From owner-freebsd-pf@FreeBSD.ORG Thu Nov 16 14:01:01 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 68B9916A4A0 for ; Thu, 16 Nov 2006 14:01:01 +0000 (UTC) (envelope-from linux@giboia.org) Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.231]) by mx1.FreeBSD.org (Postfix) with ESMTP id 15D4043D5E for ; Thu, 16 Nov 2006 14:00:55 +0000 (GMT) (envelope-from linux@giboia.org) Received: by wr-out-0506.google.com with SMTP id i20so150042wra for ; Thu, 16 Nov 2006 06:00:55 -0800 (PST) Received: by 10.78.117.10 with SMTP id p10mr613008huc.1163685653601; Thu, 16 Nov 2006 06:00:53 -0800 (PST) Received: by 10.78.175.17 with HTTP; Thu, 16 Nov 2006 06:00:52 -0800 (PST) Message-ID: <6e6841490611160600t26c24559v9eb14aef1783cb@mail.gmail.com> Date: Thu, 16 Nov 2006 12:00:52 -0200 From: "Gilberto Villani Brito" To: "FreeBSD (PF)" In-Reply-To: <1163160286.5022.19.camel@genius.i.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <1162836051.23997.7.camel@beastie.mra.co.id> <6e6841490611071140u486d550bn8d3f3f0c40b6fd9@mail.gmail.com> <6e6841490611071141u2f1ad06apaa4542a94f8b786b@mail.gmail.com> <1163010356.1504.46.camel@beastie.mra.co.id> <1163160286.5022.19.camel@genius.i.cz> Subject: Re: pf.conf + altq problem X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Nov 2006 14:01:01 -0000 In my firewall cbq doesn't work, but I'm using hfsc. Below is one rule: altq on em1 hfsc bandwidth 100% queue net_em1 queue net_em1 bandwidth 100Mb hfsc { link_em1 net1_em1 } queue link_em1 bandwidth 5Mb priority 2 hfsc(red realtime 4Mb upperlimit 10Mb) queue net1_em1 bandwidth 90Mb priority 1 hfsc(default) Gilberto 2006/11/10, Michal Mertl : > Muhammad Reza wrote: > > still not work with pass in rule. > > > > add info with this rule set: > > > > altq on xl1 bandwidth 100% cbq queue {int_out,dflt_out} > > queue int_out bandwidth 3Mb > > queue dflt_out bandwidth 16Kb cbq (default) > > > > altq on xl2 bandwidth 100% cbq queue {int_in,dflt_in} > > queue int_in bandwidth 3Mb > > queue dflt_in bandwidth 16Kb cbq (default) > > > > pass out log on xl1 from 172.16.0.228 to 202.57.14.1 keep state flags > > S/SA queue (int_out) > > pass out log on xl2 from 202.57.14.1 to 172.16.0.228 keep state flags > > S/SA queue (int_in) > > > > if i only enabled altq on in one interface only (xl1 or xl2) , traffic > > limitation that i want is can be done. > > > > Is there something that can be done with ALTQ and PF or my rule is > > bad ??? > > The rules above (for TCP) do not match the traffic from both directions > of a single TCP connection - "flags S/SA" matches just the first packet > of the TCP session initiated by the source adress (on the left). They > limit only one direction of connections initiated from either of the > addresses. Try removing "flags S/SA". > > Michal > >