From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 03:51:52 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 674) id 6A13616A4CF; Thu, 16 Sep 2004 03:51:52 +0000 (GMT) Delivered-To: mlaier@vampire.homelinux.org Received: (qmail 32545 invoked by uid 1005); 28 Sep 2003 15:52:51 -0000 Delivered-To: max@vampire.homelinux.org Received: (qmail 32542 invoked from network); 28 Sep 2003 15:52:51 -0000 Received: from moutng.kundenserver.de (212.227.126.171) by pd9e39572.dip.t-dialin.net with SMTP; 28 Sep 2003 15:52:51 -0000 Received: from [212.227.126.140] (helo=mxng13.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1A3ekP-0006K6-00 for max@vampire.homelinux.org; Sun, 28 Sep 2003 18:50:13 +0200 Received: from [206.53.239.180] (helo=turing.freelists.org) by mxng13.kundenserver.de with esmtp (Exim 3.35 #1) id 1A3ekI-0004fl-00 for max@love2party.net; Sun, 28 Sep 2003 18:50:06 +0200 Received: from turing (localhost [127.0.0.1])ESMTP id 75E40395228; Sun, 28 Sep 2003 11:45:54 -0500 (EST) Received: with ECARTIS (v1.0.0; list pf4freebsd); Sun, 28 Sep 2003 11:45:48 -0500 (EST) X-Original-To: pf4freebsd@freelists.org Delivered-To: pf4freebsd@freelists.org Received: from cisovanet.pl (toudi.cisovanet.pl [212.160.158.193]) SMTP id 7255539520F for ; Sun, 28 Sep 2003 11:45:46 -0500 (EST) Received: (qmail 50988 invoked from network); 28 Sep 2003 16:49:57 -0000 Received: from unknown (HELO toudi.cisovanet.pl) (212.160.158.193) by 0 with SMTP; 28 Sep 2003 16:49:57 -0000 Received: (from robert@localhost) by toudi.cisovanet.pl (8.12.6/8.12.6/Submit) id h8SGntPs050986 for pf4freebsd@freelists.org; Sun, 28 Sep 2003 18:49:55 +0200 (CEST) From: Robert Krasicki To: pf4freebsd@freelists.org Message-ID: <20030928164955.GA50979@toudi.cisovanet.pl> Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i X-archive-position: 162 X-ecartis-version: Ecartis v1.0.0 Sender: pf4freebsd-bounce@freelists.org Errors-To: pf4freebsd-bounce@freelists.org X-original-sender: wstud@wp.pl Precedence: normal X-list: pf4freebsd Content-Transfer-Encoding: quoted-printable X-UID: 277 X-Length: 5550 X-Mailman-Approved-At: Thu, 16 Sep 2004 03:55:51 +0000 Subject: [pf4freebsd] pfaltq FreeBSD (merged) problem X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Reply-To: pf4freebsd@freelists.org List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Date: Thu, 16 Sep 2004 03:51:52 -0000 X-Original-Date: Sun, 28 Sep 2003 18:49:55 +0200 X-List-Received-Date: Thu, 16 Sep 2004 03:51:52 -0000 Hello,=20 I have problems with my configuration.=20 I'm using pf.conf configuration from http://openbsd.org/faq/pf/queueing.h= tml (the first one example).=20 Of course I've replaced interface names with proper one.=20 ---------=20 #####=20 local_net =3D "192.168.0.0/24"=20 ssh_ports =3D "{ 22 2022 }"=20 im_ports =3D "{ 1863 5190 5222 }"=20 ext_if=3D"ed0"=20 int_if=3D"xl0"=20 scrub in all no-df=20 altq on $ext_if priq bandwidth 100Kb queue { std_out, ssh_im_out, dns_out= , \=20 tcp_ack_out }=20 queue std_out priq(default)=20 queue ssh_im_out priority 4 priq(red)=20 queue dns_out priority 5=20 queue tcp_ack_out priority 6=20 altq on $int_if cbq bandwidth 510Kb queue { std_in, ssh_im_in, dns_in, bo= b_in }=20 queue std_in cbq(default)=20 queue ssh_im_in priority 4=20 queue dns_in priority 5=20 nat on $ext_if from $int_if/24 to any -> $ext_if=20 rdr on $ext_if proto tcp from any to $ext_if port 4000:4005 -> 192.168.0.= 6=20 rdr on $ext_if proto tcp from any to $ext_if port 1551 -> 192.168.0.6=20 rdr on $ext_if proto tcp from any to $ext_if port 3389 -> 192.168.0.6=20 rdr on $ext_if proto tcp from any to $ext_if port 416 -> 192.168.0.6=20 rdr on $ext_if proto udp from any to $ext_if port 416 -> 192.168.0.6=20 block in on $ext_if all=20 block out on $ext_if all=20 pass out on $ext_if inet proto tcp from ($ext_if) to any flags S/SA \=20 keep state queue(std_out, tcp_ack_out)=20 pass out on $ext_if inet proto { udp icmp } from ($ext_if) to any keep st= ate=20 pass out on $ext_if inet proto { tcp udp } from ($ext_if) to any port dom= ain \=20 keep state queue dns_out=20 pass out on $ext_if inet proto tcp from ($ext_if) to any port $ssh_ports = \=20 flags S/SA keep state queue(std_out, ssh_im_out)=20 pass out on $ext_if inet proto tcp from ($ext_if) to any port $im_ports \= =20 flags S/SA keep state queue(ssh_im_out, tcp_ack_out)=20 block in on $int_if all=20 pass in on $int_if from $local_net=20 block out on $int_if all=20 pass out on $int_if from any to $local_net=20 pass out on $int_if proto { tcp udp } from any port domain to $local_net = \=20 queue dns_in=20 pass out on $int_if proto tcp from any port $ssh_ports to $local_net \=20 queue(std_in, ssh_im_in)=20 pass out on $int_if proto tcp from any port $im_ports to $local_net \=20 queue ssh_im_in=20 ---=20 All I want to achieve by this configuration is a no lagged ssh output.=20 I'm using ADSL 512/128 connection, and I would like to be able=20 to connect external SSH ports with no delays.=20 When I'm uploading some file from my local computer (192.168.0.6) to=20 host in Internet e.g 212.160.150.190 my ssh connection to eg. 212.140.158= .190 becomes lagged.=20 According to rules, it should work without any delays?.=20 Maybe I'm wrong, is it possible to achieve this ?=20 PS. I'm using pf+altq merged for FreeBSD 5.1 Release=20 Rules are being loaded with no errors, packets are being counted properly= .=20 Maybe you could provide me with the simplest ssh + tcp ack highest priori= ty config ?.=20 I've spent few weeks on trying to solve this problem =20 Thanks! Rob