[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

altq on adsl link shared



Hello folks, 
	i have adsl link 512kbps downstream and 256kbps upstream... my link is shared to 12 pc's ... 
	what i change 60kbps upstream to each clients ? .. 
	and limit p2p upload too if possible..
	ex: 
		192.168.254.2 -> 300kbps downstream and 60kbps upstream
		192.168.254.3 -> 300kbps downstream and 60kbps upstream
		...
		192.168.254.13 -> 300kbps downstream and 60kbps upstream
	downstream is ok with altq.. but upstream not, because I don't know what I change it with priq acks
	my big problem is a p2p ( down and up ) and my upstream
	my max priority is http and mail (pop3 and smtp)
	my OpenBSD version is 3.6
	my pf.conf:
# ---------------------
# Configuracao generica
# ---------------------
set optimization normal
set block-policy return
set require-order yes
scrub in all
scrub out all
scrub all fragment reassemble random-id no-df
# ---------
# Variaveis
# ---------
if_ext = "tun0"
if_int = "dc1"
downld = "600Kb"
upload = "300Kb"
dns_srv = "{ 200.176.2.10/32, 200.241.231.2/32, 200.175.182.139/32 }"
# -------
# Tabelas
# -------
table <hosts>           persist file "/etc/hosts.ips"
 -------
# Cotrole de banda
# -------
# upload com prioridade para acks
altq on $if_ext priq bandwidth $upload \
        queue { def_in, ack, src_in }
queue def_in    priority 1      priq(default)
queue ack       priority 7
queue src_in    priority 9
# download
altq on $if_int cbq bandwidth $downld \
        queue { def_out, clientes }
queue def_out   bandwidth 10%   priority 5      cbq(default)
queue clientes  bandwidth 90%   priority 3      cbq(borrow ecn) { 300lnk }
queue 300lnk    bandwidth 300Kb
# -------------
# Regras de NAT
# -------------
nat on $if_ext from <hosts> to any -> ($if_ext)
# -------------
# Regras de Firewall
# -------------
block in on $if_int from <hosts> to any         
antispoof for { $if_int, $if_ext }                                      
block drop in quick on $if_ext from any to 255.255.255.255              
block drop in quick on { $if_int, $if_ext } inet6 all                   
block drop in quick on { $if_int, $if_ext } from any os { NMAP }        
pass in on $if_int proto udp from <hosts> to any keep state queue def_out       # udp
pass in on $if_ext proto udp from any to <hosts> keep state queue src_in        # udp
pass out on $if_ext proto tcp from $if_ext to any flags S/SA keep state queue ( def_in, ack )   # SYN-ACK
pass in on $if_ext proto tcp from any to $if_ext flags S/SA keep state queue ( def_in, ack )    # SYN-ACK
# -------------
# Liberando acesso aos clientes
# -------------
pass in on $if_int from 192.168.254.2 to any keep state queue 300lnk
pass in on $if_int from 192.168.254.15 to any keep state queue 300lnk
pass in on $if_int from 192.168.254.11 to any keep state queue 300lnk
pass in on $if_int from 192.168.254.20 to any keep state queue 300lnk
pass in on $if_int from 192.168.254.13 to any keep state queue 300lnk
pass in on $if_int from 192.168.254.17 to any keep state queue 300lnk
pass in on $if_int from 192.168.254.16 to any keep state queue 300lnk
pass in on $if_int from 192.168.254.12 to any keep state queue 300lnk
____________________________________
hosts.ips file have 192.168.254.0/24 line
Thanks folks..
Lucas M. de Freitas a.k.a rootfield