Re: altq on 2 interface

2006-11-09 Thread Stuart Henderson 
On 2006/11/08 21:56, Reza Muhammad wrote:
> My rule set still not working, as i'm expected to
> limit outgoing and incoming traffic pass to my pf
> machine act as an bridge .
..
> pass out log on xl1 from 172.16.0.228 to 202.57.14.1
> keep state flags S/SA queue (int_out)

this creates a state for traffic from 172.16.0.228 and it's
responses. traffic matching the state is tagged with the queue
name int_out. only traffic sent out of xl1 is queued, there is
no matching queue for xl2 so it's unrestricted on xl2.

> pass out log on xl2 from 202.57.14.1 to 172.16.0.228
> keep state flags S/SA queue (int_in)

this creates a state for traffic from 202.57.14.1 and it's
responses. traffic matching the state is tagged with the queue
name int_in. only traffic sent out of xl2 is queued, there is
no matching queue for xl1 so it's unrestricted on xl2.

I think you want this instead: (not tested beyond checking
that the syntax is valid, but I think it should work).

-- -- -- -- -- -- --
  altq on xl1 bandwidth 100% cbq queue {int,dflt}
  queue int on xl1   bandwidth 3Mb
  queue dflt on xl1  bandwidth  16Kb cbq (default)

  altq on xl2 bandwidth 100% cbq queue {int,dflt}
  queue int on xl2   bandwidth 3Mb
  queue dflt on xl2  bandwidth 16Kb cbq (default)

  pass out log on xl1 from 172.16.0.228 to 202.57.14.1 \
   keep state flags S/SA queue (int)

  pass out log on xl2 from 202.57.14.1 to 172.16.0.228 \
   keep state flags S/SA queue (int)
-- -- -- -- -- -- --

"int on xl1" and "int on xl2" are different queues, but
just referred to by "int" when you assign traffic to them.

Re: altq on 2 interface

2006-11-09 Thread Stuart Henderson 
On 2006/11/09 10:13, Stuart Henderson wrote:
> this creates a state for traffic from 172.16.0.228 and it's

aargh, s/it's/its/ :(

altq on 2 interface

2006-11-08 Thread Reza Muhammad 
Hi list..


My rule set still not working, as i'm expected to
limit outgoing and incoming traffic pass to my pf
machine act as an bridge .

altq on xl1 bandwidth 100% cbq queue
{int_out,dflt_out}
queue int_out   bandwidth 3Mb
queue dflt_out  bandwidth  16Kb cbq (default)

altq on xl2 bandwidth 100% cbq queue {int_in,dflt_in}
queue int_in   bandwidth 3Mb
queue dflt_in  bandwidth 16Kb cbq (default)

pass out log on xl1 from 172.16.0.228 to 202.57.14.1
keep  state flags S/SA queue (int_out)
pass out log on xl2 from 202.57.14.1 to 172.16.0.228
keep state flags S/SA queue (int_in)

if i only enabled altq on in one interface only (xl1
or xl2) , traffic limitation that i want is can be
done.

Is there something that can be done with ALTQ and PF
or my rule is bad ???

please.

Reza 



 
__
Sponsored Link

Talk more and pay less. Vonage can save you up to $300 a year on your phone 
bill. 
Sign up now. http://www.vonage.com/startsavingnow/