On 37378-12-23 20:59, Muhammad Reza wrote:
> still not work with pass in rule.
>
> add info with this rule set:
>
> altq on xl1 bandwidth 100% cbq queue {int_out,dflt_out}
> queue int_out bandwidth 3Mb
> queue dflt_out bandwidth 16Kb cbq (default)
>
> altq on xl2 bandwidth 100% cbq queue {int_in,dflt_in}
> queue int_in bandwidth 3Mb
> queue dflt_in bandwidth 16Kb cbq (default)
>
> pass out log on xl1 from 172.16.0.228 to 202.57.14.1 keep state flags
> S/SA queue (int_out)
> pass out log on xl2 from 202.57.14.1 to 172.16.0.228 keep state flags
> S/SA queue (int_in)
>
> if i only enabled altq on in one interface only (xl1 or xl2) , traffic
> limitation that i want is can be done.
>
> Is there something that can be done with ALTQ and PF or my rule is
> bad ???
>
> please help me...
>
>
>> Try this rules:
>> pass in log on xl2 from 172.16.0.228 to 202.57.14.1 keep state flags
>> S/SA queue (int_out)
>> pass in log on xl2 from 172.16.0.228 to 202.57.14.1 keep state flags
>> S/SA queue (int_in)
>>
>> Gilberto
>>
>>
>> 2006/11/6, Muhammad Reza <[EMAIL PROTECTED]>:
>>> Dear All.
>>>
>>> I start with the simple rule set in my pf bridge machine to limit
>>> bandwidth 3Mbps from my server on lan to internet and from internet to
>>> my server on lan
>>> this my setup:
>>>
>>> Internet ---xl1 xl2---LAN
>>>
>>> and my pf.conf
>>>
>>> lan="172.16.0.0/24"
>>> #ALTQ at outgoing interface to limit traffic 3 MBps from lan to internet
>>> altq on xl1 bandwidth 100% cbq queue {int_out,dflt_out}
>>> queue int_out bandwidth 3Mb
>>> queue dflt_out bandwidth 16Kb cbq (default)
>>> #ALTQ at lan interface to limit traffic 3 MBps from internet to lan
>>> altq on xl2 bandwidth 100% cbq queue {int_in,dflt_in}
>>> queue int_in bandwidth 3Mb cbq (default)
>>> queue dflt_in bandwidth 16Kb
>>>
>>> block on xl1
>>> pass in on xl1 from any to $lan
>>> pass out on xl1 from $lan to any
>>> pass out log on xl1 from 172.16.0.228 to 202.57.14.1 keep state flags S/SA
>>> queue (int_out)
>>>
>>> block on xl2
>>> pass in on xl2 from $lan to any keep state
>>> pass out on xl2 from any to $lan keep state
>>> #pass out log on xl2 from 202.57.14.1 to 172.16.0.228 keep state flags
>>> S/SA queue (int_in)
>>>
>>> I have done some test with iperf with no luck.
>>> Is there something wrong with this rule set to acompilished my need ?
>>> Please help
>>>
>>> Regards
>>> Reza
Reza,
you're really using just one queue:
> block on xl1
> pass in on xl1 from any to $lan
> pass out on xl1 from $lan to any
> pass out log on xl1 from 172.16.0.228 to 202.57.14.1 keep state
flags S/SA queue (int_out)
As $lan is 172.16/24 rule number 3 (which goes to queue dflt_out)
catches all the packets you're wanting for queue int_out.
HTH,
Volker
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
