From owner-freebsd-pf@FreeBSD.ORG Mon Jan 22 00:27:53 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0105A16A400 for ; Mon, 22 Jan 2007 00:27:53 +0000 (UTC) (envelope-from jarthel@gmail.com) Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.236]) by mx1.freebsd.org (Postfix) with ESMTP id A8F7F13C428 for ; Mon, 22 Jan 2007 00:27:52 +0000 (UTC) (envelope-from jarthel@gmail.com) Received: by wx-out-0506.google.com with SMTP id s18so1126858wxc for ; Sun, 21 Jan 2007 16:27:52 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=KVGVKZvS8wDWONNjvX78W0T4conkj5QhBa3yrmYXm9D4tKoEKdwpDs/ySmU0HHXnp6fn/a7urHCSce921KuuJJiLbeiF1jq+mfAfmI1Y0LQNJPP/BhLOQd57SAg4B+3VnAKAjgiDzyO4Hgf1gL8Fk57k/cKFNayvgjdMq/iTBzE= Received: by 10.70.21.4 with SMTP id 4mr9472733wxu.1169423969594; Sun, 21 Jan 2007 15:59:29 -0800 (PST) Received: by 10.70.37.20 with HTTP; Sun, 21 Jan 2007 15:59:29 -0800 (PST) Message-ID: Date: Mon, 22 Jan 2007 10:29:29 +1030 From: "Jayel Villamin" To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: help with traffic shaping X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Jan 2007 00:27:53 -0000 not sure if this is the right place to ask about this but pf and altq are interconnected so... ==================== I am downloading something via FTP (usings socks5) and HTTP browsing (via squid) at the same time. Web browsing is going slow. I thought I have given HTTP higher priority than socks. So I am under the impression that web browsing should be very responsive. Can some please check my pf.conf? This is my pf.conf. thanks for the help ===================== #copy to /etc ######################################################################### #macros ############################################## #interfaces ext_if = "tun0" sakaki_nic2_if = "fxp1" loopback_if = "lo0" ############################################## sakaki_nic2_if_in_tcp_to_others = "{ gmail_pop3 gmail_smtp chikka 5050 }" tomo_only_voip = "{ 5060, 16384:16482 }" ######################################################################### #Tables table persist { 192.168.0.2/32 } table persist { 192.168.0.3/32 } ######################################################################### #PF options set limit { frags 20000, states 20000 } set loginterface $ext_if set optimization normal set block-policy drop ######################################################################### #Scrub packets scrub all reassemble tcp fragment reassemble ######################################################################### #ALTQ altq on $ext_if priq bandwidth 82Kb queue { q_default, q_ssh, q_apache, q_udp, q_tcp_ack } queue q_default priq (default) queue q_ssh priority 3 priq(red) queue q_apache priority 5 queue q_udp priority 12 queue q_tcp_ack priority 14 altq on $sakaki_nic2_if cbq bandwidth 100% queue { q2_out, q2_local } queue q2_out bandwidth 452Kb { q2_out_socks, q2_out_default, q2_out_squid } queue q2_out_socks bandwidth 148Kb priority 1 cbq (borrow) queue q2_out_default bandwidth 41Kb priority 4 cbq (default borrow) queue q2_out_squid bandwidth 263Kb priority 7 cbq (borrow) queue q2_local bandwidth 97% cbq (red borrow) ######################################################################### #NAT #pass in quick on $ext_if inet proto udp from any port voip_proxy to keep state queue q_udp nat on $ext_if from $sakaki_nic2_if:network to any -> ($ext_if) ######################################################################### #Redirection #rdr on $ext_if proto udp from any port voip_proxy -> rdr on $ext_if proto { tcp udp } from any to ($ext_if) port bittorrent -> ######################################################################### #Packet filtering ############################################## #Default block block log all ############################################## #Outbound rules for ext_if pass out quick on $ext_if inet proto udp all keep state queue q_udp pass out quick on $ext_if inet proto tcp all keep state queue (q_default_out, q_tcp_ack) pass out quick on $ext_if inet proto icmp all keep state #Inbound rules for ext_if pass in quick on $ext_if inet proto tcp from any to ($ext_if) port apache_squid flags S/SA keep state queue q_apache pass in quick on $ext_if inet proto tcp from any to ($ext_if) port ssh flags S/SA keep state queue (q_default, q_ssh) pass in quick on $ext_if inet proto tcp from any to ($ext_if) port ident flags S/SA keep state queue (q_default, q_tcp_ack) pass in quick on $ext_if inet proto tcp from any port squid to any queue (q_default_out, q_tcp_ack_out) #for the redirect rules above pass in quick on $ext_if inet proto { tcp udp} from any to port bittorrent flags S/SA keep state queue q_default ############################################## #Inbound rules for sakaki_nic2_if pass in quick on $sakaki_nic2_if proto udp from $sakaki_nic2_if:network to ($sakaki_nic2_if) keep state queue q2_local pass in quick on $sakaki_nic2_if proto tcp from $sakaki_nic2_if:network to ($sakaki_nic2_if) flags S/SA keep state queue q2_local pass in quick on $sakaki_nic2_if proto tcp from $sakaki_nic2_if:network to ($sakaki_nic2_if) port socks flags S/SA keep state queue q2_out_socks pass in quick on $sakaki_nic2_if proto tcp from $sakaki_nic2_if:network to ($sakaki_nic2_if) port squid flags S/SA keep state queue q2_out_squid pass in quick on $sakaki_nic2_if proto tcp from $sakaki_nic2_if:network to any port $sakaki_nic2_if_in_tcp_to_others flags S/SA keep state queue q2_out_default #Outbound rules for sakaki_nic2_if pass out quick on $sakaki_nic2_if all keep state queue q2_local ############################################## #Allow loopback connections pass quick on $loopback_if all ############################################## #Antispoof all interfaces antispoof log quick for { $ext_if, $sakaki_nic2_if }