From owner-freebsd-isp@FreeBSD.ORG  Tue Jun 14 21:34:12 2005
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
X-Original-To: freebsd-isp@freebsd.org
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CB7B416A41C
	for <freebsd-isp@freebsd.org>; Tue, 14 Jun 2005 21:34:12 +0000 (GMT)
	(envelope-from krzychk2@o2.pl)
Received: from poczta.o2.pl (mx.go2.pl [193.17.41.41])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5676543D49;
	Tue, 14 Jun 2005 21:34:11 +0000 (GMT) (envelope-from krzychk2@o2.pl)
Received: from localhost (staticline3210.toya.net.pl [217.113.238.94])
	by poczta.o2.pl (Postfix) with ESMTP id D5A521376CE;
	Tue, 14 Jun 2005 23:34:09 +0200 (CEST)
Date: Tue, 14 Jun 2005 23:34:06 +0200
From: KrzychK2 <krzychk2@o2.pl>
X-Mailer: The Bat! (v3.0) Professional
X-Priority: 3 (Normal)
Message-ID: <1308802311.20050614233406@o2.pl>
To: freebsd-isp@freebsd.org, freebsd-devel@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: 
Subject: PF strange problem
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: KrzychK2 <krzychk2@o2.pl>
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jun 2005 21:34:13 -0000

Hello freebsd-isp!

I have a strange problem with pf on freebsd.

Here it is my config:

ext_if="xl0"
int_if="xl1"
internal_net="192.168.3.0/24"
external_addr="217.153.198.65"
icmp_types = "echoreq"

set optimization normal
set block-policy drop
set fingerprints "/etc/pf.os"

scrub in all

altq on $ext_if bandwidth 6218Kb cbq queue { OUT_to_net, external }
altq on $int_if bandwidth 11957Kb cbq queue { IN_from_net, internal }

queue external bandwidth 10% cbq(default)
queue internal bandwidth 10% cbq(default)

queue OUT_to_net bandwidth 6218Kb cbq{326_out, 3216_out, 349_out,
320_out, 321_o... }
    queue 326_out bandwidth 128Kb cbq(red)
    queue 3216_out bandwidth 128Kb cbq(red)
    queue 349_out bandwidth 128Kb cbq(red)
    queue 320_out bandwidth 384Kb cbq(red)
    queue 321_out bandwidth 50Kb cbq(red)
    queue 322_out bandwidth 128Kb cbq(red)
    queue 323_out bandwidth 128Kb cbq(red)
    queue 19866_out bandwidth 256Kb cbq(red)
    .
    .
    .
queue IN_from_net bandwidth 11957Kb cbq{326_in, 3216_in, 349_in,
320_in, 321_in...}
    queue 326_in bandwidth 256Kb cbq(red)
    queue 3216_in bandwidth 256Kb cbq(red)
    queue 349_in bandwidth 256Kb cbq(red)
    queue 320_in bandwidth 384Kb cbq(red)
    queue 321_in bandwidth 256Kb cbq(red)
    queue 322_in bandwidth 265Kb cbq(red)
    queue 323_in bandwidth 256Kb cbq(red)
    queue 19866_in bandwidth 220Kb cbq(red)
    .
    .
    .
and so on with queues

nat on $ext_if from $internal_net to any -> $external_addr


block on {$int_if, $ext_if} all
pass quick on lo0 all

pass in quick on $ext_if proto tcp from any to $ext_if port 22 keep state
pass in quick on $int_if proto tcp from any to $int_if port 22 keep state

pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state

pass in inet proto icmp all icmp-type $icmp_types keep state

pass in quick on $int_if  from 192.168.3.26 to any queue 326_in
pass out quick on $int_if  from any to 192.168.3.26 queue 326_out
pass in quick on $int_if  from 192.168.3.216 to any queue 3216_in
pass out quick on $int_if  from any to 192.168.3.216 queue 3216_out
pass in quick on $int_if  from 192.168.3.49 to any queue 349_in
pass out quick on $int_if  from any to 192.168.3.49 queue 349_out
pass in quick on $int_if  from 192.168.3.20 to any queue 320_in
pass out quick on $int_if  from any to 192.168.3.20 queue 320_out
pass in quick on $int_if  from 192.168.3.21 to any queue 321_in
pass out quick on $int_if  from any to 192.168.3.21 queue 321_out
pass in quick on $int_if  from 192.168.3.22 to any queue 322_in
pass out quick on $int_if  from any to 192.168.3.22 queue 322_out
pass in quick on $int_if  from 192.168.3.23 to any queue 323_in
pass out quick on $int_if  from any to 192.168.3.23 queue 323_out
pass in quick on $int_if  from 217.153.198.66 to any queue 19866_in
pass out quick on $int_if  from any to 217.153.198.66 queue 19866_out

and so on.

The problem is that pfctl -vsr shows that net traffic is correctly
captured by rules. But (this is good) pfctl -vsq shows something
diffrent, the only queue that have antything inside is the default
queue!!
This config is almost similar to default config and I really don't
know what is going on, or where I've made a mistake.



    



-- 
Greetings,
 KrzychK2