Date: Thu, 16 Sep 2004 03:51:52 -0000 From: Robert Krasicki <wstud@wp.pl> To: pf4freebsd@freelists.org Subject: [pf4freebsd] pfaltq FreeBSD (merged) problem Message-ID: <20030928164955.GA50979@toudi.cisovanet.pl>
next in thread | raw e-mail | index | archive | help
Hello,=20 I have problems with my configuration.=20 I'm using pf.conf configuration from http://openbsd.org/faq/pf/queueing.h= tml (the first one example).=20 Of course I've replaced interface names with proper one.=20 ---------=20 #####=20 local_net =3D "192.168.0.0/24"=20 ssh_ports =3D "{ 22 2022 }"=20 im_ports =3D "{ 1863 5190 5222 }"=20 ext_if=3D"ed0"=20 int_if=3D"xl0"=20 scrub in all no-df=20 altq on $ext_if priq bandwidth 100Kb queue { std_out, ssh_im_out, dns_out= , \=20 tcp_ack_out }=20 queue std_out priq(default)=20 queue ssh_im_out priority 4 priq(red)=20 queue dns_out priority 5=20 queue tcp_ack_out priority 6=20 altq on $int_if cbq bandwidth 510Kb queue { std_in, ssh_im_in, dns_in, bo= b_in }=20 queue std_in cbq(default)=20 queue ssh_im_in priority 4=20 queue dns_in priority 5=20 nat on $ext_if from $int_if/24 to any -> $ext_if=20 rdr on $ext_if proto tcp from any to $ext_if port 4000:4005 -> 192.168.0.= 6=20 rdr on $ext_if proto tcp from any to $ext_if port 1551 -> 192.168.0.6=20 rdr on $ext_if proto tcp from any to $ext_if port 3389 -> 192.168.0.6=20 rdr on $ext_if proto tcp from any to $ext_if port 416 -> 192.168.0.6=20 rdr on $ext_if proto udp from any to $ext_if port 416 -> 192.168.0.6=20 block in on $ext_if all=20 block out on $ext_if all=20 pass out on $ext_if inet proto tcp from ($ext_if) to any flags S/SA \=20 keep state queue(std_out, tcp_ack_out)=20 pass out on $ext_if inet proto { udp icmp } from ($ext_if) to any keep st= ate=20 pass out on $ext_if inet proto { tcp udp } from ($ext_if) to any port dom= ain \=20 keep state queue dns_out=20 pass out on $ext_if inet proto tcp from ($ext_if) to any port $ssh_ports = \=20 flags S/SA keep state queue(std_out, ssh_im_out)=20 pass out on $ext_if inet proto tcp from ($ext_if) to any port $im_ports \= =20 flags S/SA keep state queue(ssh_im_out, tcp_ack_out)=20 block in on $int_if all=20 pass in on $int_if from $local_net=20 block out on $int_if all=20 pass out on $int_if from any to $local_net=20 pass out on $int_if proto { tcp udp } from any port domain to $local_net = \=20 queue dns_in=20 pass out on $int_if proto tcp from any port $ssh_ports to $local_net \=20 queue(std_in, ssh_im_in)=20 pass out on $int_if proto tcp from any port $im_ports to $local_net \=20 queue ssh_im_in=20 ---=20 All I want to achieve by this configuration is a no lagged ssh output.=20 I'm using ADSL 512/128 connection, and I would like to be able=20 to connect external SSH ports with no delays.=20 When I'm uploading some file from my local computer (192.168.0.6) to=20 host in Internet e.g 212.160.150.190 my ssh connection to eg. 212.140.158= .190 becomes lagged.=20 According to rules, it should work without any delays?.=20 Maybe I'm wrong, is it possible to achieve this ?=20 PS. I'm using pf+altq merged for FreeBSD 5.1 Release=20 Rules are being loaded with no errors, packets are being counted properly= .=20 Maybe you could provide me with the simplest ssh + tcp ack highest priori= ty config ?.=20 I've spent few weeks on trying to solve this problem =20 Thanks! Rob
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030928164955.GA50979>