From owner-freebsd-pf@FreeBSD.ORG Sun Nov 28 22:37:25 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 616B516A4CE for ; Sun, 28 Nov 2004 22:37:25 +0000 (GMT) Received: from sparky.gotobg.net (sparky.gotobg.net [212.36.9.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0DDE443D48 for ; Sun, 28 Nov 2004 22:37:25 +0000 (GMT) (envelope-from mzk@anti-offline.net) Received: from [83.228.114.66] (helo=mzk) by sparky.gotobg.net with smtp (Exim 4.43 (FreeBSD)) id 1CYXfP-0008Mt-62 for freebsd-pf@freebsd.org; Mon, 29 Nov 2004 00:37:15 +0200 From: mzk To: X-Mailer: PocoMail 3.2 (2000) - Licensed Version Date: Mon, 29 Nov 2004 00:39:35 +0200 Message-ID: <2004112903935.976191@mzk> In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - sparky.gotobg.net X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [26 6] X-AntiAbuse: Sender Address Domain - anti-offline.net X-Source: X-Source-Args: X-Source-Dir: Subject: Re: PF strange problem. X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Nov 2004 22:37:25 -0000 I tried removing `quick` and the effect was the use of the next rule, which= i don't want. Exactly for QoS i am using the quick keyword in my rules.= Otherwise the hosts will receive much slower speed for the table.= >=A0If you have 'quick' in the rule it won't go thru any other rules >=A0after that. > >=A0On Sun, 28 Nov 2004 23:51:45 +0200, mzk >=A0wrote: > >>=A0First sorry my English and sorry my other mistakes, but that is >>=A0my first post in mailing list ever. :-) >>=A0Today i understood my pf doesn't work properly. For each host of >>=A0my network i have 4 rules, 2 out (from int_if) and 2 in like: >> >>=A0pass out quick on $int_if from =A0to $host queue >>=A0peering_host_in pass out quick on $int_if from any to $host queue >>=A0host_in pass in quick on $int_if proto { tcp, udp } from $host to >>=A0=A0port $ports pass in quick on $int_if proto { tcp, udp } >>=A0from $host to any port $ports >> >>=A0The problem is, that the first `peering` rule works like the >>=A0second one ->=A0it pass everything from anyone using the >>=A0peering_host_in queue. If i comment it, the second rule works, >>=A0but that's not the idea. So my international connection (the >>=A0second rules) is overloaded and i could not make good QoS. I am >>=A0using GENERIC with these options, added by me -> >> >>=A0# custom options; >> >>=A0# pf support; >>=A0device =A0 =A0 =A0 =A0 =A0pf >>=A0device =A0 =A0 =A0 =A0 =A0pflog >>=A0device =A0 =A0 =A0 =A0 =A0pfsync >> >>=A0# ALTQ options; >>=A0options =A0 =A0 =A0 =A0 ALTQ =A0 =A0 =A0 =A0 =A0 =A0#alternate queueing options >>=A0 =A0ALTQ_CBQ =A0 =A0 =A0 =A0#class based queueing ##options >>=A0ALTQ_WFQ =A0 =A0 =A0 =A0#weighted fair queueing ##options >>=A0ALTQ_FIFOQ =A0 =A0 =A0#fifo queueing options =A0 =A0 =A0 =A0 ALTQ_RED >>=A0#random early detection ##options =A0 =A0 =A0 =A0 =A0 =A0 =A0 ALTQ_FLOWVALVE >>=A0#flowvalve for RED (needs RED) options =A0 =A0 =A0 =A0 ALTQ_RIO >>=A0#triple red for diffserv (needs RED) ##options >>=A0ALTQ_LOCALQ =A0 =A0 #local use options =A0 =A0 =A0 =A0 ALTQ_HFSC >>=A0#hierarchical fair service curve ##options =A0 =A0 =A0 =A0 =A0 =A0 =A0 ALTQ_ECN >>=A0 =A0 =A0 =A0 #ecn extention to tcp (needs RED) ##options >>=A0ALTQ_IPSEC =A0 =A0 =A0#check ipsec in IPv4 options =A0 =A0 =A0 =A0 ALTQ_CDNR >>=A0 =A0 #diffserv traffic conditioner ##options >>=A0ALTQ_BLUE =A0 =A0 =A0 #blue by wu-chang feng options =A0 =A0 =A0 =A0 ALTQ_PRIQ >>=A0 =A0 =A0 #priority queue >>=A0options =A0 =A0 =A0 =A0 ALTQ_NOPCC =A0 =A0 =A0#don't use processor cycle >>=A0counter #options =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0ALTQ_DEBUG =A0 =A0 =A0#for debugging >> >>=A0#options =A0 =A0 =A0 =A0IPDIVERT >>=A0options =A0 =A0 =A0 =A0 IPSTEALTH >>=A0#options =A0 =A0 =A0 =A0IPFILTER >> >>=A0My pf.conf is abot 600 lines, so i will not paste it here. If you >>=A0request it i can upload it somewhere. Thanks in advance and sorry >>=A0for every my mistake! >> >>=A0_______________________________________________ >>=A0freebsd-pf@freebsd.org mailing list >>=A0http://lists.freebsd.org/mailman/listinfo/freebsd-pf To >>=A0unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"