Date: Mon, 29 Nov 2004 00:39:35 +0200 From: mzk <mzk@anti-offline.net> To: <freebsd-pf@freebsd.org> Subject: Re: PF strange problem. Message-ID: <2004112903935.976191@mzk> In-Reply-To: <opsh64ow00yywyt2@punaposki.rauhankatu.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
I tried removing `quick` and the effect was the use of the next rule, which=
i don't want. Exactly for QoS i am using the quick keyword in my rules.=
Otherwise the hosts will receive much slower speed for the <peering> table.=
>=A0If you have 'quick' in the rule it won't go thru any other rules
>=A0after that.
>
>=A0On Sun, 28 Nov 2004 23:51:45 +0200, mzk <mzk@anti-offline.net>
>=A0wrote:
>
>>=A0First sorry my English and sorry my other mistakes, but that is
>>=A0my first post in mailing list ever. :-)
>>=A0Today i understood my pf doesn't work properly. For each host of
>>=A0my network i have 4 rules, 2 out (from int_if) and 2 in like:
>>
>>=A0pass out quick on $int_if from <peering>=A0to $host queue
>>=A0peering_host_in pass out quick on $int_if from any to $host queue
>>=A0host_in pass in quick on $int_if proto { tcp, udp } from $host to
>>=A0<peering>=A0port $ports pass in quick on $int_if proto { tcp, udp }
>>=A0from $host to any port $ports
>>
>>=A0The problem is, that the first `peering` rule works like the
>>=A0second one ->=A0it pass everything from anyone using the
>>=A0peering_host_in queue. If i comment it, the second rule works,
>>=A0but that's not the idea. So my international connection (the
>>=A0second rules) is overloaded and i could not make good QoS. I am
>>=A0using GENERIC with these options, added by me ->
>>
>>=A0# custom options;
>>
>>=A0# pf support;
>>=A0device =A0 =A0 =A0 =A0 =A0pf
>>=A0device =A0 =A0 =A0 =A0 =A0pflog
>>=A0device =A0 =A0 =A0 =A0 =A0pfsync
>>
>>=A0# ALTQ options;
>>=A0options =A0 =A0 =A0 =A0 ALTQ =A0 =A0 =A0 =A0 =A0 =A0#alternate queueing options
>>=A0 =A0ALTQ_CBQ =A0 =A0 =A0 =A0#class based queueing ##options
>>=A0ALTQ_WFQ =A0 =A0 =A0 =A0#weighted fair queueing ##options
>>=A0ALTQ_FIFOQ =A0 =A0 =A0#fifo queueing options =A0 =A0 =A0 =A0 ALTQ_RED
>>=A0#random early detection ##options =A0 =A0 =A0 =A0 =A0 =A0 =A0 ALTQ_FLOWVALVE
>>=A0#flowvalve for RED (needs RED) options =A0 =A0 =A0 =A0 ALTQ_RIO
>>=A0#triple red for diffserv (needs RED) ##options
>>=A0ALTQ_LOCALQ =A0 =A0 #local use options =A0 =A0 =A0 =A0 ALTQ_HFSC
>>=A0#hierarchical fair service curve ##options =A0 =A0 =A0 =A0 =A0 =A0 =A0 ALTQ_ECN
>>=A0 =A0 =A0 =A0 #ecn extention to tcp (needs RED) ##options
>>=A0ALTQ_IPSEC =A0 =A0 =A0#check ipsec in IPv4 options =A0 =A0 =A0 =A0 ALTQ_CDNR
>>=A0 =A0 #diffserv traffic conditioner ##options
>>=A0ALTQ_BLUE =A0 =A0 =A0 #blue by wu-chang feng options =A0 =A0 =A0 =A0 ALTQ_PRIQ
>>=A0 =A0 =A0 #priority queue
>>=A0options =A0 =A0 =A0 =A0 ALTQ_NOPCC =A0 =A0 =A0#don't use processor cycle
>>=A0counter #options =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0ALTQ_DEBUG =A0 =A0 =A0#for debugging
>>
>>=A0#options =A0 =A0 =A0 =A0IPDIVERT
>>=A0options =A0 =A0 =A0 =A0 IPSTEALTH
>>=A0#options =A0 =A0 =A0 =A0IPFILTER
>>
>>=A0My pf.conf is abot 600 lines, so i will not paste it here. If you
>>=A0request it i can upload it somewhere. Thanks in advance and sorry
>>=A0for every my mistake!
>>
>>=A0_______________________________________________
>>=A0freebsd-pf@freebsd.org mailing list
>>=A0http://lists.freebsd.org/mailman/listinfo/freebsd-pf To
>>=A0unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2004112903935.976191>