I tried to change the rules to what you tell me, but now the outgoing traffic from em1 to my clients it's not restricted...Look at this address, there is a diagram of my case and what I'm trying to do:
http://host-242-33.espoltel.net/diagram.jpg It's important the order of the rules? Which it could be for my needs? -----Mensaje original----- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] En nombre de Jon Simola Enviado el: Miércoles, 30 de Noviembre de 2005 19:14 Para: Marcelo Celleri CC: freebsd-pf@freebsd.org Asunto: Re: PF + ALTQ... help please!! On 11/30/05, Marcelo Celleri <[EMAIL PROTECTED]> wrote: > int_if="em1" > > altq on $int_if bandwidth 100Mb cbq queue { std, uees, lnaval, marcelo, ... } > queue std bandwidth 10.0Mb cbq(default) > #Then for each one of the subqueues: > queue marcelo bandwidth 128Kb cbq { gold, silver, default } > queue gold bandwidth 70% priority 3 cbq(borrow red) > queue silver bandwidth 20% priority 2 cbq(borrow red) > queue default bandwidth 10% cbq(borrow) > #These are the rules: > > pass in on $int_if from any to xxx.xxx.xxx.xxx keep state queue default > pass in on $int_if proto { tcp } from any port { 25,110 } to xxx.xxx.xxx.xxx > keep state queue silver > pass in on $int_if proto { tcp } from any port { 22,53,80,443 } to > xxx.xxx.xxx.xxx keep state queue gold You cannot duplicate the gold/silver/default queue names, just in case you're doing that. The other problem is that you're trying to queue on an inbound interface. Going back to my example: # External interface -> OC3 altq on em0 cbq bandwidth 100Mb queue { default_ext, throttle_ext } queue default_ext bandwidth 40Mb qlimit 1000 priority 5 cbq(default red ecn) queue throttle_ext bandwidth 64Kb priority 1 cbq(red ecn) # Internal interface -> LAN clients altq on em1 cbq bandwidth 100Mb queue { default_int, throttle_int } queue default_int bandwidth 40Mb qlimit 1000 priority 5 cbq(default red ecn) queue throttle_int bandwidth 64Kb priority 1 cbq(red ecn) The queueing rule for this is: pass out on em0 from <throttled_ips> to any queue throttle_ext Or you can specify a queue on the outbound interface (em0) with a rule on the inbound (em1), for a basically similar effect: pass in on em1 from <throttled_ips> to any queue throttle_ext Hope that helps a bit. -- Jon Simola Systems Administrator ABC Communications -- Este mensaje ha sido analizado por el antivirus de ESPOLTEL S.A. en busca de virus y otros contenidos peligrosos, y se considera que está limpio. _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
