From owner-freebsd-pf@FreeBSD.ORG  Fri Dec  2 11:30:05 2005
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D7CF416A41F
	for <freebsd-pf@freebsd.org>; Fri,  2 Dec 2005 11:30:05 +0000 (GMT)
	(envelope-from montarotech@optusnet.com.au)
Received: from mail05.syd.optusnet.com.au (mail05.syd.optusnet.com.au
	[211.29.132.186])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 072F243D58
	for <freebsd-pf@freebsd.org>; Fri,  2 Dec 2005 11:30:04 +0000 (GMT)
	(envelope-from montarotech@optusnet.com.au)
Received: from delta (d58-105-105-26.dsl.nsw.optusnet.com.au [58.105.105.26])
	by mail05.syd.optusnet.com.au (8.12.11/8.12.11) with SMTP id
	jB2BTvDv025117; Fri, 2 Dec 2005 22:29:57 +1100
Message-ID: <000c01c5f733$bc4b4750$0600a8c0@delta>
From: "Josh Finlay" <montarotech@optusnet.com.au>
To: "Marcelo Celleri" <marceloc@espoltel.net>
References: <200512011625.jB1GPUlH021812@jupiter.espoltel.net>
Date: Fri, 2 Dec 2005 21:30:00 +1000
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1";
	reply-type=original
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Cc: freebsd-pf@freebsd.org
Subject: Re: PF + ALTQ... help please!!
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Dec 2005 11:30:06 -0000

Hi,

Sorry this has no relevence to your post, I just thought I would comment on 
the pretty network diagram you did =P

Regards,

----- Original Message ----- 
From: "Marcelo Celleri" <marceloc@espoltel.net>
To: "'Jon Simola'" <jon@abccomm.com>
Cc: <freebsd-pf@freebsd.org>
Sent: Friday, December 02, 2005 2:27 AM
Subject: RE: PF + ALTQ... help please!!


>
>
> I tried to change the rules to what you tell me, but now the outgoing
> traffic from em1 to my clients it's not restricted...Look at this address,
> there is a diagram of my case and what I'm trying to do:
>
> http://host-242-33.espoltel.net/diagram.jpg
>
>
> It's important the order of the rules? Which it could be for my needs?
>
>
> -----Mensaje original-----
> De: jsimola@gmail.com [mailto:jsimola@gmail.com] En nombre de Jon Simola
> Enviado el: Miércoles, 30 de Noviembre de 2005 19:14
> Para: Marcelo Celleri
> CC: freebsd-pf@freebsd.org
> Asunto: Re: PF + ALTQ... help please!!
>
> On 11/30/05, Marcelo Celleri <marceloc@espoltel.net> wrote:
>
>> int_if="em1"
>>
>> altq on $int_if bandwidth 100Mb cbq queue { std, uees, lnaval, marcelo,
> ... }
>> queue std bandwidth 10.0Mb cbq(default)
>> #Then for each one of the subqueues:
>> queue marcelo bandwidth 128Kb cbq { gold, silver, default }
>>         queue gold bandwidth 70% priority 3 cbq(borrow red)
>>         queue silver bandwidth 20% priority 2 cbq(borrow red)
>>         queue default bandwidth 10% cbq(borrow)
>
>> #These are the rules:
>>
>> pass in on $int_if from any to xxx.xxx.xxx.xxx keep state queue default
>> pass in on $int_if proto { tcp } from any port { 25,110 } to
> xxx.xxx.xxx.xxx
>> keep state queue silver
>> pass in on $int_if proto { tcp } from any port { 22,53,80,443  } to
>> xxx.xxx.xxx.xxx keep state queue gold
>
> You cannot duplicate the gold/silver/default queue names, just in case
> you're doing that.
> The other problem is that you're trying to queue on an inbound interface.
>
> Going back to my example:
> # External interface -> OC3
> altq on em0 cbq bandwidth 100Mb queue { default_ext, throttle_ext }
> queue default_ext bandwidth 40Mb qlimit 1000 priority 5 cbq(default red 
> ecn)
> queue throttle_ext bandwidth 64Kb priority 1 cbq(red ecn)
>
> # Internal interface -> LAN clients
> altq on em1 cbq bandwidth 100Mb queue { default_int, throttle_int }
> queue default_int bandwidth 40Mb qlimit 1000 priority 5 cbq(default red 
> ecn)
> queue throttle_int bandwidth 64Kb priority 1 cbq(red ecn)
>
> The queueing rule for this is:
> pass out on em0 from <throttled_ips> to any queue throttle_ext
>
> Or you can specify a queue on the outbound interface (em0) with a rule
> on the inbound (em1), for a basically similar effect:
> pass in on em1 from <throttled_ips> to any queue throttle_ext
>
> Hope that helps a bit.
>
> --
> Jon Simola
> Systems Administrator
> ABC Communications
>
>
>
> -- 
> Este mensaje ha sido analizado por el antivirus de ESPOLTEL S.A.
> en busca de virus y otros contenidos peligrosos,
> y se considera que está limpio.
>
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
>