From owner-freebsd-pf@FreeBSD.ORG  Thu Dec  1 00:14:25 2005
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7E4D616A422
	for <freebsd-pf@freebsd.org>; Thu,  1 Dec 2005 00:14:25 +0000 (GMT)
	(envelope-from jsimola@gmail.com)
Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.196])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 67D4A43D53
	for <freebsd-pf@freebsd.org>; Thu,  1 Dec 2005 00:14:24 +0000 (GMT)
	(envelope-from jsimola@gmail.com)
Received: by zproxy.gmail.com with SMTP id i11so129710nzh
	for <freebsd-pf@freebsd.org>; Wed, 30 Nov 2005 16:14:23 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com;
	h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	b=Yd6wLJ9+6or7ggdqyW+WS8abezkdy+3ehRNWGoPrQEfLr2HFsVIIv3yFhILQ9PnWA1fGmpbo2j8VwTdPEgJFcTonJVWOmxRJPS01vV91ViZGca8Ake8b/TaSXWmoN6u/AYebBRKD2nrtTMSNh3L1PlR5hFFAxGmQrNusfaCzkWs=
Received: by 10.65.123.16 with SMTP id a16mr548438qbn;
	Wed, 30 Nov 2005 16:14:23 -0800 (PST)
Received: by 10.65.150.7 with HTTP; Wed, 30 Nov 2005 16:14:23 -0800 (PST)
Message-ID: <8eea04080511301614t65037325h44106d2336f7a9f8@mail.gmail.com>
Date: Wed, 30 Nov 2005 16:14:23 -0800
From: Jon Simola <jon@abccomm.com>
Sender: jsimola@gmail.com
To: Marcelo Celleri <marceloc@espoltel.net>
In-Reply-To: <200511302355.jAUNtHlH019276@jupiter.espoltel.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
References: <200511302337.jAUNbflH017010@jupiter.espoltel.net>
	<200511302355.jAUNtHlH019276@jupiter.espoltel.net>
Cc: freebsd-pf@freebsd.org
Subject: Re: PF + ALTQ... help please!!
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Dec 2005 00:14:25 -0000

On 11/30/05, Marcelo Celleri <marceloc@espoltel.net> wrote:

> int_if=3D"em1"
>
> altq on $int_if bandwidth 100Mb cbq queue { std, uees, lnaval, marcelo, .=
.. }
> queue std bandwidth 10.0Mb cbq(default)
> #Then for each one of the subqueues:
> queue marcelo bandwidth 128Kb cbq { gold, silver, default }
>         queue gold bandwidth 70% priority 3 cbq(borrow red)
>         queue silver bandwidth 20% priority 2 cbq(borrow red)
>         queue default bandwidth 10% cbq(borrow)

> #These are the rules:
>
> pass in on $int_if from any to xxx.xxx.xxx.xxx keep state queue default
> pass in on $int_if proto { tcp } from any port { 25,110 } to xxx.xxx.xxx.=
xxx
> keep state queue silver
> pass in on $int_if proto { tcp } from any port { 22,53,80,443  } to
> xxx.xxx.xxx.xxx keep state queue gold

You cannot duplicate the gold/silver/default queue names, just in case
you're doing that.
The other problem is that you're trying to queue on an inbound interface.

Going back to my example:
# External interface -> OC3
altq on em0 cbq bandwidth 100Mb queue { default_ext, throttle_ext }
queue default_ext bandwidth 40Mb qlimit 1000 priority 5 cbq(default red ecn=
)
queue throttle_ext bandwidth 64Kb priority 1 cbq(red ecn)

# Internal interface -> LAN clients
altq on em1 cbq bandwidth 100Mb queue { default_int, throttle_int }
queue default_int bandwidth 40Mb qlimit 1000 priority 5 cbq(default red ecn=
)
queue throttle_int bandwidth 64Kb priority 1 cbq(red ecn)

The queueing rule for this is:
pass out on em0 from <throttled_ips> to any queue throttle_ext

Or you can specify a queue on the outbound interface (em0) with a rule
on the inbound (em1), for a basically similar effect:
pass in on em1 from <throttled_ips> to any queue throttle_ext

Hope that helps a bit.

--
Jon Simola
Systems Administrator
ABC Communications