From owner-freebsd-pf@FreeBSD.ORG Tue Jul 3 16:23:06 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A4C9216A41F for ; Tue, 3 Jul 2007 16:23:06 +0000 (UTC) (envelope-from andrei.manescu@clicknet.ro) Received: from proxy1.romtelecom.net (proxy1.romtelecom.net [86.35.15.38]) by mx1.freebsd.org (Postfix) with ESMTP id 0169313C4BA for ; Tue, 3 Jul 2007 16:23:05 +0000 (UTC) (envelope-from andrei.manescu@clicknet.ro) Received: (qmail 621 invoked from network); 3 Jul 2007 16:23:02 -0000 X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on proxy1 X-Spam-Level: X-Spam-Status: No, score=0.3 required=5.0 tests=AWL,HTML_40_50,HTML_MESSAGE autolearn=disabled version=3.1.7 Received: from ip4-83-240-46-91.cust.nbox.cz (HELO ivorde) (andrei.manescu@clicknet.ro@[83.240.46.91]) (envelope-sender ) by proxy1.romtelecom.net (qmail-ldap-1.03) with SMTP for ; 3 Jul 2007 16:23:02 -0000 Message-ID: <000e01c7bd8e$747bbae0$5501a8c0@ivorde> From: "Andrei Manescu" To: Date: Tue, 3 Jul 2007 19:23:13 +0300 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3028 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: ALTQ + CBQ -> http & ftp X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jul 2007 16:23:06 -0000 Hello everyone. Probabily this is not the first email on this topic, so I'll be brief: I have the following queues: altq on xl0 cbq bandwidth 5000Kb queue { def, ftp, http, ssh, icmp, ack = } queue ack bandwidth 50Kb priority 7 cbq(borrow) queue ssh bandwidth 50Kb priority 6 { ssh_login, ssh_bulk } queue ssh_login bandwidth 25% priority 6 cbq(borrow) queue ssh_bulk bandwidth 75% priority 5 cbq(borrow) queue http bandwidth 4000Kb priority 5 cbq queue ftp bandwidth 390Kb priority 2 cbq(borrow) queue def bandwidth 500Kb priority 1 cbq(default) queue icmp bandwidth 10Kb priority 0 cbq ... and these rules for http & ftp traffic: pass in log-all quick on $ext_if1 proto tcp from any to port = {80, 8080} flags S/SA synproxy state queue http pass in log quick on $ext_if1 proto tcp from any to port ftp = flags S/SA synproxy state pass out log-all quick on $ext_if1 proto {tcp,udp} from $external_addr1 = \ to any port 65530:65534 flags S/SA keep state queue ftp The thing is that ftp is in passive mode and when there is traffic both = on http & ftp each type of transfer has ~50% of the bandwidth, so the = higher priority from http queue doesn't apply at all. Has anyone some suggestion for the rules above ? Thank you in advance for your pacience and wisdom :) Andrei.