From owner-freebsd-pf@FreeBSD.ORG Thu Feb 12 12:41:46 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 96FC01065692 for ; Thu, 12 Feb 2009 12:41:46 +0000 (UTC) (envelope-from eculp@encontacto.net) Received: from ns2.bafirst.com (72-12-2-19.static.networktel.net [72.12.2.19]) by mx1.freebsd.org (Postfix) with ESMTP id 46B768FC1D for ; Thu, 12 Feb 2009 12:41:46 +0000 (UTC) (envelope-from eculp@encontacto.net) Received: from HOME.encontacto.net ([189.129.4.168]) by ns2.bafirst.com with esmtp; Thu, 12 Feb 2009 06:31:42 -0600 id 000D4CF7.499416AE.000098BF Received: from localhost (localhost [127.0.0.1]) (uid 80) by HOME.encontacto.net with local; Thu, 12 Feb 2009 06:31:41 -0600 id 0004AC18.499416AD.0000E164 Received: from local69.local.net.mx (local69.local.net.mx [192.168.1.69]) by econet.encontacto.net (Horde Framework) with HTTP; Thu, 12 Feb 2009 06:31:41 -0600 Message-ID: <20090212063141.11024jm7bsi7shio@econet.encontacto.net> Date: Thu, 12 Feb 2009 06:31:41 -0600 From: eculp To: Tom Uffner References: <76463C1E8CB14B958088F7E54C611560@ashevchenko> <493634DA.7000408@infoweapons.com> <20081203071940.324735uokbfgyh6o@econet.encontacto.net> <4993EB42.2020503@uffner.com> In-Reply-To: <4993EB42.2020503@uffner.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Internet Messaging Program (IMP) H3 (5.0-cvs) X-Remote-Browser: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.0.5) Gecko/2009020709 Firefox/3.0.4, Ant.com Toolbar 1.2 X-IMP-Server: 189.129.4.168 X-Originating-IP: 192.168.1.69 X-Originating-User: eculp@encontacto.net Cc: freebsd-pf@freebsd.org Subject: Re: PF + ALTQ - Bandwidth per customer X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Feb 2009 12:41:47 -0000 Quoting Tom Uffner : > eculp wrote: > >> I don't remember why but for some reason I have the idea that =20 >> pf+altq is not bidirectional. Am I mistaken? > > no solution that does not involve cooperation from your upstream > connection(s) is truly bidirectional. it is easy to limit/shape > your outbound traffic. on the other hand it is difficult if not > impossible to unilaterally control the amount or sources of inbound > data arriving at your border router(s) on it's way to various > applications (mail servers, for example). > > you can _pretend_ to by dropping, queuing or otherwise limiting it > once inside your network, but you cannot meaningfully prevent it from > using your downlink bandwidth and potentially crowding out other, > possibly more desirable, inbound data. > Hi, Tom. Thanks for responding. As I read your answer and my question. I'm =20 pretty sure that I probably didn't ask the question properly. What I =20 need to do is be intermediary between my upstream ISP's and my =20 customers and would like to control the bandwidth hogs. Basically, I want certain outgoing traffic based on port to go to ISP1 =20 and all other, not blocked, ports to go to the other while limiting =20 the available internal bandwidth to each downstream client say to 64k =20 if and if borrowing is possible when traffic is low, great. I did =20 something like this with IPFW and dummynet maybe 6 or more years ago =20 and as I remember, worked and solved an immediate problem of =20 downstream demand not being distributed adequately or equitably. The =20 major differences were connection speed and there was only one isp. I've looked at: http://www.openbsd.org/faq/pf/pools.html It ether doesn't do what I want or I don't understand how to make it =20 do what I want. I am considering going back to IPFW and dummynet but =20 now that I'm using PF, I am a bit lazy to try and integrate what I =20 have in pf to IPFW. Thanks for any help, advice, configuration examples, etc. ed