pf.conf + altq problem

Tue Nov 7 04:54:34 UTC 2006

Dear All.

I start with the simple rule set in my pf bridge machine to limit
bandwidth 3Mbps  from my server on lan to internet and from internet to
my server on lan 
this my setup:

Internet ---xl1 xl2---LAN

and my pf.conf

lan="172.16.0.0/24"
#ALTQ at outgoing interface to limit traffic 3 MBps from lan to internet
altq on xl1 bandwidth 100% cbq queue {int_out,dflt_out}
queue int_out       bandwidth 3Mb
queue dflt_out      bandwidth  16Kb cbq (default)
#ALTQ at lan interface to limit traffic 3 MBps from internet to lan
altq on xl2 bandwidth 100% cbq queue {int_in,dflt_in}
queue int_in       bandwidth 3Mb   cbq (default)
queue dflt_in      bandwidth  16Kb

block on xl1
pass in on xl1  from any to $lan
pass out on xl1 from $lan to any
pass out log on xl1 from 172.16.0.228 to 202.57.14.1 keep  state flags S/SA queue (int_out)

block on xl2
pass in on xl2 from $lan to any keep state
pass out on xl2  from any to $lan  keep state
#pass  out  log on xl2 from 202.57.14.1 to 172.16.0.228 keep state flags S/SA queue (int_in)

I have done some test with iperf with no luck.
Is there something wrong with this rule set to acompilished my need ?
Please help

Regards
Reza