 10% cbq(default) ipfw-classifyd /usr/local/sbin/ipfw-classifyd p 7777 ipfw-classifyd configuration file has ftp = 1000
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPATHO14v85MnVAYYU0=yyqCfQLEOXVjaTT=u60W-ftH%2BnoP1g>