From owner-freebsd-pf@FreeBSD.ORG Mon Apr 11 08:07:04 2011 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 02DF0106566B for ; Mon, 11 Apr 2011 08:07:04 +0000 (UTC) (envelope-from zeus@relay.ibs.dn.ua) Received: from relay.ibs.dn.ua (relay.ibs.dn.ua [91.216.196.25]) by mx1.freebsd.org (Postfix) with ESMTP id 78D5A8FC0A for ; Mon, 11 Apr 2011 08:07:02 +0000 (UTC) Received: from relay.ibs.dn.ua (localhost [127.0.0.1]) by relay.ibs.dn.ua with ESMTP id p3B86pxe072177; Mon, 11 Apr 2011 11:06:51 +0300 (EEST) Received: (from zeus@localhost) by relay.ibs.dn.ua (8.14.4/8.14.4/Submit) id p3B86maT072176; Mon, 11 Apr 2011 11:06:49 +0300 (EEST) Date: Mon, 11 Apr 2011 11:06:48 +0300 From: Zeus V Panchenko To: freebsd-pf@freebsd.org Message-ID: <20110411080648.GD22812@relay.ibs.dn.ua> Mail-Followup-To: freebsd-pf@freebsd.org, Daniel Hartmeier References: <20110210155622.GA60117@icarus.home.lan> <20110411054544.GC22812@relay.ibs.dn.ua> <20110411061730.GA26940@insomnia.benzedrine.cx> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20110411061730.GA26940@insomnia.benzedrine.cx> User-Agent: Mutt/1.4.2.3i X-Operating-System: FreeBSD 8.1-RELEASE X-Editor: GNU Emacs 23.2.1 Cc: Subject: Re: transparent proxy traffic queue ... X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: zeus@ibs.dn.ua List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Apr 2011 08:07:04 -0000 Thank you Daniel for reply, Daniel Hartmeier (daniel@benzedrine.cx) [11.04.11 09:18] wrote: > On Mon, Apr 11, 2011 at 08:45:44AM +0300, Zeus V Panchenko wrote: > It seems you want log(all), but are only using log, see pf.conf(5): it didn't help ... pftop output still shows no lan_http counters and when i download from inet anything it eats all bandwidth ... in pf.conf pass out log (all) on $if_wan inet proto { tcp, udp } from $if_wan:0 \ to any port { $ports_proxy } keep state queue wan_http pass out log (all) on $if_lan inet proto { tcp, udp } from any port { $ports_proxy } \ to $if_lan:network queue lan_http squid is bent to $if_lan:0 and in logs i see the activity (LAN browses inet successfully) if i tcpdump $if_lan i can see that, but it looks like it is passing by the queue ... why? in pftop output: pfTop: Up Queue 1-6/6, View: queue, Cache: 10000 10:59:55 QUEUE BW SCH PRIO PKTS BYTES DROP_P DROP_B QLEN BORROW SUSPEN P/S B/S root_tun0 1000K cbq 0 12270 1429980 0 0 0 0 0 23 1867 wan_http 150K cbq 2 4180 512946 0 0 0 0 29 0 0 wan_rest 850K cbq 8090 917034 0 0 0 0 0 23 1867 root_ale0 100M cbq 0 11789 9982786 0 0 0 0 0 16 21739 lan_http 2000K cbq 2 0 0 0 0 0 0 0 0 0 lan_rest 98M cbq 13469 11810110 0 0 0 0 1073 38 43015 -- Zeus V. Panchenko IT Dpt., IBS ltd GMT+2 (EET)