Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 30 Jan 2006 20:51:37 +0700
From:      Agus Riant <who.kill.the.blind.dogs@gmail.com>
To:        freebsd-pf@freebsd.org
Subject:   Hi I have some problems with FreeBSD 5.4 Stable using pf and altq
Message-ID:  <c3918b5e0601300551s21b76299h3a1e0df3c00b320b@mail.gmail.com>
next in thread | raw e-mail | index | archive | help 
Hi I have some problems with FreeBSD 5.4 Stable  using pf and altq

This my kernconf
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
machine         i386
cpu             I686_CPU
ident           JOSS
maxusers        512

# To statically compile in device wiring instead of /boot/device.hints
#hints          "GENERIC.hints"         # Default places to look for device=
s.

options         SCHED_4BSD              # 4BSD scheduler
options         INET                    # InterNETworking
##options         INET6                   # IPv6 communications protocols
options         FFS                     # Berkeley Fast Filesystem
options         SOFTUPDATES             # Enable FFS soft updates support
options         UFS_ACL                 # Support for access control lists
options         UFS_DIRHASH             # Improve performance on big direct=
ories
options         MD_ROOT                 # MD is a potential root device
options         CD9660                  # ISO 9660 Filesystem
options         PROCFS                  # Process filesystem (requires PSEU=
DOFS)
options         PSEUDOFS                # Pseudo-filesystem framework
options         GEOM_GPT                # GUID Partition Tables.
options         COMPAT_43               # Compatible with BSD 4.3 [KEEP THI=
S!]
options         COMPAT_FREEBSD4         # Compatible with FreeBSD4
options         KTRACE                  # ktrace(1) support
options         SYSVSHM                 # SYSV-style shared memory
options         SYSVMSG                 # SYSV-style message queues
options         SYSVSEM                 # SYSV-style semaphores
options         _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time
extensions
options         KBD_INSTALL_CDEV        # install a CDEV entry in /dev
options         AHC_REG_PRETTY_PRINT    # Print register bitfields in debug
                                       # output.  Adds ~128k to driver.
options         AHD_REG_PRETTY_PRINT    # Print register bitfields in debug
                                       # output.  Adds ~215k to driver.
options         ADAPTIVE_GIANT          # Giant mutex is adaptive.

device          apic                    # I/O APIC

# Bus support.  Do not remove isa, even if you have no isa slots
device          isa
device          eisa
device          pci

# ATA and ATAPI devices
device          ata
device          atadisk         # ATA disk drives
device          atapicd         # ATAPI CDROM drives
options         ATA_STATIC_ID   # Static device numbering

# atkbdc0 controls both the keyboard and the PS/2 mouse
device          atkbdc          # AT keyboard controller
device          atkbd           # AT keyboard

device          vga             # VGA video card driver

device          splash          # Splash screen and screen saver support

# syscons is the default console driver, resembling an SCO console
device          sc

device          agp             # support several AGP chipsets

# Floating point support - do not disable.
device          npx

# Add suspend/resume support for the i8254.
device          pmtimer


# Serial (COM) ports
device          sio             # 8250, 16[45]50 based serial ports

# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs=
!
device          miibus          # MII bus support
device          bge             # Broadcom BCM570xx Gigabit Ethernet

# Pseudo devices.
device          loop            # Network loopback
device          mem             # Memory and kernel memory devices
device          io              # I/O device
device          random          # Entropy device
device          ether           # Ethernet support
device          tun             # Packet tunnel.
device          pty             # Pseudo-ttys (telnet etc)
device          md              # Memory "disks"
##device          gif             # IPv6 and IPv4 tunneling
##device          faith           # IPv6-to-IPv4 relaying (translation)

# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
# Note that 'bpf' is required for DHCP.
device          bpf             # Berkeley packet filter

# SMP
options         SMP

# snooop
device          snp

## PF
device          pf
device          pflog
device          pfsync

options         ALTQ
options         ALTQ_CBQ
options         ALTQ_RED
options         ALTQ_RIO
options         ALTQ_HFSC
options         ALTQ_PRIQ

options         QUOTA

pf.conf + altq config
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
## set macros
ext_if=3D"bge0"
main_ip=3D"xx.xx.xx" < i remove :)
http_ports=3D"{ 43, 80 }"
sec_ports=3D"{ 22 }"
tcp_serv=3D"{ 20, 21, 25, 53 }"
dns_ports=3D"{ 43, 53, 123 }"
irc_ports=3D"{ 113, 2000 >< 8005, 8300 >< 9000, 30000 >< 40000 }"
icmp_t=3D"echoreq"
tracert=3D"33434 >< 33450"

## main set options
set timeout { frag 30, interval 10 }
set limit { frags 5000, states 3000 }
set loginterface $ext_if
set block-policy drop
set optimization normal
scrub in all

## QUEUES - ALTQ rules
altq on bge0 cbq bandwidth 100Mb queue { q_all }
queue q_all bandwidth 100% cbq { q_def, q_pri, q_misc, q_web, q_dns, q_irc =
}
queue q_def bandwidth 25% priority 1 cbq(borrow default red ecn)
queue q_misc bandwidth 10% priority 0 cbq(red)
queue q_web bandwidth 15% priority 4 cbq(borrow)
queue q_dns bandwidth 25% priority 5 cbq(borrow)
queue q_irc bandwidth 25% priority 6 cbq(borrow)
queue q_pri priority 7

## Default Block
block in all
block out all

#=3D- Table
table <spoof> persist file "/etc/pftable/spoof.conf"
table <ddos> persist file "/etc/pftable/ddos.conf"
table <sindo> persist file "/etc/pftable/servindo.conf"
table <bfd> persist file "/etc/pftable/bfd.conf"
table <int> persist file "/etc/pftable/int.conf"
table <igh> persist file "/etc/pftable/joss.conf"


block in quick on $ext_if from { <spoof>, <ddos>, <sindo>, <bfd>, <int> } t=
o any

pass quick on lo0 all
pass inet proto icmp from <joss> to any icmp-type $icmp_t keep state
queue q_misc
pass out quick proto udp from any to any port $tracert keep state queue q_d=
ef
pass quick proto tcp from any to any port $tcp_serv keep state queue q_def

pass in quick proto tcp from <igh> to any port 22 keep state
pass quick proto tcp from any to any port $sec_ports keep state queue q_pri

pass quick proto udp from any to any port $dns_ports keep state queue q_dns
pass out quick proto { tcp, udp } from <igh> to any port { 161, 162 }
keep state queue q_dns

pass in quick proto tcp from any to $main_ip port $http_ports flags
S/SA synproxy state queue q_web
pass out quick proto tcp from $main_ip to any port $http_ports keep
state queue q_web

pass quick proto tcp from any to any port $irc_ports keep state queue q_irc

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D

i try to load the configuration conf,

# pfctl -f /etc/pf.conf.altq
pfctl: bge0: driver does not support altq

any one can help me to resolv this problem.

Nb: no error messege if the altq disabled.

Thank's

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c3918b5e0601300551s21b76299h3a1e0df3c00b320b>