Stuart Henderson wrote:
I have a problem with altq on OpenBSD 4.4 firewall, but I can not be
properly understood how altq works.
...
I have attached my pf.conf
this is way too complicated for you to get a good understanding
of how altq works.
please start with something simpler.
I have tried with home network sample on aopenbsd's faq altq without luck.
Is this rule perhaps catching your traffic?
pass out quick on egress inet proto tcp from $ext_if to !
<Internal_Networks> port { http smtp ssh } flags S/SA $ms tag fw_to_inet
No. When I download some iso image, traffic is catched by this rule:
pass in on $lan_if inet from $savannah to ! <All_Internal_Networks> flags S/SA
$ks tag prodlan_to_inet.
I have tried to apply a queue to this rule, but result is the same. Bandwidth
isn't restricted.
If so, you should queue this, too.
also note you can queue the _inbound_ packets, which will associate
a queue with the state table entry, then the queue of this name will
be used when those packets are sent _out_.
Thanks Stuart. But I have tried to do the same using queues on inbound rules
without luck
You could monitor the traffic with pftop for a traffic match/rule analysis.
many of the views from pftop are also available in systat
(in the base OS) these days.
see "systat queues", "systat rules", "systat pf" etc.
--
CL Martinez
carlopmart {at} gmail {d0t} com
