Date: Fri, 3 Jul 2009 23:51:43 +0700 From: budsz <budiyt@gmail.com> To: freebsd-pf@freebsd.org Subject: Problem PF and HFSC Message-ID: <4d4dc3640907030951g627f096fv16e0b3ac58e9765@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello,
I try to use PF under FreeBSD 7.2-STABLE. Here my config file:
# Variable global
ifint0="rl0"
ifext0="rl1"
ipcl = "{ 192.168.100.1, 192.168.100.2, 192.168.100.3, 192.168.100.4,
192.168.100.5, \
192.168.100.6, 192.168.100.7, 192.168.100.8, 192.168.100.11,
192.168.100.12, \
192.168.100.100 }"
ipunlimit = "{ !192.168.1.0/30, !192.168.100.200 }"
scrub in all
altq on $ifint0 hfsc bandwidth 1Mb queue { downstream }
queue downstream bandwidth 10% priority 0 hfsc (upperlimit 99% default)
altq on $ifext0 hfsc bandwidth 256Kb queue { upstream }
queue upstream bandwidth 10% priority 0 hfsc (upperlimit 99% default)
# Outgoing traffic (Downstream banwidth)
pass out quick on $ifint0 from $ipunlimit to $ipcl queue (downstream)
# Incoming traffic (Upstream bandwidth)
pass out quick on $ifext0 from $ipcl to $ipunlimit queue (upstream)
This several my problem after I tested:
1. Why PF can't limit incoming traffic in one interface. Let's say on rl0:
pass out quick on $ifint0 from $ipunlimit to $ipcl queue (downstream)
pass in quick on $ifint0 from $ipcl to $ipunlimit queue (upstream)
2. For list $ipunlimit (192.168.1.0/30 and 192.168.100.200 ) still get limit.
I wanna traffic from/to (192.168.1.0/30 and 192.168.100.200 )
to/from pccl _not_ limit, because that's for www/ssh local LAN.
3. I need suggestion for that rule. My purpose is link share for 11 IP
address (downstream/upstream), so if saturate traffic reached.
The clients still get guaranty with 10% of total bandwidth (About
100KB downstream and 253.44Kb upstream for each other).
Thanks for your time.
--
budsz
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4d4dc3640907030951g627f096fv16e0b3ac58e9765>