If that's what you meant, isn't that behavior normal? Considering that (as
the PF user's guide puts it):
"Note that queueing is only useful for packets in
the outbound direction. Once a packet arrives on an interface in the
inbound direction it's already too late to queue it -- it's already
consumed network bandwidth to get to the interface that just received
it."
[Joe PC] -- [OpenBSD box] -- Internet,
limit of 100Kbs (simetrical 100Kbs) speaking of bits, and not bytes. So I
do the needed rules on pf.conf to make Joe get only 100Kbs of the
interface in OpenBSD box serving Joe PC.
If, from Joe PC, I get a file by ftp from the OpenBSD box, I get exactly
what I want, the 100Kb limit. (at the same time I'm not doing anything
with the net, like browsing or getting mail...)
If, from Joe PC, I put a file by ftp to OpenBSD box, then the problem
appears, and the speed ups in a factor of 40x. If I change the bandwidth
value on altq rule of pf.conf, then the speed of put a file on OpenBSD
box also changes, but is 40 times more speed. I mean, I want simetrical
100Kbs limit on the interface to Joe PC, can I have this setting?
When Joe downloads _from_ the OpenBSD box, then queuing is involved (and
seems to work in your case) because the majority of data (FTP data) is
being sent *out* of the OpenBSD box (hence, in the outbound direction from
the point of view of the interface) and therefore _is_ subject to your
queueing parameters.
When Joe uploads _to_ the OpenBSD box, then queueing is _not_ involved
since the data is coming _in_ to the box, and ALTQ cannot shape _incoming_
traffic.
The way I see it, the only way for you to shape traffic symmetrically in
both directions is to run your FTP server on another machine than the
OpenBSD one, make sure that traffic between Joes' box and the FTP server
gets _routed_ via the OpenBSD box, and apply your queue on the "Joe-side"
interface and on the "FTP-side" interface. That way, you'll be shaping the
traffic going from Joe's to the FTP box as well since the FTP traffic from
Joe's uploads will be shaped at the egress interface when the packets are
moving from the OpenBSD box towards the FTP server.
Hope this helps,
-Martin
