Date: Mon, 22 Jan 2007 17:08:17 +0300 From: =?koi8-r?Q?=F7=CC=C1=C4=C9=CD=C9=D2_=EB=C1=D0=D5=D3=D4=C9=CE?= <msgs_for_me@mail.ru> To: freebsd-pf@freebsd.org Subject: PF+ALTQ - how not to share bandwidth Message-ID: <E1H8zqL-000Ao5-00.msgs_for_me-mail-ru@f98.mail.ru>
next in thread | raw e-mail | index | archive | help
Hi all! I want to make a list of rules for my localnet gateway and I desided to choose a PF to use its tables so as not to generate so many rules, equal to the number of users. There is the part of my pfctl -s all output: TRANSLATION RULES: nat on xl0 inet from <not_shape> to any -> 192.168.1.21 nat on xl0 inet from <shape_64> to any -> 192.168.1.21 nat on xl0 inet from <shape_128> to any -> 192.168.1.21 nat on xl0 inet from <shape_256> to any -> 192.168.1.21 FILTER RULES: anchor "real_ip" all block drop on xl0 all block drop on rl0 all pass quick on lo0 all pass inet from any to 192.168.0.2 queue shape_256_in pass inet from any to 192.168.0.3 queue shape_256_in pass inet from 192.168.0.2 to any queue shape_256_out pass inet from 192.168.0.3 to any queue shape_256_out pass quick inet from 192.168.1.21 to any pass quick inet from any to 192.168.1.21 pass in quick on rl0 inet proto tcp from <admins> to 192.168.1.21 pass in quick on rl0 inet proto udp from <admins> to 192.168.1.21 pass out quick on rl0 inet proto tcp from 192.168.1.21 to <admins> pass out quick on rl0 inet proto udp from 192.168.1.21 to <admins> ALTQ: queue root_xl0 bandwidth 20Mb priority 0 cbq( wrr root ) {not_shape_out, shape_64_out, shape_128_out, shape_256_out} queue not_shape_out bandwidth 64Kb cbq( borrow default ) queue shape_64_out bandwidth 64Kb queue shape_128_out bandwidth 128Kb queue shape_256_out bandwidth 256Kb queue root_rl0 bandwidth 20Mb priority 0 cbq( wrr root ) {not_shape_in, shape_64_in, shape_128_in, shape_256_in} queue not_shape_in bandwidth 64Kb cbq( borrow default ) queue shape_64_in bandwidth 64Kb queue shape_128_in bandwidth 128Kb queue shape_256_in bandwidth 256Kb TABLES: admins not_shape shape_128 shape_256 shape_64 I must say that this is a test configuration and IP 192.168.1.21 is the prototype of my future real Internet IP. The question is: My two local IPs { 192.168.0.2, 192.168.0.3 } share the same internet channel, but I want them to have the same bandwidth (equal to the queue). What is the way to use the minimal number of rules and tables (as many as tariffs) and then to apply these rules to all the users in the tables accordingly to the contents of the tables? here is the part of my test pf.conf : ext_if = "xl0" int_if = "rl0" LAN_IP = "192.168.0.1" WAN_IP = "192.168.1.21" table <admins> file "/pf/admins" table <not_shape> file "/pf/not_shape" table <shape_64> file "/pf/shape_64" table <shape_128> file "/pf/shape_128" table <shape_256> file "/pf/shape_256" ## ## QUEUEING ## altq on $ext_if cbq bandwidth 20Mb queue { not_shape_out, shape_64_out, shape_128_out, shape_256_out } queue not_shape_out bandwidth 64Kb cbq(default borrow) queue shape_64_out bandwidth 64Kb queue shape_128_out bandwidth 128Kb queue shape_256_out bandwidth 256Kb altq on $int_if cbq bandwidth 20Mb queue { not_shape_in, shape_64_in, shape_128_in, shape_256_in } queue not_shape_in bandwidth 64Kb cbq(default borrow) queue shape_64_in bandwidth 64Kb queue shape_128_in bandwidth 128Kb queue shape_256_in bandwidth 256Kb ## ## NAT ## nat on $ext_if from { <not_shape>, <shape_64>, <shape_128>, <shape_256> } to any -> 192.168.1.21 anchor real_ip ## ## Default DENY policy ## block on { $ext_if, $int_if } all ## ## Pass loopback ## pass quick on lo0 all ## ## Test rules ## pass quick from 192.168.1.110 to any pass quick from any to 192.168.1.110 pass from any to { 192.168.0.2 192.168.0.3 } queue shape_256_in pass from { 192.168.0.2 192.168.0.3 } to any queue shape_256_out pass quick from 192.168.1.21 to any pass quick from any to 192.168.1.21
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1H8zqL-000Ao5-00.msgs_for_me-mail-ru>