[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Prioritizing empty TCP ACKs with pf and ALTQ with exemptions?



> > My problem is, I cant figure out how to exclude traffic to/from the
> > FreeBSD
> > and the Windows 2000 Server.. Does anyone have an idea how to
> > accomplish
> > this?
>
> altq on $ext_if cbq queue { q_servers, q_outside }
> queue q_servers priority 0
> queue q_outside priority 7 bandwidth 205Kb { q_pri, q_def }
> queue  q_pri priority 7 queue  q_def priority 1 cbq(default)
>
> pass out on $ext_if proto tcp from any to $servers flags S/SA \
>           keep state queue q_servers
> ...
>
> The priorities on q_servers and q_outside are intended to
> keep traffic to the two servers from flooring traffic to the
> internet at large.
> The reasons for cbq are independent bandwidth specification
> and nested queues.
Ok, great, thanks for your help! But I can't get it to work :(
Or, well, it works, in a way. The prioritizing of empty TCP ACKS stops to
work, the bandwith to the servers are running at 10mbit again.
Am I doing anything wrong here?
Ruleset:
# Macros: define common values, so they can be referenced and changed
easily.
ext_if="fxp0"   # replace with actual external interface name i.e., dc0
int_if="em0"    # replace with actual internal interface name i.e., dc1
lo_if="lo0"
internal_net="10.0.0.0/24"
external_addr="62.101.234.175/32"
bjarne="10.0.0.2/32"
erik="10.0.0.10/32"
buk="10.0.0.20/32"
# Normalization: reassemble fragments and resolve or reduce traffic
ambiguities.
scrub in all
# Tables: similar to macros, but more flexible for many addresses.
table <servers> { 62.101.234.169/32, 62.101.234.242/32 }
# ACK queues
altq on $ext_if cbq queue { q_servers, q_outside }
queue q_servers priority 0
queue q_outside priority 7 bandwidth 210Kb { q_pri, q_def }
queue q_pri priority 7
queue q_def priority 1 cbq(default)
# Enable NAT
nat on $ext_if from $internal_net to any -> ($ext_if)
# Filtering
#
# ALTQ Tuning
pass out on $ext_if proto tcp from any to any flags S/SA \
        keep state queue q_outside
pass in on $ext_if proto tcp from any to $ext_if flags S/SA \
        keep state queue q_outside
pass out on $ext_if proto tcp from any to <servers> flags S/SA \
        keep state queue q_servers
pass in on $ext_if proto tcp from <servers> to $ext_if flags S/SA \
        keep state queue q_servers