Date: Thu, 16 Sep 2004 03:51:52 -0000 From: Robert Krasicki <wstud@wp.pl> To: pf4freebsd@freelists.org Subject: [pf4freebsd] pfaltq FreeBSD (merged) problem Message-ID: <20030928164955.GA50979@toudi.cisovanet.pl>
next in thread | raw e-mail | index | archive | help
Hello, I have problems with my configuration. I'm using pf.conf configuration from http://openbsd.org/faq/pf/queueing.html (the first one example). Of course I've replaced interface names with proper one. --------- ##### local_net = "192.168.0.0/24" ssh_ports = "{ 22 2022 }" im_ports = "{ 1863 5190 5222 }" ext_if="ed0" int_if="xl0" scrub in all no-df altq on $ext_if priq bandwidth 100Kb queue { std_out, ssh_im_out, dns_out, \ tcp_ack_out } queue std_out priq(default) queue ssh_im_out priority 4 priq(red) queue dns_out priority 5 queue tcp_ack_out priority 6 altq on $int_if cbq bandwidth 510Kb queue { std_in, ssh_im_in, dns_in, bob_in } queue std_in cbq(default) queue ssh_im_in priority 4 queue dns_in priority 5 nat on $ext_if from $int_if/24 to any -> $ext_if rdr on $ext_if proto tcp from any to $ext_if port 4000:4005 -> 192.168.0.6 rdr on $ext_if proto tcp from any to $ext_if port 1551 -> 192.168.0.6 rdr on $ext_if proto tcp from any to $ext_if port 3389 -> 192.168.0.6 rdr on $ext_if proto tcp from any to $ext_if port 416 -> 192.168.0.6 rdr on $ext_if proto udp from any to $ext_if port 416 -> 192.168.0.6 block in on $ext_if all block out on $ext_if all pass out on $ext_if inet proto tcp from ($ext_if) to any flags S/SA \ keep state queue(std_out, tcp_ack_out) pass out on $ext_if inet proto { udp icmp } from ($ext_if) to any keep state pass out on $ext_if inet proto { tcp udp } from ($ext_if) to any port domain \ keep state queue dns_out pass out on $ext_if inet proto tcp from ($ext_if) to any port $ssh_ports \ flags S/SA keep state queue(std_out, ssh_im_out) pass out on $ext_if inet proto tcp from ($ext_if) to any port $im_ports \ flags S/SA keep state queue(ssh_im_out, tcp_ack_out) block in on $int_if all pass in on $int_if from $local_net block out on $int_if all pass out on $int_if from any to $local_net pass out on $int_if proto { tcp udp } from any port domain to $local_net \ queue dns_in pass out on $int_if proto tcp from any port $ssh_ports to $local_net \ queue(std_in, ssh_im_in) pass out on $int_if proto tcp from any port $im_ports to $local_net \ queue ssh_im_in --- All I want to achieve by this configuration is a no lagged ssh output. I'm using ADSL 512/128 connection, and I would like to be able to connect external SSH ports with no delays. When I'm uploading some file from my local computer (192.168.0.6) to host in Internet e.g 212.160.150.190 my ssh connection to eg. 212.140.158.190 becomes lagged. According to rules, it should work without any delays?. Maybe I'm wrong, is it possible to achieve this ? PS. I'm using pf+altq merged for FreeBSD 5.1 Release Rules are being loaded with no errors, packets are being counted properly. Maybe you could provide me with the simplest ssh + tcp ack highest priority config ?. I've spent few weeks on trying to solve this problem Thanks! Rob
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030928164955.GA50979>