Date: Fri, 2 Dec 2005 21:30:00 +1000 From: "Josh Finlay" <montarotech@optusnet.com.au> To: "Marcelo Celleri" <marceloc@espoltel.net> Cc: freebsd-pf@freebsd.org Subject: Re: PF + ALTQ... help please!! Message-ID: <000c01c5f733$bc4b4750$0600a8c0@delta> References: <200512011625.jB1GPUlH021812@jupiter.espoltel.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Sorry this has no relevence to your post, I just thought I would comment on the pretty network diagram you did =P Regards, ----- Original Message ----- From: "Marcelo Celleri" <marceloc@espoltel.net> To: "'Jon Simola'" <jon@abccomm.com> Cc: <freebsd-pf@freebsd.org> Sent: Friday, December 02, 2005 2:27 AM Subject: RE: PF + ALTQ... help please!! > > > I tried to change the rules to what you tell me, but now the outgoing > traffic from em1 to my clients it's not restricted...Look at this address, > there is a diagram of my case and what I'm trying to do: > > http://host-242-33.espoltel.net/diagram.jpg > > > It's important the order of the rules? Which it could be for my needs? > > > -----Mensaje original----- > De: jsimola@gmail.com [mailto:jsimola@gmail.com] En nombre de Jon Simola > Enviado el: Miércoles, 30 de Noviembre de 2005 19:14 > Para: Marcelo Celleri > CC: freebsd-pf@freebsd.org > Asunto: Re: PF + ALTQ... help please!! > > On 11/30/05, Marcelo Celleri <marceloc@espoltel.net> wrote: > >> int_if="em1" >> >> altq on $int_if bandwidth 100Mb cbq queue { std, uees, lnaval, marcelo, > ... } >> queue std bandwidth 10.0Mb cbq(default) >> #Then for each one of the subqueues: >> queue marcelo bandwidth 128Kb cbq { gold, silver, default } >> queue gold bandwidth 70% priority 3 cbq(borrow red) >> queue silver bandwidth 20% priority 2 cbq(borrow red) >> queue default bandwidth 10% cbq(borrow) > >> #These are the rules: >> >> pass in on $int_if from any to xxx.xxx.xxx.xxx keep state queue default >> pass in on $int_if proto { tcp } from any port { 25,110 } to > xxx.xxx.xxx.xxx >> keep state queue silver >> pass in on $int_if proto { tcp } from any port { 22,53,80,443 } to >> xxx.xxx.xxx.xxx keep state queue gold > > You cannot duplicate the gold/silver/default queue names, just in case > you're doing that. > The other problem is that you're trying to queue on an inbound interface. > > Going back to my example: > # External interface -> OC3 > altq on em0 cbq bandwidth 100Mb queue { default_ext, throttle_ext } > queue default_ext bandwidth 40Mb qlimit 1000 priority 5 cbq(default red > ecn) > queue throttle_ext bandwidth 64Kb priority 1 cbq(red ecn) > > # Internal interface -> LAN clients > altq on em1 cbq bandwidth 100Mb queue { default_int, throttle_int } > queue default_int bandwidth 40Mb qlimit 1000 priority 5 cbq(default red > ecn) > queue throttle_int bandwidth 64Kb priority 1 cbq(red ecn) > > The queueing rule for this is: > pass out on em0 from <throttled_ips> to any queue throttle_ext > > Or you can specify a queue on the outbound interface (em0) with a rule > on the inbound (em1), for a basically similar effect: > pass in on em1 from <throttled_ips> to any queue throttle_ext > > Hope that helps a bit. > > -- > Jon Simola > Systems Administrator > ABC Communications > > > > -- > Este mensaje ha sido analizado por el antivirus de ESPOLTEL S.A. > en busca de virus y otros contenidos peligrosos, > y se considera que está limpio. > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000c01c5f733$bc4b4750$0600a8c0>