Date: Thu, 09 Nov 2006 13:40:02 +0100 From: Volker <volker@vwsoft.com> To: Muhammad Reza <beastie@mra.co.id> Cc: "FreeBSD \(PF\)" <freebsd-pf@freebsd.org> Subject: Re: Re: pf.conf + altq problem Message-ID: <455321A2.6090606@vwsoft.com> In-Reply-To: <1163010356.1504.46.camel@beastie.mra.co.id> References: <1162836051.23997.7.camel@beastie.mra.co.id> <6e6841490611071140u486d550bn8d3f3f0c40b6fd9@mail.gmail.com> <6e6841490611071141u2f1ad06apaa4542a94f8b786b@mail.gmail.com> <1163010356.1504.46.camel@beastie.mra.co.id>
next in thread | previous in thread | raw e-mail | index | archive | help
On 37378-12-23 20:59, Muhammad Reza wrote:
> still not work with pass in rule.
>
> add info with this rule set:
>
> altq on xl1 bandwidth 100% cbq queue {int_out,dflt_out}
> queue int_out bandwidth 3Mb
> queue dflt_out bandwidth 16Kb cbq (default)
>
> altq on xl2 bandwidth 100% cbq queue {int_in,dflt_in}
> queue int_in bandwidth 3Mb
> queue dflt_in bandwidth 16Kb cbq (default)
>
> pass out log on xl1 from 172.16.0.228 to 202.57.14.1 keep state flags
> S/SA queue (int_out)
> pass out log on xl2 from 202.57.14.1 to 172.16.0.228 keep state flags
> S/SA queue (int_in)
>
> if i only enabled altq on in one interface only (xl1 or xl2) , traffic
> limitation that i want is can be done.
>
> Is there something that can be done with ALTQ and PF or my rule is
> bad ???
>
> please help me...
>
>
>> Try this rules:
>> pass in log on xl2 from 172.16.0.228 to 202.57.14.1 keep state flags
>> S/SA queue (int_out)
>> pass in log on xl2 from 172.16.0.228 to 202.57.14.1 keep state flags
>> S/SA queue (int_in)
>>
>> Gilberto
>>
>>
>> 2006/11/6, Muhammad Reza <beastie@mra.co.id>:
>>> Dear All.
>>>
>>> I start with the simple rule set in my pf bridge machine to limit
>>> bandwidth 3Mbps from my server on lan to internet and from internet to
>>> my server on lan
>>> this my setup:
>>>
>>> Internet ---xl1 xl2---LAN
>>>
>>> and my pf.conf
>>>
>>> lan="172.16.0.0/24"
>>> #ALTQ at outgoing interface to limit traffic 3 MBps from lan to internet
>>> altq on xl1 bandwidth 100% cbq queue {int_out,dflt_out}
>>> queue int_out bandwidth 3Mb
>>> queue dflt_out bandwidth 16Kb cbq (default)
>>> #ALTQ at lan interface to limit traffic 3 MBps from internet to lan
>>> altq on xl2 bandwidth 100% cbq queue {int_in,dflt_in}
>>> queue int_in bandwidth 3Mb cbq (default)
>>> queue dflt_in bandwidth 16Kb
>>>
>>> block on xl1
>>> pass in on xl1 from any to $lan
>>> pass out on xl1 from $lan to any
>>> pass out log on xl1 from 172.16.0.228 to 202.57.14.1 keep state flags S/SA queue (int_out)
>>>
>>> block on xl2
>>> pass in on xl2 from $lan to any keep state
>>> pass out on xl2 from any to $lan keep state
>>> #pass out log on xl2 from 202.57.14.1 to 172.16.0.228 keep state flags S/SA queue (int_in)
>>>
>>> I have done some test with iperf with no luck.
>>> Is there something wrong with this rule set to acompilished my need ?
>>> Please help
>>>
>>> Regards
>>> Reza
Reza,
you're really using just one queue:
> block on xl1
> pass in on xl1 from any to $lan
> pass out on xl1 from $lan to any
> pass out log on xl1 from 172.16.0.228 to 202.57.14.1 keep state
flags S/SA queue (int_out)
As $lan is 172.16/24 rule number 3 (which goes to queue dflt_out)
catches all the packets you're wanting for queue int_out.
HTH,
Volker
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?455321A2.6090606>