From owner-freebsd-pf@FreeBSD.ORG Sun Oct 16 19:35:25 2005 Return-Path: X-Original-To: freebsd-pf@FreeBSD.org Delivered-To: freebsd-pf@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4A07216A41F; Sun, 16 Oct 2005 19:35:25 +0000 (GMT) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (cell.sick.ru [217.72.144.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8D58243D49; Sun, 16 Oct 2005 19:35:24 +0000 (GMT) (envelope-from glebius@FreeBSD.org) Received: from cell.sick.ru (glebius@localhost [127.0.0.1]) by cell.sick.ru (8.13.3/8.13.3) with ESMTP id j9GJZJug048643 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 16 Oct 2005 23:35:19 +0400 (MSD) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.sick.ru (8.13.3/8.13.1/Submit) id j9GJZIEa048642; Sun, 16 Oct 2005 23:35:18 +0400 (MSD) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.sick.ru: glebius set sender to glebius@FreeBSD.org using -f Date: Sun, 16 Oct 2005 23:35:18 +0400 From: Gleb Smirnoff To: Bruno Afonso Message-ID: <20051016193518.GH14542@cell.sick.ru> References: <20051015142431.GC14542@cell.sick.ru> <200510151639.51156.max@love2party.net> <20051016155942.GG14542@cell.sick.ru> <435296B4.50006@dequim.ist.utl.pt> Mime-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <435296B4.50006@dequim.ist.utl.pt> User-Agent: Mutt/1.5.6i Cc: freebsd-pf@FreeBSD.org, Brian Fundakowski Feldman Subject: Re: ALTQ and PPP access concentrator X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Oct 2005 19:35:25 -0000 Bruno, On Sun, Oct 16, 2005 at 02:06:44PM -0400, Bruno Afonso wrote: B> I've been recently "invited" (I mean, I was the only guy they knew that B> had fbsd experience :> ) to setup a pppoe server for a 20+ user base of B> wifi users. basically, we're using pppoe server from freebsd and a B> radius server for user authentication. B> B> there's a document explaining how to do this using ipfw and this uses B> ppp.linkup and ppp.linkdown to invoke scripts. Things get harder with pf B> + altq (I'm using cbq on tunX interfaces and hfsc on outgoing - read B> upload - interface). The way I've set it up was to create a script that B> reads a file that has listed all users on each interface and it B> generates the pf.conf. This was the only way I found to generate altq B> setup lines for each tunX interface. B> B> In a perfect world, one would do: B> B> altq on tun* ... B> B> This could for example be the DEFAULT altq setup instead a user would B> explicitly use B> B> altq on tun0 .. B> B> B> Having said this, it wouldn't help my setup too much since we have 3 to B> 4 classes of users and each has different bw priviledges so we always B> need to have a script... :-) Ideal solution would be when ALTQ (and probably pf) configuration is not changed in one commit, but altered on per interface basis. This will allow us to change only one users traffic bandwidth configuration, without resetting bandwidth settings on all other interfaces. And this is required if we want to store bandwidth parameters in RADIUS. P.S. Please, don't top quote. -- Totus tuus, Glebius. GLEBIUS-RIPN GLEB-RIPE