logo       
<prev   next>

traffic shapeing (again): msg#00159

Subject: traffic shapeing (again) 
Mai jos este pf.conf al meu. Si are urmatoarea problema nu trec toate
packetele prin coada  (ex. eu am un trafic cam de 20-21 kB/s iar prin
coada trece ceva la modul ...vezi mai jos :) ) adica cam 6 kB/s

pfctl -vvsq

queue root_rl0 bandwidth 960Kb priority 0 cbq( wrr root ) {q_extern, q_metro, 
q_fast}
  [ pkts:      19774  bytes:    3486105  dropped pkts:      0 bytes:      0 ]
  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]
  [ measured:    47.8 packets/s, 45.79Kb/s ]
queue  q_extern bandwidth 320Kb priority 5 cbq( borrow ) {q_down, q_up}
  [ pkts:          0  bytes:          0  dropped pkts:      0 bytes:      0 ]
  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]
  [ measured:     0.0 packets/s, 0 b/s ]
queue   q_down bandwidth 200Kb priority 5 cbq( red ecn borrow )
  [ pkts:       5828  bytes:    2488311  dropped pkts:      0 bytes:      0 ]
  [ qlength:   0/ 50  borrows:      4  suspends:      0 ]
  [ measured:    12.2 packets/s, 25.74Kb/s ]
queue   q_up bandwidth 120Kb priority 4
  [ pkts:       1317  bytes:      98786  dropped pkts:      0 bytes:      0 ]
  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]
  [ measured:     4.7 packets/s, 3.24Kb/s ]
queue  q_metro bandwidth 584Kb priority 4 cbq( borrow default )
  [ pkts:       3346  bytes:     196602  dropped pkts:      0 bytes:      0 ]
  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]
  [ measured:     8.1 packets/s, 3.84Kb/s ]
queue  q_fast bandwidth 56Kb priority 7 cbq( borrow )
  [ pkts:       9283  bytes:     702406  dropped pkts:      1 bytes:    106 ]
  [ qlength:   0/ 50  borrows:    190  suspends:      0 ]
  [ measured:    22.9 packets/s, 12.97Kb/s ]


pf.conf


#macros
int_if = "rl0"
ext_if = "xl0"
tcp_services = "{ 22 }"
port_redir = "{ 6969, 7070, 7171, 7272 }"
icmp_types = "echoreq"
priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }"
comp_eu = "192.168.1.50"
table <metro> persist file "/etc/metro"


#options
set block-policy return
set loginterface $ext_if

#scrub
scrub in all

altq on $int_if cbq  bandwidth 960Kb queue {q_metro, q_extern, q_fast}
  queue q_extern bandwidth 320Kb priority 5 cbq(borrow) {q_down, q_up}
    queue q_down bandwidth 200Kb priority 5 cbq(ecn borrow)
    queue q_up bandwidth 120Kb priority 4
  queue q_metro bandwidth 584Kb priority 4 cbq(default borrow)
  queue q_fast bandwidth 56Kb priority 7 cbq(borrow)

#nat/rdr
nat on $ext_if from $int_if:network to any -> {$ext_if}
rdr on $ext_if proto { tcp, udp } from any to any \
  port $port_redir -> $comp_eu
###############################ftp
rdr on $ext_if proto tcp from any to any port 9009 -> $comp_eu port 9009
rdr on $ext_if proto tcp from any to any port 49000:50000 \
  -> $comp_eu port 49000:50000
###############################ftp



#filter rules

block all

##########################
#pass quick on $ext_if all
#pass quick on $int_if all
##########################

pass quick on lo0 all
block drop in quick on $ext_if from $priv_nets to any
block drop out quick on $ext_if from any to $priv_nets

pass in on $ext_if from <metro> to any tag METRO_D keep state
pass in on $ext_if from !<metro> to any tag EXTERN_D keep state
pass in on $int_if from any to <metro> tag METRO_U keep state
pass in on $int_if from any to !<metro> tag EXTERN_U keep state

pass in on $ext_if inet proto tcp from any to {$ext_if} \
  port $tcp_services flags S/SA keep state
pass in on $int_if inet proto tcp from any to {$int_if} \
  port $tcp_services flags S/SA keep state
pass in on $ext_if inet proto { tcp, udp } from any to {$ext_if} \
  flags S/SA keep state

pass in on $ext_if proto { tcp, udp } from any to $comp_eu \
  port $port_redir flags S/SA keep state

################ftp
pass in on $ext_if proto tcp from any to $comp_eu port 49000><50000 keep state
pass in on $ext_if proto tcp from any to $comp_eu port 9009 keep state
pass out on $int_if proto tcp from any to $comp_eu port 9009 keep state
pass out on $int_if proto tcp from any to $comp_eu port 49000><50000 keep state
################ftp



pass in inet proto icmp all icmp-type $icmp_types keep state

pass in on $int_if from $int_if:network to any tagged METRO_U keep state \
  queue (q_metro, q_fast)
pass in on $int_if from $int_if:network to any tagged EXTERN_U keep state \
  queue (q_up, q_fast)
pass out on $int_if from any to $int_if:network tagged METRO_D keep state \
  queue (q_metro, q_fast)
pass out on $int_if from any to $int_if:network tagged EXTERN_D keep state \
  queue (q_down, q_fast)


pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { icmp, udp } all keep state


  

-- 
Best regards,
 raducu                          
mailto:raducu-64YZGDW6l2Rhl2p70BpVqQ@xxxxxxxxxxxxxxxx
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: JAIL, Claudiu Dragalina-Paraipan
Next by Date:  REQ: Hosting in Bucuresti pentru noul server ROFUG, Adrian Penisoara
Previous by Thread:  traffic shapeing, raducu
Next by Thread:  REQ: Hosting in Bucuresti pentru noul server ROFUG, Adrian Penisoara
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
News | FAQ | advertise