Date: Thu, 16 Nov 2006 12:00:52 -0200 From: "Gilberto Villani Brito" <linux@giboia.org> To: "FreeBSD (PF)" <freebsd-pf@freebsd.org> Subject: Re: pf.conf + altq problem Message-ID: <6e6841490611160600t26c24559v9eb14aef1783cb@mail.gmail.com> In-Reply-To: <1163160286.5022.19.camel@genius.i.cz> References: <1162836051.23997.7.camel@beastie.mra.co.id> <6e6841490611071140u486d550bn8d3f3f0c40b6fd9@mail.gmail.com> <6e6841490611071141u2f1ad06apaa4542a94f8b786b@mail.gmail.com> <1163010356.1504.46.camel@beastie.mra.co.id> <1163160286.5022.19.camel@genius.i.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
In my firewall cbq doesn't work, but I'm using hfsc. Below is one rule: altq on em1 hfsc bandwidth 100% queue net_em1 queue net_em1 bandwidth 100Mb hfsc { link_em1 net1_em1 } queue link_em1 bandwidth 5Mb priority 2 hfsc(red realtime 4Mb upperlimit 10Mb) queue net1_em1 bandwidth 90Mb priority 1 hfsc(default) Gilberto 2006/11/10, Michal Mertl <mime@traveller.cz>: > Muhammad Reza wrote: > > still not work with pass in rule. > > > > add info with this rule set: > > > > altq on xl1 bandwidth 100% cbq queue {int_out,dflt_out} > > queue int_out bandwidth 3Mb > > queue dflt_out bandwidth 16Kb cbq (default) > > > > altq on xl2 bandwidth 100% cbq queue {int_in,dflt_in} > > queue int_in bandwidth 3Mb > > queue dflt_in bandwidth 16Kb cbq (default) > > > > pass out log on xl1 from 172.16.0.228 to 202.57.14.1 keep state flags > > S/SA queue (int_out) > > pass out log on xl2 from 202.57.14.1 to 172.16.0.228 keep state flags > > S/SA queue (int_in) > > > > if i only enabled altq on in one interface only (xl1 or xl2) , traffic > > limitation that i want is can be done. > > > > Is there something that can be done with ALTQ and PF or my rule is > > bad ??? > > The rules above (for TCP) do not match the traffic from both directions > of a single TCP connection - "flags S/SA" matches just the first packet > of the TCP session initiated by the source adress (on the left). They > limit only one direction of connections initiated from either of the > addresses. Try removing "flags S/SA". > > Michal > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6e6841490611160600t26c24559v9eb14aef1783cb>