[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

More questions on ALTQ.



Hi,

I have being all the afternoon playing arround with ALTQ and I have finally done this configuration, I have a couple of doubts that I dont know if they make sense, first is the ALTQ percentages (check another message), my question is mainly regarding who ALTQ works.

My problem is... with this config I am only touching outgoing bandwidth, but isnt incoming bandwitdh automatically limited because of its relation to outgoing?, what should I modify to limit incoming traffic?.

Thanks for your time.

ext_if="xl0"
int_if="xl1"
loopback="lo0"

tcp_prioridad_7="{ 53 }"
tcp_prioridad_6="{ 22, 25, 80, 110, 143, 443 }"
tcp_prioridad_5="{ 20 21 }"

udp_prioridad_7="{ 53 }"

caudal_subida="128Kb"

# opciones
set block-policy return
set loginterface $ext_if

# Normalizar paquetes.
scrub in on $ext_if all fragment reassemble
scrub out on $ext_if all random-id

# Control de ancho de banda

altq on $ext_if cbq bandwidth $caudal_subida queue \
{ prioridad_7, prioridad_6, prioridad_5, prioridad_4, prioridad_3, prioridad_2, prioridad_1 }
queue prioridad_7 bandwidth 60% priority 7 cbq(red, borrow)
queue prioridad_6 bandwidth 60% priority 6 cbq(red, borrow)
queue prioridad_5 bandwidth 40% priority 5 cbq(red, borrow)
queue prioridad_1 priority 1 bandwidth 40% cbq(default)


#
# NAT y FTP-Proxy
#
nat on $ext_if from !($ext_if) -> ($ext_if)
rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021

#
# Bloqueamos por defecto.
#
pass quick on $loopback all
block log-all on $ext_if all
block out log-all quick on $ext_if from $int_if:network to any

#
# Interface Externo
#

pass out on $ext_if inet proto tcp from $ext_if to any port \
        $tcp_prioridad_7 modulate state queue prioridad_7

pass out on $ext_if inet proto tcp from $ext_if to any port \
        $tcp_prioridad_6 modulate state queue prioridad_6

pass out on $ext_if inet proto tcp from $ext_if to any port \
        $tcp_prioridad_5 modulate state queue prioridad_5

pass out on $ext_if inet proto udp from $ext_if to any port \
        $udp_prioridad_7 keep state queue prioridad_7

pass in on $ext_if inet proto tcp from any port 20 to $ext_if \
        port 50000 >< 65535 flags S/SAFR keep state

pass out on $ext_if inet proto tcp from $ext_if to any port > 1023 flags \
        S/AUPRFS modulate state queue prioridad_1