Re: pf + altq syntax check plz

2006-07-02 Thread Jason Dixon 

On Jul 2, 2006, at 11:38 AM, S t i n g r a y wrote:

I am configuring altq & pf for the first time , & have a few  
problems here ..


well i need to traffic shape between diffrent protocols as you can  
see in my pf.conf


now i am stuck & confused what to do next as i have built this file  
with diffrent ref from web.


the im is the most common Instant messengers protocoles can you  
tell me how to make it right ?


also when running hte file as it is i get pfctl: SIOCGIFMTU: Device  
not configured error.


what does this mean ?


That error means it doesn't recognize the device you've referenced.   
In your altq line you have "extif" which does not exist in any of the  
macros you've listed.



extad="192.168.0.6/32"
chadd="10.0.0.6/32"
scrub in all
altq on extif hfsc bandwidth 500Kb \
queue { www, dns, im, mail, other}
queue www bandwidth (linkshare 35%)
queue dns bandwidth (linkshare 10%)
queue im bandwidth (linkshare 25%)
queue mail bandwidth (linkshare 10%)
queue other hfsc (default)
rdr on $intif proto tcp from $intad to any port 80 -> $chadd port 8080
nat on $extif inet from $intad -> $extad
pass out on $extif inet proto { icmp, udp, tcp } keep state


First, I would stop using hfsc and just use priority queueing  
(priq).  All you're trying to do is prioritize services.  HFSC is an  
advanced algorithm that is certainly overkill for your use.  You  
don't list your devices, so I'm going to pretend you're using em  
(4).  Here is a revised version of yours that should work (not  
tested), with a bonus tossed in for free (ack prioritization).  I've  
removed IM protocols;  they are easy enough for you to insert them  
once you understand the concepts and know *which* IM protocols you  
wish to prioritize.


# Define our macros
ext_if="em0"
int_if="em1"
extadd="192.168.0.6"
chadd="10.0.0.6"
www_ports="{ http, https }"
mail_ports="{ pop3, pop3s, imap, imaps, smtp }"

# Normalization
scrub in all

# Queueing
altq on $ext_if priq bandwidth 500Kb queue { other, mail, www, dns,  
ack }

   queue other priq(default)
   queue mail priority 2
   queue www priority 3
   queue dns priority 5
   queue ack priority 6

# Translation
rdr on $int_if proto tcp from ($int_if:network) to any port http ->  
$chadd port 8080

nat on $ext_if inet from ($int_if:network) to any -> $chadd

# Filtering
block in on $ext_if all
pass out on $ext_if inet proto { icmp, udp } all keep state queue other
pass out on $ext_if inet proto tcp all keep state queue(other, ack)
pass out on $ext_if inet proto { tcp, udp } from any to any port  
domain keep state queue dns
pass out on $ext_if inet proto tcp from ($int_if:network) to any port  
$www_ports keep state queue www
pass out on $ext_if inet proto tcp from ($int_if:network) to any port  
$mail_ports keep state queue mail



HTH.

--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net

Re: pf + altq syntax check plz

2006-07-02 Thread Jeff Quast 

On 7/2/06, S t i n g r a y <[EMAIL PROTECTED]> wrote:

I am configuring altq & pf for the first time , & have a few problems here ..

well i need to traffic shape between diffrent protocols as you can see in my 
pf.conf

now i am stuck & confused what to do next as i have built this file with 
diffrent ref from web.

the im is the most common Instant messengers protocoles can you tell me how to 
make it right ?

also when running hte file as it is i get pfctl: SIOCGIFMTU: Device not 
configured error.

what does this mean ?

thanks


extad="192.168.0.6/32"
chadd="10.0.0.6/32"
scrub in all
altq on extif hfsc bandwidth 500Kb \

altq on $extif hfsc bandwidth 500Kb

queue { www, dns, im, mail, other}
queue www bandwidth (linkshare 35%)
queue dns bandwidth (linkshare 10%)
queue im bandwidth (linkshare 25%)
queue mail bandwidth (linkshare 10%)
queue other hfsc (default)
rdr on $intif proto tcp from $intad to any port 80 -> $chadd port 8080
nat on $extif inet from $intad -> $extad
pass out on $extif inet proto { icmp, udp, tcp } keep state




regards


 *B:B$., B8B8,.B$B:*B(B(B(*B$ Stingray *B:B$., B8B8,.B$B:*B(B(*B$



That's your immediate answer for the immediate problem at hand. There
is probably a lot more problems. Maybe you should start with priq and
cbq first.

pf + altq syntax check plz

2006-07-02 Thread S t i n g r a y 
I am configuring altq & pf for the first time , & have a few problems here ..

well i need to traffic shape between diffrent protocols as you can see in my 
pf.conf

now i am stuck & confused what to do next as i have built this file with 
diffrent ref from web.

the im is the most common Instant messengers protocoles can you tell me how to 
make it right ?

also when running hte file as it is i get pfctl: SIOCGIFMTU: Device not 
configured error.

what does this mean ?

thanks


extad="192.168.0.6/32"
chadd="10.0.0.6/32"
scrub in all
altq on extif hfsc bandwidth 500Kb \
queue { www, dns, im, mail, other}
queue www bandwidth (linkshare 35%)
queue dns bandwidth (linkshare 10%)
queue im bandwidth (linkshare 25%)
queue mail bandwidth (linkshare 10%)
queue other hfsc (default)
rdr on $intif proto tcp from $intad to any port 80 -> $chadd port 8080
nat on $extif inet from $intad -> $extad
pass out on $extif inet proto { icmp, udp, tcp } keep state




regards 


 *B:B$., B8B8,.B$B:*B(B(B(*B$ Stingray *B:B$., B8B8,.B$B:*B(B(*B$