Thank for your help.After I change pf.conf I can't connect to internet from local network machine. If we want to shape incoming bandwidth it must shape on internal interface that connect to client in local network this done by limit out going bandwidth return to local network.Do I misunderstand something. But If we want shape incoming bandwidth that return to gateway machine not to local network above method will not work because it does not pass through internal interface.How to do it. Sorry for my englishThanks
> Date: Wed, 15 Nov 2006 13:26:09 +0100> From: [EMAIL PROTECTED]> To: > freebsd-pf@freebsd.org> Subject: Re: how to limit bandwidth for incoming > traffic that has destination to gateway itself> > You have to change from:> > pass out on $ext_if proto tcp from <LH> to <Ext> port ssh flags S/SAFR> > modulate state queue(std_out, iac_out)> pass out on $ext_if proto tcp from > <LH> to <Ext> port $iac_ports flags> S/SAFR modulate state queue(iac_out, > ack_out)> > to:> pass in on $ext_if proto tcp from <LH> to <Ext> port ssh > flags S/SAFR> modulate state queue(std_out, iac_out)> pass in on $ext_if > proto tcp from <LH> to <Ext> port $iac_ports flags S/SAFR> modulate state > queue(iac_out, ack_out)> > Since you are tracking state with S/SAFR that rule > can keep track only of> connetion initiated by $gateway itself.> If you use > in it will track the connection generated by outside peers.> > Don't confuse > the concept that ALTQ shapes only outgoing connections with> the keep state > one.> > Hopes it he lps.> _______________________________________________ _________________________________________________________________ Try Live.com - your fast, personalized homepage with all the things you care about in one place. http://www.live.com/getstarted _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
