Hi All, Need help. 128 Kb router link to the internet. OpenBSD connect to the router on ste2. (100Mb link) OpenBSD 100Mb internal link ste0. Running Squid on the OpenBSD. Listening on port 3128 Running Web server on the OpenBSD. Running named on the OpenBSD.
It seem that the internal users consumed all the bandwidth for http. where I will like to have spare bandwidth: 32 Kb for smtp, ssh. 32 Kb for others ftp, ftp-data 64 Kb for http and https access. Any suggestion are very appreciate. Thx Firewall configuration (running OpenBSD 3.9) ext_if="ste2" int_if="ste0" fwix="222.124.1.1" fw_ip="172.16.1.2" apin_net="172.16.0.0/24" proxy="3128" int2fw="ssh smtp pop3" ix2fw="ssh" fw2ix_www="www https" fw2ix_oth="ssh smtp" fw2ix_ftp="ftp ftp-data" ext2fw="www https ssh smtp " table <spamd> persist table <spamd-white> persist set skip on { lo $int_if } scrub in all altq on $ext_if cbq bandwidth 128Kb queue { std_fw, www_fw, ftp_fw } queue std_fw bandwidth 32Kb cbq(default borrow) queue www_fw bandwidth 64Kb cbq(borrow) queue ftp_fw bandwidth 32Kb cbq(borrow) nat-anchor "ftp-proxy/*" rdr-anchor "ftp-proxy/*" binat on $ext_if from $fw_ip to any -> $fwix rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021 rdr pass on $ext_if proto tcp from <spamd> to port smtp \ -> 127.0.0.1 port spamd rdr pass on $ext_if proto tcp from !<spamd-white> to port smtp \ -> 127.0.0.1 port spamd anchor "ftp-proxy/*" block in log all block out log all antispoof quick for { lo $int_if } pass in quick on $int_if proto tcp from $apin_net to $int_if \ port $proxy flags S/SA keep state pass in quick on $int_if proto tcp from $apin_net to $int_if \ port {$int2fw} flags S/SA keep state pass in quick on $int_if proto udp from $apin_net to $int_if port domain \ keep state pass in on $ext_if proto tcp to ($ext_if) port {$ix2fw} keep state pass in log on $ext_if proto tcp to ($ext_if) port smtp keep state pass out on $ext_if proto icmp to any keep state pass out on $ext_if proto udp to any port domain keep state pass out on $ext_if proto tcp to any port {$fw2ix_www} \ flags S/SA keep state queue www_fw pass out on $ext_if proto tcp to any port {$fw2ix_oth} \ flags S/SA keep state queue www_oth pass out on $ext_if proto tcp to any port {$fw2ix_ftp} \ flags S/SA keep state queue www_ftp Best regards, Riwan