Date: Mon, 22 Jan 2007 10:29:29 +1030 From: "Jayel Villamin" <jarthel@gmail.com> To: freebsd-pf@freebsd.org Subject: help with traffic shaping Message-ID: <b2d2a5270701211559m63e33c2bha8ee1d5fc6c94857@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
not sure if this is the right place to ask about this but pf and altq are interconnected so... ==================== I am downloading something via FTP (usings socks5) and HTTP browsing (via squid) at the same time. Web browsing is going slow. I thought I have given HTTP higher priority than socks. So I am under the impression that web browsing should be very responsive. Can some please check my pf.conf? This is my pf.conf. thanks for the help ===================== #copy to /etc ######################################################################### #macros ############################################## #interfaces ext_if = "tun0" sakaki_nic2_if = "fxp1" loopback_if = "lo0" ############################################## sakaki_nic2_if_in_tcp_to_others = "{ gmail_pop3 gmail_smtp chikka 5050 }" tomo_only_voip = "{ 5060, 16384:16482 }" ######################################################################### #Tables table <osaka> persist { 192.168.0.2/32 } table <tomo> persist { 192.168.0.3/32 } ######################################################################### #PF options set limit { frags 20000, states 20000 } set loginterface $ext_if set optimization normal set block-policy drop ######################################################################### #Scrub packets scrub all reassemble tcp fragment reassemble ######################################################################### #ALTQ altq on $ext_if priq bandwidth 82Kb queue { q_default, q_ssh, q_apache, q_udp, q_tcp_ack } queue q_default priq (default) queue q_ssh priority 3 priq(red) queue q_apache priority 5 queue q_udp priority 12 queue q_tcp_ack priority 14 altq on $sakaki_nic2_if cbq bandwidth 100% queue { q2_out, q2_local } queue q2_out bandwidth 452Kb { q2_out_socks, q2_out_default, q2_out_squid } queue q2_out_socks bandwidth 148Kb priority 1 cbq (borrow) queue q2_out_default bandwidth 41Kb priority 4 cbq (default borrow) queue q2_out_squid bandwidth 263Kb priority 7 cbq (borrow) queue q2_local bandwidth 97% cbq (red borrow) ######################################################################### #NAT #pass in quick on $ext_if inet proto udp from any port voip_proxy to <tomo> keep state queue q_udp nat on $ext_if from $sakaki_nic2_if:network to any -> ($ext_if) ######################################################################### #Redirection #rdr on $ext_if proto udp from any port voip_proxy -> <tomo> rdr on $ext_if proto { tcp udp } from any to ($ext_if) port bittorrent -> <osaka> ######################################################################### #Packet filtering ############################################## #Default block block log all ############################################## #Outbound rules for ext_if pass out quick on $ext_if inet proto udp all keep state queue q_udp pass out quick on $ext_if inet proto tcp all keep state queue (q_default_out, q_tcp_ack) pass out quick on $ext_if inet proto icmp all keep state #Inbound rules for ext_if pass in quick on $ext_if inet proto tcp from any to ($ext_if) port apache_squid flags S/SA keep state queue q_apache pass in quick on $ext_if inet proto tcp from any to ($ext_if) port ssh flags S/SA keep state queue (q_default, q_ssh) pass in quick on $ext_if inet proto tcp from any to ($ext_if) port ident flags S/SA keep state queue (q_default, q_tcp_ack) pass in quick on $ext_if inet proto tcp from any port squid to any queue (q_default_out, q_tcp_ack_out) #for the redirect rules above pass in quick on $ext_if inet proto { tcp udp} from any to <osaka> port bittorrent flags S/SA keep state queue q_default ############################################## #Inbound rules for sakaki_nic2_if pass in quick on $sakaki_nic2_if proto udp from $sakaki_nic2_if:network to ($sakaki_nic2_if) keep state queue q2_local pass in quick on $sakaki_nic2_if proto tcp from $sakaki_nic2_if:network to ($sakaki_nic2_if) flags S/SA keep state queue q2_local pass in quick on $sakaki_nic2_if proto tcp from $sakaki_nic2_if:network to ($sakaki_nic2_if) port socks flags S/SA keep state queue q2_out_socks pass in quick on $sakaki_nic2_if proto tcp from $sakaki_nic2_if:network to ($sakaki_nic2_if) port squid flags S/SA keep state queue q2_out_squid pass in quick on $sakaki_nic2_if proto tcp from $sakaki_nic2_if:network to any port $sakaki_nic2_if_in_tcp_to_others flags S/SA keep state queue q2_out_default #Outbound rules for sakaki_nic2_if pass out quick on $sakaki_nic2_if all keep state queue q2_local ############################################## #Allow loopback connections pass quick on $loopback_if all ############################################## #Antispoof all interfaces antispoof log quick for { $ext_if, $sakaki_nic2_if }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b2d2a5270701211559m63e33c2bha8ee1d5fc6c94857>