From owner-freebsd-pf@FreeBSD.ORG Wed Jul 30 08:23:19 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 62DEF1065670 for ; Wed, 30 Jul 2008 08:23:19 +0000 (UTC) (envelope-from buchtajz@borsice.net) Received: from mx.sitkom.cz (mx.sitkom.cz [88.146.187.34]) by mx1.freebsd.org (Postfix) with ESMTP id 1B0FF8FC18 for ; Wed, 30 Jul 2008 08:23:19 +0000 (UTC) (envelope-from buchtajz@borsice.net) Received: from [10.6.1.134] (buchtajz.dlsystem.buchlovice.sfn [10.6.1.134]) by mx.sitkom.cz (Postfix) with ESMTP id 4663F1C4682; Wed, 30 Jul 2008 10:24:54 +0200 (CEST) From: Michal Buchtik To: news@topocentras.lt In-Reply-To: <64686.88.119.128.115.1217400195.squirrel@mx.agservice.lt> References: <51307.88.119.128.115.1217227945.squirrel@mx.agservice.lt> <64686.88.119.128.115.1217400195.squirrel@mx.agservice.lt> Content-Type: text/plain; charset=UTF-8 Date: Wed, 30 Jul 2008 10:22:16 +0200 Message-Id: <1217406136.31805.6.camel@buchtajz> Mime-Version: 1.0 X-Mailer: Evolution 2.12.3 (2.12.3-5.fc8) Content-Transfer-Encoding: 8bit Cc: freebsd-pf@freebsd.org Subject: Re: need help with keep state and shaping X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2008 08:23:19 -0000 PF makes 2 states per connection, so try this ($int_if is users LAN) pass in quick on $int_if from 10.0.0.1 to any tag user1 queue download1 pass in quick on $ext_if from any to 10.0.0.1 tag user1 queue upload1 pass out quick on $int_if tagged user1 queue download1 pass out quick on $ext_if tagged user1 queue upload1 .....and so on for another users news@topocentras.lt píše v St 30. 07. 2008 v 09:43 +0300: > Hello once more, > It whould be very interesting to hear from you how to use keep state for > router, shaping in and out traffic. > I am using around thousand of queues(hfsc) and it makes a lot of > performace problems. Using keep state it would reduce it, but as i mention > before, i have problems using it. > > Sincerely Yours, > Albertas > > > ext_if="bge0" > > int_if="bge1" > > > > pass out quick on $ext_if from 10.0.0.1 to any queue upload1 > > pass out quick on $int_if from any to 10.0.0.1 queue download1 > > > > pass out quick on $ext_if from 10.0.0.2 to any queue upload2 > > pass out quick on $int_if from any to 10.0.0.2 queue download2 > > > > pass out quick on $ext_if from 10.0.0.3 to any queue upload3 > > pass out quick on $int_if from any to 10.0.0.3 queue download3 > > > > pass in all > > pass out all > > > > #10.0.0.x users subnet > > > > Hello, > > I have problems with keep state usage. I need to shape ingoing and > > outgoing trafic (no nat). > > Before I used sintax like above, but then I used it with keyword "keep > > state" some useres reported problems with trafic. > > With version FreeBSD 7 with keep state on pass rules are not working at > > all. > > Question is how to deal with keep state for in and out trafic then i need > > to shape both? I tried to use set state-policy if-bound but it had no > > impact. > > > > _______________________________________________ > > freebsd-pf@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > > > > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"