From owner-freebsd-questions@FreeBSD.ORG Sun Mar 22 09:30:39 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 99D6F106566B for ; Sun, 22 Mar 2009 09:30:39 +0000 (UTC) (envelope-from freebsd-questions@pp.dyndns.biz) Received: from proxy2.bredband.net (proxy2.bredband.net [195.54.101.72]) by mx1.freebsd.org (Postfix) with ESMTP id 4EF7A8FC1A for ; Sun, 22 Mar 2009 09:30:39 +0000 (UTC) (envelope-from freebsd-questions@pp.dyndns.biz) Received: from ironport.bredband.com (195.54.101.120) by proxy2.bredband.net (7.3.139) id 49C0BA210015CF14 for freebsd-questions@freebsd.org; Sun, 22 Mar 2009 10:30:37 +0100 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AkZXADKixUlV4jp1PGdsb2JhbACBT4EwigGHSoEZAQEBAR4XC7xjgjqBRAY X-IronPort-AV: E=Sophos;i="4.38,402,1233529200"; d="scan'208";a="497995066" Received: from c-753ae255.107-1-64736c10.cust.bredbandsbolaget.se (HELO gatekeeper.pp.dyndns.biz) ([85.226.58.117]) by ironport1.bredband.com with ESMTP; 22 Mar 2009 10:30:43 +0100 Received: from [192.168.69.67] (phobos [192.168.69.67]) by gatekeeper.pp.dyndns.biz (8.14.2/8.14.2) with ESMTP id n2M9UZ1V077273 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sun, 22 Mar 2009 10:30:36 +0100 (CET) (envelope-from freebsd-questions@pp.dyndns.biz) Message-ID: <49C6053B.8050403@pp.dyndns.biz> Date: Sun, 22 Mar 2009 10:30:35 +0100 From: =?ISO-8859-1?Q?Morgan_Wesstr=F6m?= User-Agent: Thunderbird 2.0.0.19 (X11/20090314) MIME-Version: 1.0 CC: freebsd-questions@freebsd.org References: <49C598E3.80107@cheeze.org> In-Reply-To: <49C598E3.80107@cheeze.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: ipfw, pf and ALTQ on outbound traffic? (or: "The net is slow when I upload!") X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Mar 2009 09:30:39 -0000 Jubal Kessler wrote: > Greetings, > > Is there a general how-to, or a set of coherent instructions, for > shaping outbound traffic such that when I upload something over my > asymmetric cable-modem pipe, doing so doesn't completely kill my Web > browsing or any other attempts to use my Internet connection? Daniel Hartmeier's tutorial is the base on which I build my own knowledge: http://www.benzedrine.cx/ackpri.html I have helped my friends build FreeBSD based routers for a few years now. I've put together a documentation, mainly to help myself being consistent, but your free to look at my examples there and the reasoning behind it. It's in the "Firewall setup" guide but it's rather long since I explain in detail every part of the firewall rule set: http://homerouters.info/wiki/Main_Page Be aware that I'm not a very good teacher... ;-) > (To put it another way: When I max out my upstream, and my upstream is > capped lower than my downstream, my downstream becomes useless and I am > forced to wait until the upload finishes before I can resume using the > downstream. This is a problem, and I'd like to solve it.) This is exactly the reason why I built my own router several years ago. > I have looked at various ALTQ + pf setups on the Web, but I have one > caveat. I use FreeBSD 6.4 on my home gateway, and it is also using the > default natd server, which relies on an ipfw divert rule. I don't know > if this matters, or if I need to switch from natd to a pf-based NAT setup. > > Should I use *just* ipfw, or should I switch everything to pf (including > NAT services) and go from there? I have no experience running pf and ipfw at the same time. NAT is handled perfectly by pf and keeping everything in the same config makes everything much easier. Naturally I recommend you have a look at the example in my tutorial and the pf man page of course. It's extremely flexible. > Thanks much, > > Jubal /Morgan