Problem s ALTQ. Prosim pomozte. (Ladislav Jerabek)

Jeřábek Ladislav mixicek at seznam.cz
Thu Jan 15 13:53:50 CET 2004

Previous message: 5.2 RELEASE + IPFILTER
Next message: Problem s ALTQ. Prosim pomozte. (Ladislav Jerabek)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dobrý den.

 

            V první rade bych Vam moc rad podekoval, ze mi nabízíte pomoc.
Moc si toho vazim. Dekuji.

 

            Ja jsem do ted zadny skript napsany nemel. Jen jsem testoval co
pfctl vsechno umi a cetl jsem si odzacatku dokumentaci a zkousel všechny
funkce. A u CBQ jsem se zarazil. Nechce mi fungovat. Tak jsem si z
dokumentace zkopíroval skript a ten Vám tady zkopíruji, který mi také nechce
fungovat:

 

# enable queueing on the external interface to control traffic going to

# the Internet. use the priq scheduler to control only priorities. set

# the bandwidth to 610Kbps to get the best performance out of the TCP

# ACK queue.

 

altq on xl0 priq bandwidth 610Kb queue { std_out, ssh_im_out, dns_out, \

    tcp_ack_out }

 

# define the parameters for the child queues.

# std_out      - the standard queue. any filter rule below that does not

#                explicitly specify a queue will have its traffic added

#                to this queue.

# ssh_im_out   - interactive SSH and various instant message traffic.

# dns_out      - DNS queries.

# tcp_ack_out  - TCP ACK packets with no data payload.

 

queue std_out     priq(default)

queue ssh_im_out  priority 4 priq(red)

queue dns_out     priority 5

queue tcp_ack_out priority 6

 

# enable queueing on the internal interface to control traffic coming in

# from the Internet. use the cbq scheduler to control bandwidth. max

# bandwidth is 2Mbps.

 

altq on wi1 cbq bandwidth 2Mb queue { std_in, ssh_im_in, dns_in, bob_in }

 

# define the parameters for the child queues.

# std_in      - the standard queue. any filter rule below that does not

#               explicitly specify a queue will have its traffic added

#               to this queue.

# ssh_im_in   - interactive SSH and various instant message traffic.

# dns_in      - DNS replies.

# bob_in      - bandwidth reserved for Bob's workstation. allow him to

#               borrow.

 

queue std_in    cbq(default)

queue ssh_im_in priority 4

queue dns_in    priority 5

queue bob_in    bandwidth 80Kb cbq(borrow)

 

# ... in the filtering section of pf.conf ...

alice         = "10.24.28.2"

bob           = "10.24.28.3"

charlie       = "10.24.28.4"

local_net     = "10.24.28.0/24"

ssh_ports     = "{ 22 2022 }"

im_ports      = "{ 1863 5190 5222 }"

 

# filter rules for fxp0 inbound

block in on xl0 all

 

# filter rules for xl0 outbound

block out on xl0 all

pass  out on xl0 inet proto tcp from (xl0) to any flags S/SA \

    keep state queue(std_out, tcp_ack_out)

pass  out on xl0 inet proto { udp icmp } from (xl0) to any keep state

pass  out on xl0 inet proto { tcp udp } from (xl0) to any port domain \

    keep state queue dns_out

pass  out on xl0 inet proto tcp from (xl0) to any port $ssh_ports \

    flags S/SA keep state queue(std_out, ssh_im_out)

pass  out on xl0 inet proto tcp from (xl0) to any port $im_ports \

    flags S/SA keep state queue(ssh_im_out, tcp_ack_out)

 

# filter rules for wi1 inbound

block in on wi1 all

pass  in on wi1 from $local_net

 

# filter rules for wi1 outbound

block out on wi1 all

pass  out on wi1 from any to $local_net

pass  out on wi1 proto { tcp udp } from any port domain to $local_net \

    queue dns_in

pass  out on wi1 proto tcp from any port $ssh_ports to $local_net \

    queue(std_in, ssh_im_in)

pass  out on wi1 proto tcp from any port $im_ports to $local_net \

    queue ssh_im_in

pass  out on wi1 from any to $bob queue bob_in

 

Poraďte prosím co dělám špatně? Děkuji. Ladislav Jeřábek

Previous message: 5.2 RELEASE + IPFILTER
Next message: Problem s ALTQ. Prosim pomozte. (Ladislav Jerabek)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users-l mailing list