On 8/15/06, S t i n g r a y <[EMAIL PROTECTED]> wrote:
Sorry for reposting but as no one answered , & i need to confirm urgent.
here is my first traffic shaping pf.conf file .. although there werent any syntax
mistakes but can you have a look to it & see if there is any logical mistake ?
would be very greatfull
regards
intif="epic0"
intnet="10.0.0.0/16"
extif="fxp0"
extad="192.168.0.2/32"
chadd="10.0.0.1/32"
servers="10.0.0.2, 10.0.0.3, 10.0.0.4, 10.0.0.5, 10.0.0.6"
mailserver="10.0.0.2"
vip="10.0.0.5"
ports = "21 22 25 53 80 110 119 123 143 443 554 1755 1863 3389 5000 5001 5050 51
00 5190 6667 11999"
allif="{$extif, intif}"
table <allowedclients> persist file "/etc/allowedclients"
table <blockedclients> persist file "/etc/blockedclients"
scrub in all
altq on $extif cbq bandwidth 500Kb queue { def, msn, www, https, smtp, ssh, ftp
}
queue ftp bandwidth 10% cbq(borrow red)
queue www bandwidth 30% cbq(borrow red)
queue https bandwidth 30% cbq(borrow red)
queue ssh bandwidth 10% cbq(borrow red)
queue def bandwidth 10% cbq(default borrow red)
queue smtp bandwidth 10% cbq
nat on $extif inet proto {tcp, udp } from <allowedclients> to any port { $ports
} -> $extad
rdr on $intif proto tcp from <allowedclients> to any port 80 -> $chadd port 8080
rdr on $extif proto tcp from any to $extad port 25 -> $mailserver port 25
rdr on $extif proto tcp from any to $extad port 80 -> $mailserver port 80
pass out on $extif inet proto { tcp, udp } from <allowedclients> to any port {
$ports }
pass in on extif proto tcp from <allowedclients> to any port msn queue msn
pass in on extif proto tcp from <allowedclients> to any port ssh queue ssh
pass in on extif proto tcp from <allowedclients> to any port www queue https
pass in on extif proto tcp from <allowedclients> to any port www queue www
pass in on extif proto tcp from <allowedclients> to any port smtp queue smtp
pass in on extif proto tcp from <allowedclients> to any port ftp queue ftp
pass out on extif inet proto udp from any to <allowedclients> port msn queue msn
pass out on extif inet proto udp from any to <allowedclients> port ssh queue ssh
pass out on extif inet proto udp from any to <allowedclients> port www queue htt
ps
pass out on extif inet proto udp from any to <allowedclients> port www queue www
pass out on extif inet proto udp from any to <allowedclients> port smtp queue sm
tp
pass out on extif inet proto udp from any to <allowedclients> port ftp queue ftp
*B:B$., B8B8,.B$B:*B(B(B(*B$ Stingray *B:B$., B8B8,.B$B:*B(B(*B$
shouldn't allif="{$extif, intif}" be allif="{$extif, $intif}"
If you want to verify the queues, install pftop (in the ports) and
check the Queue View when you have a bit of traffic to see if they are
being added to the correct one.
cheers
ste
