Em 08-10-2015 05:36, Christer Solskogen escreveu:
> I'm having a bit trouble understanding match rules and priorities. I
> have a lot of traffic on other ports than http and https, but I want
> to have top priority on them instead of the others.
>
> So I have these rules:
> match proto tcp to port { ftp, http, https, 3129 } set prio 7
> match proto tcp from port { ftp, http, https, 3129 } set prio 7
>
> Do I need them both? And where in pf.conf should they be? I've tried
> having them on top, and on bottom, but still I get very low speeds for
> downloads on http.
You are mixing things. First of all, ftp goes through OpenBSD's
ftp-proxy. So you should prioritize packets leaving it, not coming from
the machines. Fortunately, ftp-proxy can apply a tag to its packets, so
it should be easy to set a priority on them. Port 3129 is some proxy,
I'm betting on squid, right? Same issue as the ftp-proxy, you should
prioritize the packets leaving it. Perhaps by using the user directive
of pf?
As for direct http and https connections, you can prioritize them,
but keep in mind that you can only queue on the outgoing. Also, you can
set the priority passing two of them, so packets with lowdelay TOS and
empty acks can go to a higher priority, hence improving your interactive
browsing and your downloads.
Cheers,
Giancarlo Razzolini
