Helo list,
Im using similar ( diffrence in bandwidth ) altq configuration in pf on my
fw boxes.On one obsd3.9 it's working fine on second obsd3.8 altq does not
work properly ( it assgin any traffic only to default queue ) My setup is as
follow:
lan-- [obsd3.8] ----- [obs3.9]----sdsl
|
adsl
obsd3.9 :
...
altq on $if_adsl priq bandwidth 496Kb queue { ftp_adsl, ssh_vienna,
std_adsl, mail_adsl, icmp, ack_adsl }
altq on $if_sdsl priq bandwidth 1984Kb queue { ftp_sdsl, std_sdsl,
im_ssh_out, icmp, ack_sdsl }
queue ftp_adsl priority 0
queue ssh_vienna priority 1
queue std_adsl priority 2 priq(default)
queue mail_adsl priority 6
queue ftp_sdsl priority 0
queue std_sdsl priority 1 priq(default)
queue im_ssh_out priority 8 priq(red)
queue icmp priority 10
queue ack_adsl priority 15
queue ack_sdsl priority 15
....
#rules for outgoining connections
pass out quick on $if_sdsl proto tcp from any to any port $ssh flags S/SA
keep state queue (im_ssh_out, ack_sdsl)
pass out quick on $if_sdsl proto tcp from any to any port $serv_sdsl flags
S/SA keep state queue (std_sdsl, ack_sdsl) label "aim/https/gg: $nr"
pass out on $if_sdsl proto tcp from any to any flags S/SA keep state queue
(std_sdsl, ack_sdsl)
pass out quick on $if_adsl proto tcp from any to any port $ftp flags S/SA
keep state queue (ftp_adsl, ack_adsl)
pass out quick on $if_adsl proto tcp from any to any port $mail flags S/SA
keep state queue (mail_adsl, ack_adsl)
pass out on $if_adsl proto tcp from any to any flags S/SA keep state queue
(std_adsl, ack_adsl)
pass out on { $if_adsl, $if_sdsl } proto { udp, icmp } from any to any keep
state
$sudo pfctl -vsq
queue ftp_adsl priority 0
[ pkts: 92 bytes: 7195 dropped pkts: 0 bytes: 0
]
[ qlength: 0/ 50 ]
queue ssh_in
[ pkts: 0 bytes: 0 dropped pkts: 0 bytes: 0
]
[ qlength: 0/ 50 ]
queue std_adsl priority 2 priq( default )
[ pkts: 15501 bytes: 2569793 dropped pkts: 0 bytes: 0
]
[ qlength: 0/ 50 ]
queue mail_adsl priority 6
[ pkts: 979 bytes: 1235023 dropped pkts: 0 bytes: 0
]
[ qlength: 0/ 50 ]
queue ftp_sdsl priority 0
[ pkts: 0 bytes: 0 dropped pkts: 0 bytes: 0
]
[ qlength: 0/ 50 ]
queue std_sdsl priq( default )
[ pkts: 6183 bytes: 4418834 dropped pkts: 0 bytes: 0
]
[ qlength: 0/ 50 ]
queue im_ssh_out priority 8 priq( red )
[ pkts: 47 bytes: 6874 dropped pkts: 0 bytes: 0
]
[ qlength: 0/ 50 ]
queue icmp priority 10
[ pkts: 0 bytes: 0 dropped pkts: 0 bytes: 0
]
[ qlength: 0/ 50 ]
queue icmp priority 10
[ pkts: 0 bytes: 0 dropped pkts: 0 bytes: 0
]
[ qlength: 0/ 50 ]
queue ack_adsl priority 15
[ pkts: 60398 bytes: 2892252 dropped pkts: 0 bytes: 0
]
[ qlength: 0/ 50 ]
queue ack_sdsl priority 15
[ pkts: 2032 bytes: 124540 dropped pkts: 0 bytes: 0
]
[ qlength: 0/ 50 ]
---------------------------
obsd 3.8
i put out outgoing bandwidth as a sum of adsl and sdsl line
ssh ="{ 22, 443 }"
www = "80"
.........
altq on $if_ext bandwidth 2570Kb priq queue { std, web, secure, tcp_ack }
queue std priority 1 priq(default)
queue web priority 6
queue secure priority 8
queue tcp_ack priority 15
.......
#allow for any traffic from external interfaces tcp
pass out quick on $if_ext proto tcp from any to any port $ssh flags S/SA
keep state queue (secure, tcp_ack)
pass out quick on $if_ext proto tcp from any to any port $www flags S/SA
keep state queue (web, tcp_ack)
pass out on $if_ext proto tcp all keep state queue (std, tcp_ack)
................
$sudo pfctl -vsq
queue std priq( default )
[ pkts: 2601 bytes: 316940 dropped pkts: 0 bytes: 0
]
[ qlength: 0/ 50 ]
queue web priority 6
[ pkts: 0 bytes: 0 dropped pkts: 0 bytes: 0
]
[ qlength: 0/ 50 ]
queue secure priority 8
[ pkts: 0 bytes: 0 dropped pkts: 0 bytes: 0
]
[ qlength: 0/ 50 ]
queue tcp_ack priority 15
[ pkts: 0 bytes: 0 dropped pkts: 0 bytes: 0
]
[ qlength: 0/ 50 ]
And whatever i would do it assign traffic to default queue , i also tried
to comment out
"pass out on $if_ext proto tcp all keep state queue (std, tcp_ack) " line
but it did not force to use diffren queue for web and ssh traffic
Perhaps one of You were using such setup or had similar issues and would
like to share with experience.
Thanks in advance
Jacek
