[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Problems configuring ALTQ trying to limit emule bandwidth.



Hi,

I am trying to configure a simple firewall with nat and altq bandwidth control to limit some services (emule) and give higher priority to other services (web, dns and email).

What am I doing wrong?, emule sucks all the available bandwidth and adsl line is unsusable. As you can see I have tryed on the ext_if both cbq and priq but I dont get anything correct.

Thanks for your time.

#
#
ext_if="xl0"
int_if="xl1"
red_local="192.168.102.0/24"

# Ancho de banda de subida y bajada

caudal_bajada="512Kb"
caudal_subida="128Kb"

#
# Normalizar paquetes.
#
scrub in all

#
# Control de ancho de banda.
#

# Salida a Internet.
#altq on $ext_if priq bandwidth $caudal_subida queue { pri_out, sec_out, tcp_ack_out, std_out, emule_out }
#queue emule_out priority 0
#queue std_out priority 1 priq(default)
#queue sec_out priority 4
#queue pri_out priority 5
#queue tcp_ack_out priority 6


altq on $ext_if cbq bandwidth $caudal_subida queue { pri_out, sec_out, tcp_ack_out, std_out, emule_out }
queue emule_out priority 0 bandwidth 5%
queue std_out priority 1 cbq(default)
queue sec_out priority 4 bandwidth 60% cbq(borrow)
queue pri_out priority 5 bandwidth 60% cbq(borrow)
queue tcp_ack_out priority 7 cbq(borrow)


# Entrada a la red local.
altq on $int_if cbq bandwidth $caudal_bajada queue { pri_in, sec_in, emule_in, std_in }
queue std_in priority 1 bandwidth 5% cbq(default)
queue pri_in priority 5
queue sec_in priority 4
queue emule_in priority 0 bandwidth 5% cbq(ecn)


#
# NAT
#
nat on $ext_if from $red_local to any -> ($ext_if)

#
# FTP Proxy.
#
rdr on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port 8021

#
# Reglas de firewall.
#

# Internet
block in on $ext_if all
block out on $ext_if all
pass out on $ext_if inet proto tcp from ($ext_if) to any flags S/SA \
	keep state queue(std_out, tcp_ack_out)
pass out on $ext_if inet proto { udp icmp } from ($ext_if) to any keep state
pass out on $ext_if inet proto { tcp udp } from ($ext_if) to any port domain \
	keep state queue sec_out
pass out on $ext_if inet proto tcp from ($ext_if) to any port 22 \
	flags S/SA keep state queue(std_out, sec_out)
pass out on $ext_if inet proto tcp from any to any port { 25 80 110 143 } \
	      flags S/SA keep state queue(pri_out, tcp_ack_out)
pass out on $ext_if inet proto tcp from any port { 4661 4662 } to any \
	flags S/SA keep state queue emule_out
pass out on $ext_if inet proto tcp from any to any port { 4661 4662 } \
	keep state queue emule_out
#
# LAN
#

block in on $int_if all
pass in on $int_if from $red_local
block out on $int_if all
pass out on $int_if all
pass out on $int_if from any to $red_local
pass out on $int_if proto { tcp udp } from any port domain to $red_local queue sec_in
pass out on $int_if proto tcp from any port = 22 to $red_local queue sec_in
pass out on $int_if proto tcp from any port { 25 110 143 } to $red_local queue pri_in
pass out on $int_if proto tcp from any port = 80 to $red_local queue pri_in
pass out on $int_if proto tcp from any port { 4661 4662 } to $red_local queue emule_in