Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 20 May 2016 07:59:09 +0300
From:      Max <maximos@als.nnov.ru>
To:        freebsd-pf@freebsd.org
Subject:   Re: Traffic shaping incomming traffic for all vlans
Message-ID:  <75067e1b-650a-ba5b-8fa1-998ceaab7903@als.nnov.ru>
In-Reply-To: <262ED41F8198C0409ACB79946570FFCD1AA1340594@EXCHANGE.mail.starnet.cz>
References:  <262ED41F8198C0409ACB79946570FFCD1AA134055F@EXCHANGE.mail.starnet.cz> <3eefc0f5-eb68-dd8e-6fee-aef8d1edbd37@als.nnov.ru> <262ED41F8198C0409ACB79946570FFCD1AA1340594@EXCHANGE.mail.starnet.cz>
next in thread | previous in thread | raw e-mail | index | archive | help 


19.05.2016 23:16, Radek Krejča пишет:
> on $ext_if proto { tcp, udp } from 192.168.52.0/24
>> Why?
> Is there any nat rule?
>
>> And second problem - how to set up (on which interface) altq queues?
> You should use outgoing interface.
>
>
> Hello,
> there is relevant part of my pf.conf
>
> ext_if          =       "ext0"
> int_if          =       "int0"
>
> scrub all fragment reassemble no-df
>
> altq on $ext_if cbq bandwidth 1Gb queue { \
>      pokus,          \
>      pokus_default        \
> }
>
> queue pokus bandwidth 10Mb cbq (red)
> queue pokus_default bandwidth 600Mb cbq (default, borrow, red)
>
> nat on $ext_if from "192.168.150.0/24"     -> $ext_addr
>
> # This is working rule
> #block quick proto { tcp, udp } from 192.168.52.0/24
>
> # This is not working
> pass in quick on $ext_if from 192.168.52.0/24 queue pokus
>
> # This doesnt match to
> # block quick on $ext_if proto { tcp, udp } from 192.168.52.0/24
Incoming traffic flow: state table -> rdr rules -> filter rules.
Outgoing traffic flow: state table -> nat rules -> filter rules.
I assume your "int_if" has 192.168.52.0/24 net confidured. If so, nat 
rule changes source address and your filter rule should be:
pass out quick on $ext_if from $ext_addr ...

Or you could change nat rule:
nat *pass* on $ext_if from 192.168.150.0/24 -> $ext_addr

>
> On this BSD box are 74 vlans on int_if and I need to shape traffic for all of them.
>
> Thank you very much.
> Radek
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?75067e1b-650a-ba5b-8fa1-998ceaab7903>