Problem PF and HFSC
budsz
budiyt at gmail.com
Fri Jul 3 17:24:49 UTC 2009
Hello,
I try to use PF under FreeBSD 7.2-STABLE. Here my config file:
# Variable global
ifint0="rl0"
ifext0="rl1"
ipcl = "{ 192.168.100.1, 192.168.100.2, 192.168.100.3, 192.168.100.4,
192.168.100.5, \
192.168.100.6, 192.168.100.7, 192.168.100.8, 192.168.100.11,
192.168.100.12, \
192.168.100.100 }"
ipunlimit = "{ !192.168.1.0/30, !192.168.100.200 }"
scrub in all
altq on $ifint0 hfsc bandwidth 1Mb queue { downstream }
queue downstream bandwidth 10% priority 0 hfsc (upperlimit 99% default)
altq on $ifext0 hfsc bandwidth 256Kb queue { upstream }
queue upstream bandwidth 10% priority 0 hfsc (upperlimit 99% default)
# Outgoing traffic (Downstream banwidth)
pass out quick on $ifint0 from $ipunlimit to $ipcl queue (downstream)
# Incoming traffic (Upstream bandwidth)
pass out quick on $ifext0 from $ipcl to $ipunlimit queue (upstream)
This several my problem after I tested:
1. Why PF can't limit incoming traffic in one interface. Let's say on rl0:
pass out quick on $ifint0 from $ipunlimit to $ipcl queue (downstream)
pass in quick on $ifint0 from $ipcl to $ipunlimit queue (upstream)
2. For list $ipunlimit (192.168.1.0/30 and 192.168.100.200 ) still get limit.
I wanna traffic from/to (192.168.1.0/30 and 192.168.100.200 )
to/from pccl _not_ limit, because that's for www/ssh local LAN.
3. I need suggestion for that rule. My purpose is link share for 11 IP
address (downstream/upstream), so if saturate traffic reached.
The clients still get guaranty with 10% of total bandwidth (About
100KB downstream and 253.44Kb upstream for each other).
Thanks for your time.
--
budsz
More information about the freebsd-pf
mailing list