Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 03 Jul 2009 14:34:04 +0300
From:      "Vitaliy Vladimirovich" <artemrts@ukr.net>
To:        freebsd-pf@freebsd.org
Subject:   ALTQ traffic shaping problem
Message-ID:  <E1MMh1o-000DdV-1l@ffe10.ukr.net>
next in thread | raw e-mail | index | archive | help 


  Hi, All!  
  
 I have installed FreeBSD 7.2 with pf as firewall and NAT with ALTQ for traffic shaping. This is my test  
system on VMWare.  
  
 Below my pf.conf. All works perfectly except, shaping.  
 I want limit outbound (128Kb) and inbound (800Kb) traffic to and from Internet for two computers. I have configured queues on interfaces as is write below. But in real I have only half of specified speed in pf.conf.  
   
ext_if="le0"  
int_if="le1"  
lan="172.16.1.0/24"  
pc1="172.16.1.2"  
pc2="172.16.1.3"  
  
set skip on lo  
set loginterface le1  
set ruleset-optimization basic  
set block-policy return  
set state-policy if-bound  
  
scrub on $int_if all random-id reassemble tcp fragment reassemble  
scrub on $ext_if all random-id reassemble tcp fragment reassemble  
  
  
### ALTQ  
  
altq on $int_if cbq bandwidth 100Mb queue { def_download, pc1_download, pc2_download }  
queue def_download bandwidth 50% cbq(default)  
queue pc1_download bandwidth 800Kb cbq(red)  
queue pc2_download bandwidth 800Kb cbq(red)  
  
  
altq on $ext_if cbq bandwidth 10Mb queue {def_upload, pc1_upload, pc2_upload }  
queue def_upload bandwidth 50% cbq(default)  
queue pc1_upload bandwidth 128Kb cbq(red)  
queue pc2_upload bandwidth 128Kb cbq(red)  
  
##### NAT  
  
nat on $ext_if from $lan to !$int_if -> $ext_if  
  
###  
  
#pass in  
#pass out  
block in  
block out  
antispoof quick for { lo $int_if } inet  
  
  
#### EXT_IF_OUT  
  
pass out quick on $ext_if inet tagged from_pc1 queue pc1_upload  
pass out quick on $ext_if inet tagged from_pc2 queue pc1_upload  
pass out quick on $ext_if inet tagged from_def queue def_upload  
  
pass out quick on $ext_if inet from $ext_if to any  
  
#### EXT_IF_IN  
  
pass in quick on $ext_if inet proto tcp from any to $ext_if port ssh  
  
#### INT_IF_IN  
  
pass in quick on $int_if inet from $pc1 to !$int_if tag from_pc1 queue pc1_download  
pass in quick on $int_if inet from $pc1 to !$int_if tag from_pc2 queue pc2_download  
pass in quick on $int_if inet from !$pc1 to !$int_if tag from_def queue def_download  
  
pass in quick on $int_if inet proto {tcp udp} from $lan to $int_if port 53  
  
  
### INT_IF_OUT  
  
  
######################### THE END  
  
   So, where is my mistake? Very much I hope for your help.  
  
    Thanks.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E1MMh1o-000DdV-1l>