Date: Mon, 29 Nov 2004 00:27:58 +0200 From: =?iso-8859-15?Q?mikael_s=F6derholm?= <gnarlie@ihku.org> To: mzk <mzk@anti-offline.net>, freebsd-pf@freebsd.org Subject: Re: PF strange problem. Message-ID: <opsh64ow00yywyt2@punaposki.rauhankatu.lan> In-Reply-To: <20041128235145.942843@mzk> References: <20041128235145.942843@mzk>
next in thread | previous in thread | raw e-mail | index | archive | help
If you have 'quick' in the rule it won't go thru any other rules after that.
On Sun, 28 Nov 2004 23:51:45 +0200, mzk <mzk@anti-offline.net> wrote:
> First sorry my English and sorry my other mistakes, but that is my first post in mailing list ever. :-)
> Today i understood my pf doesn't work properly. For each host of my network i have 4 rules, 2 out (from int_if) and 2 in like:
>
> pass out quick on $int_if from <peering> to $host queue peering_host_in
> pass out quick on $int_if from any to $host queue host_in
> pass in quick on $int_if proto { tcp, udp } from $host to <peering> port $ports
> pass in quick on $int_if proto { tcp, udp } from $host to any port $ports
>
> The problem is, that the first `peering` rule works like the second one -> it pass everything from anyone using the peering_host_in queue. If i comment it, the second rule works, but that's not the idea. So my international connection (the second rules) is overloaded and i could not make good QoS. I am using GENERIC with these options, added by me ->
>
> # custom options;
>
> # pf support;
> device pf
> device pflog
> device pfsync
>
> # ALTQ options;
> options ALTQ #alternate queueing
> options ALTQ_CBQ #class based queueing
> ##options ALTQ_WFQ #weighted fair queueing
> ##options ALTQ_FIFOQ #fifo queueing
> options ALTQ_RED #random early detection
> ##options ALTQ_FLOWVALVE #flowvalve for RED (needs RED)
> options ALTQ_RIO #triple red for diffserv (needs RED)
> ##options ALTQ_LOCALQ #local use
> options ALTQ_HFSC #hierarchical fair service curve
> ##options ALTQ_ECN #ecn extention to tcp (needs RED)
> ##options ALTQ_IPSEC #check ipsec in IPv4
> options ALTQ_CDNR #diffserv traffic conditioner
> ##options ALTQ_BLUE #blue by wu-chang feng
> options ALTQ_PRIQ #priority queue
> options ALTQ_NOPCC #don't use processor cycle counter
> #options ALTQ_DEBUG #for debugging
>
> #options IPDIVERT
> options IPSTEALTH
> #options IPFILTER
>
> My pf.conf is abot 600 lines, so i will not paste it here. If you request it i can upload it somewhere. Thanks in advance and sorry for every my mistake!
>
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?opsh64ow00yywyt2>