Date: Tue, 3 Jul 2007 19:23:13 +0300 From: "Andrei Manescu" <andrei.manescu@clicknet.ro> To: <freebsd-pf@freebsd.org> Subject: ALTQ + CBQ -> http & ftp Message-ID: <000e01c7bd8e$747bbae0$5501a8c0@ivorde>
next in thread | raw e-mail | index | archive | help
Hello everyone.
Probabily this is not the first email on this topic, so I'll be brief:
I have the following queues:
altq on xl0 cbq bandwidth 5000Kb queue { def, ftp, http, ssh, icmp, ack =
}
queue ack bandwidth 50Kb priority 7 cbq(borrow)
queue ssh bandwidth 50Kb priority 6 { ssh_login, ssh_bulk }
queue ssh_login bandwidth 25% priority 6 cbq(borrow)
queue ssh_bulk bandwidth 75% priority 5 cbq(borrow)
queue http bandwidth 4000Kb priority 5 cbq
queue ftp bandwidth 390Kb priority 2 cbq(borrow)
queue def bandwidth 500Kb priority 1 cbq(default)
queue icmp bandwidth 10Kb priority 0 cbq
... and these rules for http & ftp traffic:
pass in log-all quick on $ext_if1 proto tcp from any to <jails> port =
{80, 8080} flags S/SA synproxy state queue http
pass in log quick on $ext_if1 proto tcp from any to <jails> port ftp =
flags S/SA synproxy state
pass out log-all quick on $ext_if1 proto {tcp,udp} from $external_addr1 =
\
to any port 65530:65534 flags S/SA keep state queue ftp
The thing is that ftp is in passive mode and when there is traffic both =
on http & ftp each type of transfer has ~50% of the bandwidth, so the =
higher priority from http queue doesn't apply at all.
Has anyone some suggestion for the rules above ?
Thank you in advance for your pacience and wisdom :)
Andrei.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000e01c7bd8e$747bbae0$5501a8c0>