Hello!
My LAN (10.51.0.0/16) is behind OpenBSD router with pf.
vlan2 - external interface, vlan621 - internal.
In order to count traffic from Internet to LAN and vice versa with pflow
I need to use states on internal interface vlan621. But when states are enabled
then queues do not work. My current config of pf:
TRANSLATION RULES:
nat on vlan2 inet proto tcp from 10.51.109.16/29 to any -> 193.200.84.226
nat on vlan2 inet proto tcp from 10.51.109.40/29 to any -> 193.200.84.226
nat on vlan2 inet proto udp from 10.51.109.16/29 to any -> 193.200.84.226
nat on vlan2 inet proto udp from 10.51.109.40/29 to any -> 193.200.84.226
nat on vlan2 inet proto icmp from 10.51.109.16/29 to any -> 193.200.84.226
nat on vlan2 inet proto icmp from 10.51.109.40/29 to any -> 193.200.84.226
FILTER RULES:
block drop in all
pass in quick on vlan2 proto tcp from any to (vlan2) port = ssh flags S/SA keep
state (if-bound)
pass out quick on vlan2 all flags S/SA keep state (if-bound)
pass in quick on vlan2 all no state
pass in quick on vlan621 inet from 10.51.109.16/29 to any flags S/SA keep state
(if-bound, pflow)
pass out quick on vlan621 inet from any to 10.51.109.16/29 no state queue
to_Akim
pass in quick on vlan621 inet from 10.51.109.40/29 to any flags S/SA keep state
(if-bound, pflow)
pass out quick on vlan621 inet from any to 10.51.109.40/29 no state queue
to_Gonta
ALTQ:
queue root_em0 on em0 bandwidth 1Gb priority 0 {DEFQ, to_Customers}
queue DEFQ on em0 bandwidth 100Mb hfsc( default )
queue to_Customers on em0 bandwidth 10Mb {to_Akim, to_Gonta}
queue to_Akim on em0 bandwidth 512Kb hfsc( upperlimit 512Kb )
queue to_Gonta on em0 bandwidth 512Kb hfsc( upperlimit 512Kb )
With this configuration pflow works, but queues - do not.
Is there a way to get both pflow and queuing enabled on the same interface?
Thanks in advance.
--
MINO-RIPE
