Date: Sun, 22 Mar 2009 10:30:35 +0100 From: =?ISO-8859-1?Q?Morgan_Wesstr=F6m?= <freebsd-questions@pp.dyndns.biz> Cc: freebsd-questions@freebsd.org Subject: Re: ipfw, pf and ALTQ on outbound traffic? (or: "The net is slow when I upload!") Message-ID: <49C6053B.8050403@pp.dyndns.biz> In-Reply-To: <49C598E3.80107@cheeze.org> References: <49C598E3.80107@cheeze.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Jubal Kessler wrote: > Greetings, > > Is there a general how-to, or a set of coherent instructions, for > shaping outbound traffic such that when I upload something over my > asymmetric cable-modem pipe, doing so doesn't completely kill my Web > browsing or any other attempts to use my Internet connection? Daniel Hartmeier's tutorial is the base on which I build my own knowledge: http://www.benzedrine.cx/ackpri.html I have helped my friends build FreeBSD based routers for a few years now. I've put together a documentation, mainly to help myself being consistent, but your free to look at my examples there and the reasoning behind it. It's in the "Firewall setup" guide but it's rather long since I explain in detail every part of the firewall rule set: http://homerouters.info/wiki/Main_Page Be aware that I'm not a very good teacher... ;-) > (To put it another way: When I max out my upstream, and my upstream is > capped lower than my downstream, my downstream becomes useless and I am > forced to wait until the upload finishes before I can resume using the > downstream. This is a problem, and I'd like to solve it.) This is exactly the reason why I built my own router several years ago. > I have looked at various ALTQ + pf setups on the Web, but I have one > caveat. I use FreeBSD 6.4 on my home gateway, and it is also using the > default natd server, which relies on an ipfw divert rule. I don't know > if this matters, or if I need to switch from natd to a pf-based NAT setup. > > Should I use *just* ipfw, or should I switch everything to pf (including > NAT services) and go from there? I have no experience running pf and ipfw at the same time. NAT is handled perfectly by pf and keeping everything in the same config makes everything much easier. Naturally I recommend you have a look at the example in my tutorial and the pf man page of course. It's extremely flexible. > Thanks much, > > Jubal /Morgan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49C6053B.8050403>