Hi list, I am trying to allocate bandwidth with cbq. I just want to allocate 80Kbps for a student. I do Not want him to borrow the bandwidth when it is available. I am on a 64 bit openbsd 4.8 stable.
**I went to the below URL. I studied *example 1* , Small, Home network http://www.openbsd.org/faq/pf/queueing.html and wrote my rules. But, I still can NOT allocate 80Kbps for the student, while downloading. it goes up whole a lot. here are my rules. ( em0 is ext_if and em1 is int_if ) # enable queueing on the external interface to control traffic going to # the Internet. use the priq scheduler to control only priorities. set # the bandwidth to 485Kbps to get the best performance out of the TCP # ACK queue. altq on em0 priq bandwidth 485Kb queue { std_out, ssh_im_out, dns_out, \ tcp_ack_out } # define the parameters for the child queues. # std_out - the standard queue. any filter rule below that does not # explicitly specify a queue will have its traffic added # to this queue. # ssh_im_out - interactive SSH and various instant message traffic. # dns_out - DNS queries. # tcp_ack_out - TCP ACK packets with no data payload. queue std_out priq(default) queue ssh_im_out priority 4 priq(red) queue dns_out priority 5 queue tcp_ack_out priority 6 # enable queueing on the internal interface to control traffic coming in # from the Internet. use the cbq scheduler to control bandwidth. max # bandwidth is 2Mbps. altq on em1 cbq bandwidth 2Mb queue { std_in, ssh_im_in, dns_in, student_in } # define the parameters for the child queues. # std_in - the standard queue. any filter rule below that does not # explicitly specify a queue will have its traffic added # to this queue. # ssh_im_in - interactive SSH and various instant message traffic. # dns_in - DNS replies. # student_in - bandwidth reserved for the workstation. # queue std_in bandwidth 1.6Mb cbq(default) queue ssh_im_in bandwidth 200Kb priority 4 queue dns_in bandwidth 120Kb priority 5 queue student_in bandwidth 80Kb cbq clienttcpports="{ 21, 80, 8080, 443 }" clientudpports="{ 53 }" # FTP-Proxy anchor "ftp-proxy/*" pass in quick on $int_if proto tcp from $lan_net to any port 21 \ flags S/SA keep state rdr-to 127.0.0.1 port 8021 # Squid Redirect pass in quick on $int_if proto tcp from $lan_net to any port { 80 8080 } \ flags S/SA keep state rdr-to 127.0.0.1 port 3128 # filter rules block in log block out log #pass out log keep state antispoof quick for { lo $int_if ext_if } pass in log on $int_if inet proto udp from $lan_net to !$int_if \ port $clientudpports keep state pass in log on $int_if inet proto tcp from $lan_net to !$int_if \ port $https flags S/SA keep state pass out log on $ext_if inet proto udp from $ext_if to any \ port $clientudpports keep state queue dns_out pass out log on $ext_if inet proto tcp from $ext_if to any \ port $clienttcpports flags S/SA modulate state queue(std_out, tcp_ack_out) pass out on $int_if proto udp from port $clientudpports to $student_pc \ queue dns_in pass out on $int_if proto tcp from port $clienttcpports to $student_pc \ queue student_in there are some more rules. I think the given rules are enough.. any ideas? -- Thank you Indunil Jayasooriya
