From owner-freebsd-pf@FreeBSD.ORG Mon Jan 30 13:31:29 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DF39616A420 for ; Mon, 30 Jan 2006 13:31:28 +0000 (GMT) (envelope-from roma.a.g@gmail.com) Received: from uproxy.gmail.com (uproxy.gmail.com [66.249.92.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id 294B643D46 for ; Mon, 30 Jan 2006 13:31:27 +0000 (GMT) (envelope-from roma.a.g@gmail.com) Received: by uproxy.gmail.com with SMTP id m3so723978ugc for ; Mon, 30 Jan 2006 05:31:26 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:date:from:x-mailer:reply-to:organization:x-priority:message-id:to:cc:subject:in-reply-to:references:mime-version:content-type:content-transfer-encoding; b=kBGlE5MUVYUFLEClkEBk/JggoGWSA4tMK8F7RNUxUi5hKcHnU/uCHksOGuOGeZzpifxsU5b0T7QBukMO3GxocBCCstWYkRCODPGG+EtPDZcDdNnoLCgdb6T0pbLdPgmzCeengMgJcHOCE6B7pLFieGdM9syAph8uipG8qO114vE= Received: by 10.66.219.19 with SMTP id r19mr2648161ugg; Mon, 30 Jan 2006 05:31:26 -0800 (PST) Received: from pridep3.ad.office.acropolis.ru ( [81.211.90.3]) by mx.gmail.com with ESMTP id m1sm1927754uge.2006.01.30.05.31.19; Mon, 30 Jan 2006 05:31:20 -0800 (PST) Date: Mon, 30 Jan 2006 16:32:36 +0300 From: "Roman Gorohov. " X-Mailer: The Bat! (v3.62.14) Professional Organization: Acropolis X-Priority: 3 (Normal) Message-ID: <1115316351.20060130163236@gmail.com> To: Admin Indoglobalhost In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-pf@freebsd.org Subject: Re: pf altq on bge X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: "roma.a.g" List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jan 2006 13:31:29 -0000 =C7=E4=F0=E0=E2=F1=F2=E2=F3=E9=F2=E5, Admin. =C2=FB =EF=E8=F1=E0=EB=E8 30 ?????? 2006 ?., 16:02:30: > Hi I have some problems with FreeBSD 5.4 Stable using pf and altq > This my kernconf > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > machine i386 > cpu I686_CPU > ident JOSS > maxusers 512 > # To statically compile in device wiring instead of /boot/device.hints > #hints "GENERIC.hints" # Default places to look for devi= ces. > options SCHED_4BSD # 4BSD scheduler > options INET # InterNETworking > ##options INET6 # IPv6 communications protocols > options FFS # Berkeley Fast Filesystem > options SOFTUPDATES # Enable FFS soft updates support > options UFS_ACL # Support for access control lists > options UFS_DIRHASH # Improve performance on big dire= ctories > options MD_ROOT # MD is a potential root device > options CD9660 # ISO 9660 Filesystem > options PROCFS # Process filesystem (requires PS= EUDOFS) > options PSEUDOFS # Pseudo-filesystem framework > options GEOM_GPT # GUID Partition Tables. > options COMPAT_43 # Compatible with BSD 4.3 [KEEP T= HIS!] > options COMPAT_FREEBSD4 # Compatible with FreeBSD4 > options KTRACE # ktrace(1) support > options SYSVSHM # SYSV-style shared memory > options SYSVMSG # SYSV-style message queues > options SYSVSEM # SYSV-style semaphores > options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time > extensions > options KBD_INSTALL_CDEV # install a CDEV entry in /dev > options AHC_REG_PRETTY_PRINT # Print register bitfields in deb= ug > # output. Adds ~128k to driver. > options AHD_REG_PRETTY_PRINT # Print register bitfields in deb= ug > # output. Adds ~215k to driver. > options ADAPTIVE_GIANT # Giant mutex is adaptive. > device apic # I/O APIC > # Bus support. Do not remove isa, even if you have no isa slots > device isa > device eisa > device pci > # ATA and ATAPI devices > device ata > device atadisk # ATA disk drives > device atapicd # ATAPI CDROM drives > options ATA_STATIC_ID # Static device numbering > # atkbdc0 controls both the keyboard and the PS/2 mouse > device atkbdc # AT keyboard controller > device atkbd # AT keyboard > device vga # VGA video card driver > device splash # Splash screen and screen saver support > # syscons is the default console driver, resembling an SCO console > device sc > device agp # support several AGP chipsets > # Floating point support - do not disable. > device npx > # Add suspend/resume support for the i8254. > device pmtimer > # Serial (COM) ports > device sio # 8250, 16[45]50 based serial ports > # PCI Ethernet NICs that use the common MII bus controller code. > # NOTE: Be sure to keep the 'device miibus' line in order to use these NI= Cs! > device miibus # MII bus support > device bge # Broadcom BCM570xx Gigabit Ethernet > # Pseudo devices. > device loop # Network loopback > device mem # Memory and kernel memory devices > device io # I/O device > device random # Entropy device > device ether # Ethernet support > device tun # Packet tunnel. > device pty # Pseudo-ttys (telnet etc) > device md # Memory "disks" > ##device gif # IPv6 and IPv4 tunneling > ##device faith # IPv6-to-IPv4 relaying (translation) > # The `bpf' device enables the Berkeley Packet Filter. > # Be aware of the administrative consequences of enabling this! > # Note that 'bpf' is required for DHCP. > device bpf # Berkeley packet filter > # SMP > options SMP > # snooop > device snp > ## PF > device pf > device pflog > device pfsync > options ALTQ > options ALTQ_CBQ > options ALTQ_RED > options ALTQ_RIO > options ALTQ_HFSC > options ALTQ_PRIQ > options QUOTA > pf.conf + altq config > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > ## set macros > ext_if=3D"bge0" > main_ip=3D"xx.xx.xx" < i remove :) > http_ports=3D"{ 43, 80 }" > sec_ports=3D"{ 22 }" > tcp_serv=3D"{ 20, 21, 25, 53 }" > dns_ports=3D"{ 43, 53, 123 }" > irc_ports=3D"{ 113, 2000 >< 8005, 8300 >< 9000, 30000 >< 40000 }" > icmp_t=3D"echoreq" tracert=3D"33434 >>< 33450" > ## main set options > set timeout { frag 30, interval 10 } > set limit { frags 5000, states 3000 } > set loginterface $ext_if > set block-policy drop > set optimization normal > scrub in all > ## QUEUES - ALTQ rules > altq on bge0 cbq bandwidth 100Mb queue { q_all } > queue q_all bandwidth 100% cbq { q_def, q_pri, q_misc, q_web, q_dns, q_ir= c } > queue q_def bandwidth 25% priority 1 cbq(borrow default red ecn) > queue q_misc bandwidth 10% priority 0 cbq(red) > queue q_web bandwidth 15% priority 4 cbq(borrow) > queue q_dns bandwidth 25% priority 5 cbq(borrow) > queue q_irc bandwidth 25% priority 6 cbq(borrow) > queue q_pri priority 7 > ## Default Block > block in all > block out all > #=3D- Table > table persist file "/etc/pftable/spoof.conf" > table persist file "/etc/pftable/ddos.conf" > table persist file "/etc/pftable/servindo.conf" > table persist file "/etc/pftable/bfd.conf" > table persist file "/etc/pftable/int.conf" > table persist file "/etc/pftable/joss.conf" > block in quick on $ext_if from { , , , , }= to any > pass quick on lo0 all > pass inet proto icmp from to any icmp-type $icmp_t keep state > queue q_misc > pass out quick proto udp from any to any port $tracert keep state queue q= _def > pass quick proto tcp from any to any port $tcp_serv keep state queue q_def > pass in quick proto tcp from to any port 22 keep state > pass quick proto tcp from any to any port $sec_ports keep state queue q_p= ri > pass quick proto udp from any to any port $dns_ports keep state queue q_d= ns > pass out quick proto { tcp, udp } from to any port { 161, 162 } > keep state queue q_dns > pass in quick proto tcp from any to $main_ip port $http_ports flags > S/SA synproxy state queue q_web > pass out quick proto tcp from $main_ip to any port $http_ports keep > state queue q_web > pass quick proto tcp from any to any port $irc_ports keep state queue q_i= rc > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > i try to load the configuration conf, > # pfctl -f /etc/pf.conf.altq > pfctl: bge0: driver does not support altq > any one can help me to resolv this problem. > Nb: no error messege if the altq disabled. > Thank's > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" ALTQ doen not support device bge on 5.4. It does on 6.0. --=20 Roman Gorohov.