[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Problem with altq cbq queuing.. please assist?



Hi
I'm sharing a connection and I'm trying to set aside bandwidth for some
users. Here is the pftop -v queue log
QUEUE                            BANDW SCH  PRIO     PKTS    BYTES
DROP_P   DROP_B QLEN   BORROW SUSPENDS     P/S     B/S
std_out                                priq           350    55249
0        
dns_out                               priq    4        6      464
0        
games_out                           priq    5      461    25566        0
ssh_out                                priq    6        0        0
0        
tcp_ack_out                         priq    7        0        0        0
root_xl0                           10M cbq     0      657   104572
0        
 std_in                             7M cbq            657   104572
0                
 luke_in                            1M cbq              0        0
0        
 pete_in                            1M cbq              0        0
0        
 nick_in                            1M cbq              0        0
0        
As you can see the priq outbound queues work, But I can't get the cbq to
work for inbound connections. All connections just go to the default
queue.
Here is my pf.conf -> love to hear your thoughts, I've tried everything!
# cat /etc/pf.conf
# macros
int_if = "xl0"
ext_if = "xl1"
tcp_services = "{ 22, 113, 5050, 443, 80 }"
udp_services = "{ 443, 5050 }"
icmp_types = "echoreq"
priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }"
luke = "192.168.0.15"
nick = "192.168.0.49"
pete = "192.168.0.20"
myth = "192.168.0.253"
obsd = "192.168.0.250"
games = "{ 6112:6119, 4711, 29900:29901, 1024:1124, 1500:4999, 27900,
28910, 16567, 55123:55125, 27910, 27960, 4000, 27020:27050, 1200,
27000:27015 }"
# options
set block-policy return
set loginterface $ext_if
set optimization aggressive
# scrub
scrub in all
scrub out on $ext_if all random-id
#prioritization
#outbound
altq on $ext_if priq bandwidth 10Mb queue { std_out, web_req, dns_out,
games_out, ssh_out, tcp_ack_out }
queue std_out priq(default)
queue web_req priority 3
queue dns_out priority 4
queue games_out priority 5
queue ssh_out priority 6
queue tcp_ack_out priority 7
#inbound
altq on $int_if cbq bandwidth 10Mb queue { std_in, luke_in, pete_in,
nick_in }
queue std_in     bandwidth 70% cbq(default borrow ecn)
queue  luke_in    bandwidth 10% cbq(borrow ecn)
queue  pete_in    bandwidth 10% cbq(borrow ecn)
queue  nick_in    bandwidth 10% cbq(borrow ecn)
# nat/rdr
nat on $ext_if from $int_if:network to any -> ($ext_if) static-port
rdr on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port 8021
rdr on $int_if proto tcp from any to any port www -> 127.0.0.1 port 3128
rdr on $ext_if proto { tcp, udp } from any to any port 443 -> $int_if
port 22
rdr on $ext_if proto { tcp, udp } from any to any port www -> $myth port
www
# filter rules
block log all
pass quick on lo0 all
#stop spoofing
block drop in  quick on $ext_if from $priv_nets to any
block drop out quick on $ext_if from any to $priv_nets
#pass rules
pass in on $ext_if proto tcp from port 20 to ($ext_if) user proxy flags
S/SA keep state
pass in on $ext_if proto tcp from any to any port $tcp_services modulate
state flags S/SA
pass in on $ext_if proto udp from any to any port $udp_services keep
state
#allow icmp
pass in inet proto icmp all icmp-type $icmp_types keep state
#allow all traffic to and from lan
pass in  on $int_if from $int_if:network to any keep state
pass out on $int_if from any to $int_if:network keep state
pass out on $int_if from any to $luke keep state queue luke_in
pass out on $int_if from any to $pete keep state queue pete_in
pass out on $int_if from any to $nick keep state queue nick_in
#let internal traffic access external using queues defined above
pass out on $ext_if proto tcp all modulate state flags S/SA queue
(std_out, tcp_ack_out)
pass out on $ext_if proto { udp, icmp } all keep state queue std_out
pass out on $ext_if proto tcp from any to any port www modulate state
queue web_req
pass out on $ext_if proto { tcp udp } from any to any port domain keep
state queue dns_out
pass out on $ext_if proto { tcp udp } from any to any port $games keep
state queue games_out
pass out on $ext_if proto tcp from any to any port ssh modulate state
queue ssh_out
pass out on $ext_if proto esp all keep state