Date: Tue, 27 Jan 2015 18:54:10 +0300 From: Odhiambo Washington <odhiambo@gmail.com> To: Konstantin Nikolaev <konstantine@manotom.com> Cc: "freebsd-pf@freebsd org" <freebsd-pf@freebsd.org> Subject: Re: Controlling P2P with PF Message-ID: <CAAdA2WONSyaPyNHcEUCDtSmd=-vfuHt54E8kd7321QYjd_kuBQ@mail.gmail.com> In-Reply-To: <54BF2F92.4060102@manotom.com> References: <CAAdA2WM=f_Xx9SVoez1O8qEfBL2EHGS8-YaUFkdMK7zd5NrLhQ@mail.gmail.com> <54BDD62E.4040003@bluerosetech.com> <CAAdA2WPLpD2jPLqNinievOgYn4TB7=qGsY1Rox8TjE56VxV_aQ@mail.gmail.com> <54BF2F92.4060102@manotom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 21 January 2015 at 07:48, Konstantin Nikolaev <konstantine@manotom.com>
wrote:
>
>
> *An example of a live horse: *if_ext = "fxp1" # Внешний
> инт. смотрящий в TOMICH с IP 195.211.197.17
> if_int = "fxp0" # Интерфейс смотрящий в ДМЗ с IP
> 195.211.196.65
>
> default_ports = "{ 0:1000 3389 6666 7777}"
>
> altq on $if_ext hfsc bandwidth 100Mb queue { default_up, slow_up, ack_up }
> queue default_up bandwidth 70Mb priority 5 hfsc( default )
> queue slow_up bandwidth 2000Kb priority 4 hfsc( realtime 1000Kb
> linkshare 2000Kb upperlimit 2Mb)
> queue ack_up bandwidth 28Mb priority 7 hfsc( realtime 10Mb
> linkshare 28Mb )
>
> altq on $if_int hfsc bandwidth 100Mb queue { default_down, slow_down,
> ack_down }
> queue default_down bandwidth 70Mb priority 5 hfsc( default )
> queue slow_down bandwidth 2000Kb priority 4 hfsc( realtime
> 1000Kb linkshare 2000Kb upperlimit 2Mb)
> queue ack_down bandwidth 28Mb priority 7 hfsc( realtime 10Mb
> linkshare 28Mb )
>
> #Output DMZ network $Mnet:
> # 1)
> pass in quick on $if_int from $if_int:network to any no state
> pass out quick on $if_ext proto { tcp udp } from $if_int:network to any
> port $default_ports queue ( default_up ack_up ) no state
> # 2)
> pass out on $if_ext from $if_int:network to any queue ( default_up ack_up
> ) no state
> # 3)
> pass out on $if_ext proto { tcp udp } from $if_int:network to !<tomsk>
> queue ( slow_up ack_up ) no state
>
> #Answers on requests
> # 1)
> pass in quick on $if_ext from any to $if_int:network no state
> pass out quick on $if_int proto {tcp udp} from any port $default_ports to
> $if_int:network queue (default_down ack_down ) no state
> # 2)
> pass out on $if_int from any to $if_int:network queue ( default_down
> ack_down ) no state
> # 3)
> pass out on $if_int proto { tcp } from !<tomsk> to $if_int:network queue (
> slow_down ack_down ) no state
>
>
> *Not very good, but as an example descend*
>
I am thinking of doing it from the top:
1. Give higher priority to all the known traffic on known ports
2. Leave only 1% to unknown traffic on unknown ports, BUT, if capacity is
there because known traffic are 'asleep', let unknown traffic use it
Reading an example from: https://www.pantz.org/software/pf/pfconfigfile.html,
and with a up/down link of 2/2Mbps
altq on $ext_if bandwidth 1968Kb hfsc queue { q_pri, q_def, q_mus, q_tor }
queue q_pri bandwidth 49% priority 7 hfsc
queue q_def bandwidth 49% priority 5 hfsc (linkshare 49%)
{q_smtp,q_http,ssh_login,q_def1}
queue ssh_login bandwidth 96% priority 5 hfsc
queue q_http bandwidth 1% priority 4 hfsc
queue q_smtp bandwidth 1% priority 4 hfsc
queue q_def1 bandwidth 1% priority 3 hfsc (default)
queue q_mus bandwidth 1% qlimit 200 priority 4 hfsc
queue q_tor bandwidth 1% qlimit 25 priority 3 hfsc (upperlimit 272Kb)
Although I would want to add more known ports..
I am still reading about PF and this queues stuff so it's not easy to sink
it it still. I don't understand why this example only dealt with ext_if and
did nothing on the int_if :(
Someone must have done this in a way that ensures torrents work when there
is capacity and get relegated when there is important traffic.
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
"I can't hear you -- I'm using the scrambler."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAAdA2WONSyaPyNHcEUCDtSmd=-vfuHt54E8kd7321QYjd_kuBQ>