is this logically correct ?
Sorry for reposting but as no one answered , i need to confirm urgent. here is my first traffic shaping pf.conf file .. although there werent any syntax mistakes but can you have a look to it see if there is any logical mistake ? would be very greatfull regards intif=epic0 intnet=10.0.0.0/16 extif=fxp0 extad=192.168.0.2/32 chadd=10.0.0.1/32 servers=10.0.0.2, 10.0.0.3, 10.0.0.4, 10.0.0.5, 10.0.0.6 mailserver=10.0.0.2 vip=10.0.0.5 ports = 21 22 25 53 80 110 119 123 143 443 554 1755 1863 3389 5000 5001 5050 51 00 5190 6667 11999 allif={$extif, intif} table allowedclients persist file /etc/allowedclients table blockedclients persist file /etc/blockedclients scrub in all altq on $extif cbq bandwidth 500Kb queue { def, msn, www, https, smtp, ssh, ftp } queue ftp bandwidth 10% cbq(borrow red) queue www bandwidth 30% cbq(borrow red) queue https bandwidth 30% cbq(borrow red) queue ssh bandwidth 10% cbq(borrow red) queue def bandwidth 10% cbq(default borrow red) queue smtp bandwidth 10% cbq nat on $extif inet proto {tcp, udp } from allowedclients to any port { $ports } - $extad rdr on $intif proto tcp from allowedclients to any port 80 - $chadd port 8080 rdr on $extif proto tcp from any to $extad port 25 - $mailserver port 25 rdr on $extif proto tcp from any to $extad port 80 - $mailserver port 80 pass out on $extif inet proto { tcp, udp } from allowedclients to any port { $ports } pass in on extif proto tcp from allowedclients to any port msn queue msn pass in on extif proto tcp from allowedclients to any port ssh queue ssh pass in on extif proto tcp from allowedclients to any port www queue https pass in on extif proto tcp from allowedclients to any port www queue www pass in on extif proto tcp from allowedclients to any port smtp queue smtp pass in on extif proto tcp from allowedclients to any port ftp queue ftp pass out on extif inet proto udp from any to allowedclients port msn queue msn pass out on extif inet proto udp from any to allowedclients port ssh queue ssh pass out on extif inet proto udp from any to allowedclients port www queue htt ps pass out on extif inet proto udp from any to allowedclients port www queue www pass out on extif inet proto udp from any to allowedclients port smtp queue sm tp pass out on extif inet proto udp from any to allowedclients port ftp queue ftp *B:B$., B8B8,.B$B:*B(B(B(*B$ Stingray *B:B$., B8B8,.B$B:*B(B(*B$
Re: is this logically correct ?
On Aug 15, 2006, at 1:17 PM, S t i n g r a y wrote: Sorry for reposting but as no one answered , i need to confirm urgent. here is my first traffic shaping pf.conf file .. although there werent any syntax mistakes but can you have a look to it see if there is any logical mistake ? I suspect that nobody has replied because they're tired of proofing your ruleset every time you make a change. This is the ~15th time you've asked the list to review your pf.conf in the last 3 months. At some point you need to trust your own skills. -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Re: is this logically correct ?
On 8/15/06, S t i n g r a y [EMAIL PROTECTED] wrote: Sorry for reposting but as no one answered , i need to confirm urgent. here is my first traffic shaping pf.conf file .. although there werent any syntax mistakes but can you have a look to it see if there is any logical mistake ? would be very greatfull regards intif=epic0 intnet=10.0.0.0/16 extif=fxp0 extad=192.168.0.2/32 chadd=10.0.0.1/32 servers=10.0.0.2, 10.0.0.3, 10.0.0.4, 10.0.0.5, 10.0.0.6 mailserver=10.0.0.2 vip=10.0.0.5 ports = 21 22 25 53 80 110 119 123 143 443 554 1755 1863 3389 5000 5001 5050 51 00 5190 6667 11999 allif={$extif, intif} table allowedclients persist file /etc/allowedclients table blockedclients persist file /etc/blockedclients scrub in all altq on $extif cbq bandwidth 500Kb queue { def, msn, www, https, smtp, ssh, ftp } queue ftp bandwidth 10% cbq(borrow red) queue www bandwidth 30% cbq(borrow red) queue https bandwidth 30% cbq(borrow red) queue ssh bandwidth 10% cbq(borrow red) queue def bandwidth 10% cbq(default borrow red) queue smtp bandwidth 10% cbq nat on $extif inet proto {tcp, udp } from allowedclients to any port { $ports } - $extad rdr on $intif proto tcp from allowedclients to any port 80 - $chadd port 8080 rdr on $extif proto tcp from any to $extad port 25 - $mailserver port 25 rdr on $extif proto tcp from any to $extad port 80 - $mailserver port 80 pass out on $extif inet proto { tcp, udp } from allowedclients to any port { $ports } pass in on extif proto tcp from allowedclients to any port msn queue msn pass in on extif proto tcp from allowedclients to any port ssh queue ssh pass in on extif proto tcp from allowedclients to any port www queue https pass in on extif proto tcp from allowedclients to any port www queue www pass in on extif proto tcp from allowedclients to any port smtp queue smtp pass in on extif proto tcp from allowedclients to any port ftp queue ftp pass out on extif inet proto udp from any to allowedclients port msn queue msn pass out on extif inet proto udp from any to allowedclients port ssh queue ssh pass out on extif inet proto udp from any to allowedclients port www queue htt ps pass out on extif inet proto udp from any to allowedclients port www queue www pass out on extif inet proto udp from any to allowedclients port smtp queue sm tp pass out on extif inet proto udp from any to allowedclients port ftp queue ftp *B:B$., B8B8,.B$B:*B(B(B(*B$ Stingray *B:B$., B8B8,.B$B:*B(B(*B$ shouldn't allif={$extif, intif} be allif={$extif, $intif} If you want to verify the queues, install pftop (in the ports) and check the Queue View when you have a bit of traffic to see if they are being added to the correct one. cheers ste