Date: Wed, 23 Jul 2008 12:03:00 +0300 From: "Ivan Petrushev" <ivanatora@gmail.com> To: freebsd-pf@freebsd.org Subject: Problems in basic usage of ALTQ Message-ID: <d39744a20807230203n47747301n14eec86a5440a696@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello,
I'm trying to do very simple traffic shaping on my box with ALTQ.
For beginning I want just to restrict HTTP downloading speed (which is
port 80) to a fixed number... lets say 100Kbps. I'm on ADSL line
providing me 12Mb down / 2Mb up, (and I know every ADSL tutorial
recommend limiting uploads) but for syntax learning purposes let's
concentrate only on
limiting downloading speed.
I've read some tutorials and I've reached to the following code:
[code]
### Queueing
# I'm not sure what to set up for a total bandwidth - 100Mb for the
carrier media (Cat5 cables) or 12Mb for the provided bandwidth
altq on re0 cbq bandwidth 12Mb queue {restrict, fast}
# This queue 'restrict' should get the shaped traffic
queue restrict bandwidth 100Kb cbq(default)
# This 'fast' queue should take some fast traffic, DNS requests for
example.
queue fast bandwidth 500Kb priority 4
### Translation
# This is for my other PC and I don't think it plays a role here
nat pass on re0 from 192.168.0.5 to any -> 10.10.10.21
### Filtering
# Restrict traffic on port 80. This is my IP.
pass in on re0 proto tcp from any port 80 to 10.10.10.21 queue
restrict
# Pass DNS requests on the 'fast' queue
pass in on re0 proto { udp, tcp } from any port 53 to 10.10.10.21
queue fast
[/code]
So I see DNS resolutions are done really fast (definately faster than
if they fell into the 'restricted' queue), but HTTP traffic is not
going with the specified bandwidth. Instead it goes about 3Mb. First I
thought it is due to wrong number here:
altq on re0 cbq bandwidth *100Mb* queue {restrict, fast}
But changing that did not reflected in any way - the downloads went on
3Mb.
Second problem - how to build the rule for queuing the other PC's
NATed bandwidth?
I tried
[code]
pass on re0 from any to 192.168.0.5 queue restrict
[/code]
and variations but it just didn't passed to the queue. I.e. the effect
was nothing. I'm routing over only one NIC - re0 (using aliases -
10.10.10.21 and 192.168.0.5) and maybe this is wrong?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?d39744a20807230203n47747301n14eec86a5440a696>