From owner-freebsd-pf@FreeBSD.ORG  Fri Nov 25 22:01:38 2005
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B8A5F16A41F
	for <freebsd-pf@freebsd.org>; Fri, 25 Nov 2005 22:01:38 +0000 (GMT)
	(envelope-from montarotech@optusnet.com.au)
Received: from mail05.syd.optusnet.com.au (mail05.syd.optusnet.com.au
	[211.29.132.186])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0CDCE43D64
	for <freebsd-pf@freebsd.org>; Fri, 25 Nov 2005 22:01:37 +0000 (GMT)
	(envelope-from montarotech@optusnet.com.au)
Received: from delta (d58-104-249-166.dsl.nsw.optusnet.com.au [58.104.249.166])
	by mail05.syd.optusnet.com.au (8.12.11/8.12.11) with SMTP id
	jAPM1a2n009236
	for <freebsd-pf@freebsd.org>; Sat, 26 Nov 2005 09:01:36 +1100
Message-ID: <000c01c5f20b$d19e4620$0600a8c0@delta>
From: "Josh Finlay" <montarotech@optusnet.com.au>
To: <freebsd-pf@freebsd.org>
Date: Sat, 26 Nov 2005 08:01:41 +1000
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="iso-8859-1";
	reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Subject: ALTQ bandwidth limiting only from internet IPs
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Nov 2005 22:01:38 -0000

I use the following rules for PF:

ExtIF="ng0"
IntIF="de0"
Delta="192.168.0.6"
Fear="192.168.0.1"

altq on $ExtIF cbq bandwidth 128Kb queue { q_network_out }
altq on $IntIF cbq bandwidth 512Kb queue { q_network_in }
queue q_network_out bandwidth 100% { q_delta_out, q_fear_out }
        queue q_delta_out bandwidth 50% cbq(default borrow)
        queue q_fear_out bandwidth 50% cbq(borrow)
queue q_network_in bandwidth 100% { q_delta_in, q_fear_in }
        queue q_delta_in bandwidth 50% cbq(default borrow)
        queue q_fear_in bandwidth 50% cbq(borrow)

pass out on $ExtIF from $Delta to any keep state queue q_delta_out
pass out on $ExtIF from $Fear to any keep state queue q_fear_out
pass out on $IntIF from $Delta to any keep state queue q_delta_in
pass out on $IntIF from $Fear to any keep state queue q_fear_in

This config seems to work quite well
but its also queueing local traffic aswell
so if I'm uploading from "Delta" to somewhere on the internet, my local ssh 
sessions (to the machine running pf) lag due to lack of free bandwidth

So how do I tell PF to only queue if its an internet ip? or perhaps a better 
way of saying it, is to *not* queue local traffic (to/from local ips).