OpenBSD 3.9 i386, using pf/altq
I have a nat/firewall box running here, with our cable internet
(6mbps/1mbps) on the external interface and our lan (100mbps) on
the internal interface. I'm attempting to assign outbound traffic
from an internal IP (10.0.0.243 in this case) to 1% of the total
queue. I feel like I'm missing something really obvious here. If
anyone can tell me what I'm doing wrong I would *really*
appreciate it.
Traffic is being assigned to the nick_int queue, and inbound
(from the internet to the lan) traffic is being limited... to my
surprise. That doesn't even make any sense to me.
No traffic is being assigned to nick_ext at all.. everything is
showing up on the default queue (other) instead.
I'm using 'pfctl -vvs queue' to check whether any traffic is
being assigned to a queue and using my own IP for $nick_net to
test.
related text from my pf.conf:
=============================
ext_if = xl1
int_if = xl0
nick_net = "10.0.0.243"
set block-policy drop
set state-policy if-bound
altq on $ext_if cbq bandwidth 950Kb queue { nick_ext, other }
queue nick_ext bandwidth 1% priority 1 cbq
queue other bandwidth 99% priority 7 cbq(default, borrow)
altq on $int_if cbq bandwidth 8Mb queue { all_in, nick_int }
queue all_in bandwidth 99% priority 7 cbq(default)
queue nick_int bandwidth 1% priority 1 cbq
nat on $ext_if from $int_if:network to any -> ($ext_if)
block drop all
pass in on $int_if from $int_if:network to any keep state
pass out on $int_if from any to $int_if:network keep state queue
all_in
pass out on $ext_if from any to any keep state queue other
pass in quick on $int_if from $nick_net to any keep state queue
nick_int
pass out quick on $ext_if from $nick_net to any keep state queue
nick_ext
=============================
Have I set this up completely wrong or am I just missing
something? I've assigned traffic based on the external
interface's local port successfully before, but if I take that
same rule and specify an internal IP then no traffic is assigned
at all.
--
Joel
[rootrider]
