From owner-freebsd-pf@FreeBSD.ORG Mon Jun 9 23:00:05 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E85191065670 for ; Mon, 9 Jun 2008 23:00:04 +0000 (UTC) (envelope-from thomas.kinsey@gmail.com) Received: from yw-out-2324.google.com (yw-out-2324.google.com [74.125.46.31]) by mx1.freebsd.org (Postfix) with ESMTP id 9CCF88FC0A for ; Mon, 9 Jun 2008 23:00:04 +0000 (UTC) (envelope-from thomas.kinsey@gmail.com) Received: by yw-out-2324.google.com with SMTP id 9so1184536ywe.13 for ; Mon, 09 Jun 2008 15:59:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:reply-to :to:subject:mime-version:content-type; bh=olgWR3Ni9nxBjIEYvDddjsqdBmnSrW0UV2obeTtzzN8=; b=Azff5GJQt7LkzuE3f3AWo8wyg8xHKxbLiIbc0K+LINUXXC8FI4DOd+j6qsciVJLsF6 QxpXHNWuNJ9pEVfZKxxZ8sn+eZfkYmScPq8O+Wz5/HHPH0Ea7xFtEck6QLH96l4M2wgq Nmwyz2LYzQ8GqPf8Kw0nrSdV8+MITn165yrVI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:reply-to:to:subject:mime-version:content-type; b=KR27jInrjoHAp0+GKlv9bmQ2JJ9ZGsg37naxeuCW2g2OV382WKwAQ3mxjqhk1m9p6h v+0GVGUOrk/ugbWWi6Gy2BlneZWW05sBivCz2TLLBEgimk5tfOuQTptLa4ZumELqB+/O RN60X8ZdaehoIgqKh/Nl6umnVYxc7PMLC7GuM= Received: by 10.150.92.12 with SMTP id p12mr7097733ybb.237.1213050750097; Mon, 09 Jun 2008 15:32:30 -0700 (PDT) Received: by 10.151.82.14 with HTTP; Mon, 9 Jun 2008 15:32:30 -0700 (PDT) Message-ID: <8c29c6720806091532h49ab27c9t101081279e5138af@mail.gmail.com> Date: Mon, 9 Jun 2008 15:32:30 -0700 From: "Thomas Kinsey" To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: prioritizing outbound traffic from internal services X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: thomas.kinsey@pmg-ca.com List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jun 2008 23:00:05 -0000 Hello List, This is my first time, so be gentle. I want to prioritize outbound traffic from an ssh server behind my pf box. My ADSL connection is almost always flooded, so when I connect to the ssh server from work, there is a lot of lag. Connections originating from the lan hit the outbound queue on the external interface, and all goes well, however packets from the externally initiated connection don't seem to be being queued. Is there any way to do this? I googled around a bit and found rules that did something like this: altq on $ext priq bandwidth 350Kb queue { fast, slow } queue fast priority 7 priq(red) queue slow priority 1 priq(default red) And then applied that to an INBOUND filter rule on the same interface, like this: pass in on $ext proto tcp from any to ($ext) port 22 keep state queue fast But that doesn't seem to work for me. Am I doing something wrong here? The box running pf is a soekris net4521, running FreeBSD 6.3-RELEASE. Maybe the older version of pf is relevant? Thanks in advance, TK