From owner-freebsd-questions@FreeBSD.ORG Wed Jun 14 08:21:41 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 601F416A41B for ; Wed, 14 Jun 2006 08:21:41 +0000 (UTC) (envelope-from norgaard@locolomo.org) Received: from strange.daemonsecurity.com (59.Red-81-33-11.staticIP.rima-tde.net [81.33.11.59]) by mx1.FreeBSD.org (Postfix) with ESMTP id DE4F743D48 for ; Wed, 14 Jun 2006 08:21:40 +0000 (GMT) (envelope-from norgaard@locolomo.org) Received: from [192.168.7.193] (68.Red-80-34-55.staticIP.rima-tde.net [80.34.55.68]) by strange.daemonsecurity.com (Postfix) with ESMTP id 228892E064 for ; Wed, 14 Jun 2006 10:21:38 +0200 (CEST) Message-ID: <448FC70A.3050801@locolomo.org> Date: Wed, 14 Jun 2006 10:21:30 +0200 From: Erik Norgaard User-Agent: Thunderbird 1.5.0.4 (Windows/20060516) MIME-Version: 1.0 To: "'freebsd-questions@freebsd.org'" Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Subject: Queueing with pf X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jun 2006 08:21:41 -0000 Hi: I have a network: 54Mbps 100Mbps 320Kbps-> WLAN ------ FBSD w PF ------- DSL --------- Internet <-2Mbps Clearly, any congestion will occur on the DSL-Internet line. I want to enable queueing on the FBSD gateway using PF such that the DSL-Internet connection does not get saturated with questionable traffic such as p2p and to allow free riders limited access without getting sucking up all the bandwidth, something like this: WLAN -> Internet 320Kbps critical 256Kbps pri 1 borrow noncrit 48Kbps pri 2 borrow freeriders 16Kbps pri 3 Internet -> WLAN 2Mbps critical 1.5Mbps pri 1 borrow noncrit 256Kbps pri 2 borrow freeriders 128Kbps pri 3 That is, freeriders should be able to do the most basic task, but since they don't share the costs they should always be lowest priority. Also, I want to make sure that bandwidth intensive protocols such as voip gets through fast. Now, reading the PF manual, queueing only makes sense on traffic going out. Once packets are received there's no point in holding them back. This means that packets from the Internet to some wlan host have consumed their part of the 2Mbps available so there is no point in holding them back. In other words, it seems I need to queue the packets from the wlan to the Internet such as to get the desired result on both upstream and downstream. Any ideas on how to do that? I think I need a better picture of how much goes in each direction for the different protocols, ie. p2p down ~= up, while http down ~= 4*up? Do any one have some thumb rules for this? Secondly: Is it possible to differentiate scp/sftp and ssh such that the later goes in the critical queue while the former goes in the noncritical? Thanks, Erik