i start experimenting with alt-q ,and manage to make a nice test config.
my box has 3 LAN interfaces, but i am playing atm only with one network.
i manage to get the trafic that comes from the internet to each machine
nicely as i want it.
the global out speed to internet is set to 256Kbs.
while each machine is set with 1Mbit out
but the outspeed stays at the 256kbs ,and not the values i want,so my
question, what is wrong with my config ?
below my current pf.conf
######## START CONFIG ##########
#
ext_if = "fxp0"
int0_if = "re0"
int2_if = "rl0"
int3_if = "rl1"
#
localnet0 ="192.168.0.0/24"
localnet2 ="192.168.2.0/24"
localnet3 ="192.168.3.0/24"
#
blockedport ="{21,25,53,80,110,119, 2128}"
openport ="{ 21,25,110,8002,45631 }"
#
table <firewall> persist file "/etc/table/firewall.table"
#
# extern -> intern IF-0
altq on $int0_if cbq bandwidth 1000Mb queue /
{ std0_in, core_in, soep_in, global0_in, server2_in }
queue std0_in bandwidth 15Mb priority 1 cbq(default)
queue global0_in bandwidth 192Kb cbq
queue core_in bandwidth 2024Kb cbq
queue soep_in bandwidth 1024Kb cbq
queue server2_in bandwidth 512Kb cbq
#
#
# intern -> extern
altq on $ext_if cbq bandwidth 10Mb queue /
{ std_ext , lan_ext ,core_ext, soep_ext, server2_ext }
queue std_ext bandwidth 6Mb cbq(default)
queue lan_ext bandwidth 256Kb cbq
queue core_ext bandwidth 1024Kb cbq
queue soep_ext bandwidth 1024Kb cbq
queue server2_ext bandwidth 512Kb cbq
#
match out on egress inet from !(egress) to any nat-to (egress:0)
#
block in on $ext_if all
block quick on $ext_if proto {tcp,udp} from <firewall> to any port /
$blockedport
antispoof for $ext_if inet
#
# Local servers (mail / ftp / other)
pass in quick on $ext_if proto { tcp,udp } from any to $ext_if port /
$openport rdr-to 192.168.0.254
# traffic from localnet0 to internet
pass out on $ext_if keep state queue lan_ext
pass out on $ext_if from 192.168.0.238 keep state queue core_ext
pass out on $ext_if from 192.168.0.227 keep state queue soep_ext
pass out on $ext_if from 192.168.0.254 keep state queue server2_ext
# Traffic from internet to localnet0 (this block work correct)
pass in on $int0_if from $localnet0 keep state queue global0_in
pass in on $int0_if from 192.168.0.238 keep state queue core_in
pass in on $int0_if from 192.168.0.227 keep state queue soep_in
pass in on $int0_if from 192.168.0.254 keep state queue server2_in
########## END CONFIG ############
simply sayd.
i dont want a global CAP on outgoing trafic.
each machine should have his own CAP on outgoing trafic.
any advice ?
