From owner-freebsd-pf@FreeBSD.ORG Fri May 18 11:16:29 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0764916A400 for ; Fri, 18 May 2007 11:16:29 +0000 (UTC) (envelope-from volker@vwsoft.com) Received: from frontmail.ipactive.de (frontmail.maindns.de [85.214.95.103]) by mx1.freebsd.org (Postfix) with ESMTP id BFBD613C45E for ; Fri, 18 May 2007 11:16:28 +0000 (UTC) (envelope-from volker@vwsoft.com) Received: from mail.vtec.ipme.de (Q7d12.q.ppp-pool.de [89.53.125.18]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by frontmail.ipactive.de (Postfix) with ESMTP id 31B76128829 for ; Fri, 18 May 2007 13:16:21 +0200 (CEST) Received: from cesar.sz.vwsoft.com (cesar.sz.vwsoft.com [192.168.16.3]) by mail.vtec.ipme.de (Postfix) with ESMTP id D07BE3FA01; Fri, 18 May 2007 13:15:50 +0200 (CEST) Message-ID: <464D8AE8.30103@vwsoft.com> Date: Fri, 18 May 2007 13:15:52 +0200 From: Volker User-Agent: Thunderbird 2.0.0.0 (X11/20070420) MIME-Version: 1.0 To: Umar References: <10678120.post@talk.nabble.com> <464D70D0.3000608@vwsoft.com> <10679395.post@talk.nabble.com> In-Reply-To: <10679395.post@talk.nabble.com> X-Enigmail-Version: 0.95.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-VWSoft-MailScanner: Found to be clean X-MailScanner-From: volker@vwsoft.com X-ipactive-MailScanner-Information: Please contact the ISP for more information X-ipactive-MailScanner: Found to be clean X-ipactive-MailScanner-From: volker@vwsoft.com Cc: freebsd-pf@freebsd.org Subject: Re: bandwidth controlling with ALTQ X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 May 2007 11:16:29 -0000 On 05/18/07 12:05, Umar wrote: > Dear Volker > > Thanks for your reply! > > I have 1mb up and 1mb down DSL and i have total 20 client at this time. > >>> if you want to limit per IP address, you need to create one queue for >>> every IP address in your internal network. > > Please tell me how i create the queue i will manage 20 queues by hand. But > i don't know the exact syntax in PF-ALTQ Umar, well, here your nightmare comes true! It's not just creating the queues, but have a different pass rule for every queue you're using. Let's go (assuming hfsc scheduler, cbq, priq will also do it for you): $clientIP1="192.168.0.2" $clientIP2="192.168.0.3" altq on $ext_if hfsc bandwidth 1Mb queue { qclient1, qclient2, qclient3, ... } queue qclient1 bandwdith 10Kb hfsc ( rio ) queue qclient2 bandwidth 10Kb hfsc ( rio ) ... pass in quick log on $int_if proto tcp from $clientIP1 to any \ flags "S/SA" keep state queue qclient1 pass in quick log on $int_if proto tcp from $clientIP2 to any \ flags "S/SA" keep state queue qclient2 Note: You also have to define one default queue "hfsc ( default )". Note2: You'll also want to pass other traffic (udp, icmp etc.). Happy maintenance! ;) HTH Volker PS: I suggest using a bandwidth for your root queue a bit lower than what you think your connections' upstream really is. For a 1 Mb upstream, a value of 940 Kb should be appropriate.