Date: Sat, 9 Sep 2006 12:59:52 +0200 From: Max Laier <max@love2party.net> To: freebsd-pf@freebsd.org Subject: Re: Bug or other packet processing or misconfiguration error in FreeBSD. Message-ID: <200609091300.07082.max@love2party.net> In-Reply-To: <62217.213.197.161.67.1157796343.squirrel@mail.topocentras.lt> References: <62217.213.197.161.67.1157796343.squirrel@mail.topocentras.lt>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart4276749.krbKPyXChp
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
On Saturday 09 September 2006 12:05, Albertas Guscius wrote:
> Bug or other packet processing or misconfiguration error in FreeBSD.
>
> Hello folks,
>
> I'm trying the same pf configuration on FreeBSD and OpenBSD, but
> results are different. The problem is that all outgoing traffic goes to
> default queue ignoring quick pass rules. I can't shape outgoing traffic
> on FreeBSD due to unknown problem. It looks like problem is bescause of
> after NAT rules are not processed. With OpenBSD everything works fine.
> I tested it on FreeBSD_6_1, 5_5 and OpenBSD_3_9.
> Does anyone have any advice?
>
> Sincerely Yours,
> Albertas
>
>
> pf.conf:
>
> ext_if=3D"rl0"
> int_if=3D"rl1"
> internal_net=3D"10.0.10.0/24"
>
> external_addr=3D"192.168.0.22"
> internal_addr=3D"10.0.10.1"
>
> altq on $ext_if hfsc bandwidth 10Mb queue { ip_out, local_out }
> queue ip_out bandwidth 1Mb hfsc (upperlimit 6Mb)
> queue local_out bandwidth 1Mb hfsc (default upperlimit 6Mb)
>
> altq on $int_if hfsc bandwidth 10Mb queue { ip_in, local_in }
> queue ip_in bandwidth 1Mb hfsc (upperlimit 6Mb)
> queue local_in bandwidth 1Mb hfsc (default upperlimit 6Mb)
>
> nat on $ext_if from $internal_net to any -> $external_addr
>
> pass out quick on $ext_if from any to any queue ip_out
> pass out quick on $int_if from any to any queue ip_in
>
> pass in all
> pass out all
>
> #in FreeBSD6.1 all traffic goes through local_out, in OpenBSD3.9 all
> traffic goes through ip_out.
Can you provide "pfctl -vvsr" and "pfctl -vsq" after some traffic has been=
=20
generated? Can you also share details about your setup? Most=20
interestingly: Does the traffic destined to $ext_if pass through userland=20
ppp, or the like, before hitting rl0?
=2D-=20
/"\ Best regards, | mlaier@freebsd.org
\ / Max Laier | ICQ #67774661
X http://pf4freebsd.love2party.net/ | mlaier@EFnet
/ \ ASCII Ribbon Campaign | Against HTML Mail and News
--nextPart4276749.krbKPyXChp
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (FreeBSD)
iD8DBQBFAp63XyyEoT62BG0RAni8AJ9dorENtilexUI3FoTMxAxoP6qxvgCeNF62
hQgdHMY0vPMSZLQRtPhHx58=
=NYgg
-----END PGP SIGNATURE-----
--nextPart4276749.krbKPyXChp--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200609091300.07082.max>