Date: Tue, 14 Dec 2004 22:59:26 +1100 From: "Miki Shapiro" <aris@pharoe.com> To: <freebsd-pf@freebsd.org> Subject: Question on capabilities of ALTQ and HFSC Message-ID: <200412141157.iBEBvJA8040238@pharoe.com>
next in thread | raw e-mail | index | archive | help
Hi all I'm using FreeBSD 5.3 Release, with a kernel recompiled to support ALTQ and HFSC After playing for a while with pf and packetshaping using the HFSC queue implementation, I'm still at a loss on whether this is possible or not: The FreeBSD box serves as a router for a small natt'ed LAN, with a proprietary protocol running bulk data in both directions, alongside regular traffic. The internet connection is asymmetric - bigger downlink than uplink. I wish to regulate (limit) the upstream traffic of the bulk-data connection as it hurts other traffic when it peaks. Since I queue traffic using the firewall rules in pf, queueing a stateful rule (keep state) affects incoming packets as well as outgoing packets that run along the session allowed by this rule. I believe specifying the interface on the queue definition (altq on $ext_if .) was meant to prevent this, but the application responsible for the traffic runs in a jail on the machine itself, whose IP is aliased to the internal interface, but since the arriving packets never actually go out on the (internal) wire, the "interface" of both incoming and outgoing packets stays the external one as far as the queue is concerned, thus putting both incoming and outgoing packets in the queue. mrtg shows both uplink and downlink choked at the bandwidth I attempted to impose on the bulk uplink traffic. Furthermore, allowing freeflow in both directions, grabbing the incoming traffic with a non-stateful rule and queueing it apparently solves the problem (not that I'd call an wide-open firewall a solution) My queues are apparently defined correctly and otherwise work great, it is only a matter of removing the unwanted limitation of inbound traffic. Is this at all possible? Miki
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200412141157.iBEBvJA8040238>