From owner-freebsd-pf@FreeBSD.ORG Wed Nov 16 22:43:31 2005 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 476C216A41F for ; Wed, 16 Nov 2005 22:43:31 +0000 (GMT) (envelope-from MGrooms@seton.org) Received: from mx1-out.seton.org (mx1-out.seton.org [207.193.126.171]) by mx1.FreeBSD.org (Postfix) with ESMTP id DAD5C43D46 for ; Wed, 16 Nov 2005 22:43:30 +0000 (GMT) (envelope-from MGrooms@seton.org) Received: from localhost (unknown [127.0.0.1]) by mx1-out.seton.org (Postfix) with ESMTP id 80DC5F00094C; Wed, 16 Nov 2005 16:43:30 -0600 (CST) Received: from mx1-out.seton.org ([10.21.254.249]) by localhost (mx1 [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 14388-01; Wed, 16 Nov 2005 16:43:30 -0600 (CST) Received: from ausexfe01.seton.org (ausexfe01.seton.org [10.20.10.211]) by mx1-out.seton.org (Postfix) with ESMTP id 6F5F8F00090A; Wed, 16 Nov 2005 16:43:30 -0600 (CST) Received: from [10.20.160.190] ([10.20.160.190]) by ausexfe01.seton.org with Microsoft SMTPSVC(6.0.3790.211); Wed, 16 Nov 2005 16:43:28 -0600 Message-ID: <437BB7A3.2080005@seton.org> Date: Wed, 16 Nov 2005 16:50:11 -0600 From: Matthew Grooms Organization: Seton Healthcare Network User-Agent: Mozilla Thunderbird 1.0.5 (Windows/20050711) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Max Laier References: <437BB031.9090504@seton.org> <200511162319.58857.max@love2party.net> In-Reply-To: <200511162319.58857.max@love2party.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 16 Nov 2005 22:43:28.0077 (UTC) FILETIME=[2952A7D0:01C5EAFF] X-Virus-Scanned: by amavisd-new at seton.org Cc: freebsd-pf@freebsd.org Subject: Re: Traffic Shaping with pf ... X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Nov 2005 22:43:31 -0000 Max Laier wrote: > On Wednesday 16 November 2005 23:18, Matthew Grooms wrote: > >> I have a couple of firewalls running freebsd 5.4 and pf and was >>planning to use ALTQ for traffic shaping. But after doing a bit of >>reading, it would seem that ALTQ only works on traffic passing outbound >>on an interface. Since most of the traffic passing through my firewall >>is http and ftp traffic, the inbound direction is the path being >>saturated. Did I read the ALTQ documentation wrong or is there another >>mechanism available for use with pf that could help me prioritize >>bandwidth usage? > > > You can not control inbound traffic! You can not control what other people > sent to you! It's impossible. The only way to do it is to limit *outbound* > traffic on an upstream router. > Max, As always, thanks for your reply. Sounds like you may have heard this question once or twice ;) Sorry for being naive. I understand what you are saying and this makes sense to me. But would it stand to reason that if you limit the rate of packets in a TCP stream that the windowing would slow the generation of traffic from the source host? I understand UDP is another animal all together. Do pipes in ipfw only effect outbound traffic on an interface? Thanks, -Matthew