pf.conf

Milan Lysa Milan.Lysa at progeo.cz
Thu Dec 15 10:40:31 CET 2005

Previous message: sysinstall-nastaveni sitovky
Next message: pftop -v queue (Was: Re: pf.conf)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dobry den,
Prosbicka, která se Subj. okrajove tyka - pokud mate nakonfigurovan PF, funguje vam pftop -v queue?
Mne to zobrazuje vsechny states, jakoby to nefungovalo.

Milan

> -----Original Message-----
> From: users-l-bounces at freebsd.cz [mailto:users-l-bounces at freebsd.cz]On
> Behalf Of Marian Cerny
> Sent: Thursday, December 15, 2005 9:59 AM
> To: FreeBSD mailing list
> Subject: Re: pf.conf
> 
> 
> On 2005-12-15 08:42 +0100, Cizek.Milan wrote:
> > Ahoj,
> > treba na teto (i jinych strankach) strance
> > http://www.muine.org/~hoang/openpf.html to tak delaji. Ten 
> tvuj zapis
> > je mi tez povedomy, ale nechapu jak pracuje, resp. jak by to melo
> > vypadat, pokud tam tech priorit budes vic, pro dalsi 
> protokoly. Proto
> > jsem usiloval o zprovozneni te moji varianty, pripada mi 
> logictejsi a
> > snadnejsi.
> 
> No, skusenosti s tym pf velmi nemam, ale ten tvoj guide je 
> "last update:
> Oct 20, 2003", takze predpokladam, ze sa to od vtedy asi 
> nejako zmenilo.
> 
> Ja som cital tento guide: http://www.openbsd.org/faq/pf/
> 
> Po par hodinach hrania som z toho vyprodukoval tento konfigurak:
> 
> ext_if="xl0"
> int_if="rl0"
> jabber_ports="{ 5522 5523 }"
> 
> scrub in all
> 
> altq on $int_if cbq bandwidth 4Mb queue { ssh, bulk }
>         queue ssh bandwidth 10% priority 5 cbq(borrow) { dns, 
> jabber, icmp }
>                 queue icmp bandwidth 20% priority 4
>                 queue dns bandwidth 40% priority 3
>                 queue jabber bandwidth 40% priority 2
>         queue bulk bandwidth 80% cbq(default red)
> 
> altq on $ext_if priq bandwidth 256Kb queue { bulk_out, ssh_out }
>         queue bulk_out priq(default)
>         queue ssh_out priority 4
> 
> nat on $ext_if from $int_if:network to any -> $ext_if
> 
> block in  all
> block out all
> 
> pass quick on lo0
> 
> pass in  on $int_if all
> pass out on $int_if all
> 
> # external
> pass out on $ext_if proto tcp all modulate state
> pass out on $ext_if proto udp keep state
> pass out on $ext_if proto icmp keep state queue icmp
> pass out on $ext_if proto tcp to any port ssh modulate state 
> queue(bulk_out, ssh_out)
> 
> pass in  on $ext_if proto tcp to $ext_if port ssh modulate state
> 
> #internal
> pass out on $int_if proto tcp from any port ssh queue(bulk, ssh)
> pass out on $int_if proto { tcp, udp } from any port domain queue dns
> pass out on $int_if proto tcp from any port $jabber_ports queue jabber
> 
> Nejake zlozite mi to neprislo. Proste sa na spravnom mieste 
> vytvoria fronty
> (queues) a potom pri filtrovani paketov sa na koniec moze 
> pridat, do ktorej
> fronty sa to ma zaradit (inac to ide do default).
> 
> BTW: ten moj konfigurak neber za vzorovy priklad, skusenosti 
> s pf & altq velke
> nemam, ale mne to bezi a som spokojny. Mal by robit to, ze 
> uprednostnuje ssh
> (ale nie scp) pred inym trafficom + naviac dns, icmp a jabber.
> 
> Jo, a niekde som sa docital, ze altq bezi lepsie s HZ=1000 v 
> kerneli, co mozem
> potvrdit. 5.4 ma default 100, 6.0 ma myslim uz default 1000.
> 
> -- 
> Marian Cerny <jojo at matfyz.cz>
> Jabber: jojo at njs.netlab.cz

Previous message: sysinstall-nastaveni sitovky
Next message: pftop -v queue (Was: Re: pf.conf)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users-l mailing list