Re: PF+ALTQ and real time monitoring

On Mon, 26 Aug 2013 14:24:12 -0400, Andres Chavez wrote: > Hi, can anyone tell me the best or at least the most used real time > bandwith monitoring tool, when using the PF+ALTQ solution please? > > thanks in advance. We use Graphite for the display of data received by statsd, we

PF+ALTQ and real time monitoring

Hi, can anyone tell me the best or at least the most used real time bandwith monitoring tool, when using the PF+ALTQ solution please? thanks in advance.

Re: PF altq and limiting traffic among multiple interfaces

| -Original Message- | From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On | Behalf Of Stuart Henderson | Sent: Wednesday, November 21, 2012 7:47 AM | To: misc@openbsd.org | Subject: Re: PF altq and limiting traffic among multiple interfaces | | On 2012-11-21, openbsd2012

Re: PF altq and limiting traffic among multiple interfaces

Thank you all for your reply. Breen, no - I really do not have, so limited bandwith like described below. However each time I started to download not even being close to my maximum bandwith, both ingress and egress traffic dropped for a while, maybe for 1 - 2 seconds then recovered, and again dropp

Re: PF altq and limiting traffic among multiple interfaces

for the insight! Breen -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Stuart Henderson Sent: Wednesday, November 21, 2012 7:47 AM To: misc@openbsd.org Subject: Re: PF altq and limiting traffic among multiple interfaces On 2012-11-21, openbsd20

Re: PF altq and limiting traffic among multiple interfaces

On 2012-11-21, openbsd2012 wrote: > In short, the problem with keeping state across interfaces (PF's > default) is that it makes it impractical, if not impossible, to > have packets in different queues on both your internal and external > network interfaces. To fix this, you need to configure PF

Re: PF altq and limiting traffic among multiple interfaces

Mikolaj, Before I get into this, do you really have a connection where your total bandwidth in both directions is pooled? If so you will need to modify my approach somewhat, as I've not been in that situation myself. For reference, my full rule set for my home network appears at the end of this

Re: PF altq and limiting traffic among multiple interfaces

I'm no pro (and I've never seen a connection that had a transfer cap applied to upstream+downstream), but if I was limited to 512 kb/s up+down, I'd want to: 1) Prioritize ACKs to limit getting hammered with retransmits 2) Throttle guests tightly but allow them to borrow from other queues; not too

PF altq and limiting traffic among multiple interfaces

Hi, Searched for this for a while. Found below old post, without answer. Is this actually possible to setup that way? > From http://marc.info/?l=openbsd-pf&m=112015092309886&w=2 > > List: openbsd-pf > Subject:Altq - limiting traffic among multiple interfaces > From: Jonathan Cam

Re: pf ALTQ bandwidth limited to a 32bit value (4294Mb)

Ermal, Thanks for the diff. When we tried it on FreeBSD 8.2-p2, ALTq would no long start. We also looked into the source under /usr/src/sys/contrib/altq/altq. Sadly, most of the changes we made either broke altq completely or had no effect. If you have any other ideas we would be happy to try th

Re: pf ALTQ bandwidth limited to a 32bit value (4294Mb)

On Wed, Jul 6, 2011 at 5:25 PM, Calomel Org wrote: > ALTQ using hfsc is limited to a maximum parent bandwidth of 4294Mb. > This value is 2^32 or 4,294,967,296 bits. If you set the bandwidth any > higher, altq will flip back to zero. This "bug" was found when trying > to test 10 gigabit and 40 giga

Re: pf ALTQ bandwidth limited to a 32bit value (4294Mb)

On Wed, Jul 06, 2011, Peter N. M. Hansteen wrote: > Calomel Org writes: > more scarce. In the slightly longer term, I'm sure a verified bug > report (with patches against -current code if feasible) would be much > appreciated. I would postpone making any diffs against altq for a little while. :

Re: pf ALTQ bandwidth limited to a 32bit value (4294Mb)

Calomel Org writes: > ALTQ using hfsc is limited to a maximum parent bandwidth of 4294Mb. > This value is 2^32 or 4,294,967,296 bits. If you set the bandwidth any > higher, altq will flip back to zero. This "bug" was found when trying > to test 10 gigabit and 40 gigabit bandwidth models. These te

pf ALTQ bandwidth limited to a 32bit value (4294Mb)

ALTQ using hfsc is limited to a maximum parent bandwidth of 4294Mb. This value is 2^32 or 4,294,967,296 bits. If you set the bandwidth any higher, altq will flip back to zero. This "bug" was found when trying to test 10 gigabit and 40 gigabit bandwidth models. These tests were done on OpenBSD 32bit

Re: pf, altq and interface groups

* Daniel Melameth [2010-05-22 03:58]: > I've considered migrating my macro-based interface names to interface > groups, but, it appears, altq does not grok interface groups--and pfctl > spits back a pfctl: SIOCGIFMTU: Device not configured when I try. Am I > missing something here? pf.conf's BNF

pf, altq and interface groups

I've considered migrating my macro-based interface names to interface groups, but, it appears, altq does not grok interface groups--and pfctl spits back a pfctl: SIOCGIFMTU: Device not configured when I try. Am I missing something here? pf.conf's BNF, it appears, says I'm not...

Re: pf, altq, packet rate

As stupid as it can sound, you could develop a protocol to make routers talk each other and say how much bandwith is available in between. I think there's no other really sane way of inbound traffic control. Dropper techniques are a cheap trick nice for little networks. Serious and big perform

Re: pf, altq, packet rate

Hello , In addition CDNR still has the "3 color marker", which, if slightly reworked,you can get a different dynamic shaper. For each color would be to set a speed, and switch between the colors would be implemented through traffic past in the ends of time. For example <10M

Re: pf, altq, packet rate

Hello , Today I felt CDNR in NetBSD-5 Works fine. No claims. Why write that does not work, I can not even guess. "I use in NetBSD-2, and NetBSD-5. It works without reproach. interface pvc1 conditioner pvc1 ef_cdnr > filter pvc1 ef_cdnr 0 0 172.16.4.176 0 0 > so, let's look at FreeBSD'

Re: pf, altq, packet rate

> we already do some mitigation for that in certain drivers. > $ cd /sys/dev; grep MCLGETI pci/* ic/* ... Oh, that's great to hear! I missed. 29 MAQ 2009 G. 13:28 POLXZOWATELX irix NAPISAL: > And then you're going to add a dropper ? You had to try "man MCLGETI" before asking here. At least. -- an

Re: pf, altq, packet rate

Hello , And then you're going to add a dropper ? > we already do some mitigation for that in certain drivers. > > $ cd /sys/dev; grep MCLGETI pci/* ic/* > pci/if_bge.c: MCLGETI(m, M_DONTWAIT, &sc->arpcom.ac_if, MCLBYTES); > pci/if_bge.c: MCLGETI(m, M_DONTWAIT, &sc->arpcom.ac_if, BGE_JLEN); >

Re: pf, altq, packet rate

On 2009-05-28, Anton Maksimenkov wrote: > 2009/5/28 SJP Lists : >> In other words, doing it on the incoming is pointless. Thus, as in >> your examples, the logic behind shaping only on the outbound. >> >> i.e.You can easily delay sending something you have, but you have >> little to no control ov

Re: pf, altq, packet rate

> I know this is an option, but forcing the resending of traffic doesn't > seem to be the most efficient method to me, when I could instead just > shape that same traffic when it leaves another interface. That's what I do, and that's how I know it can provide the benefit I claim, though that makes

Re: pf, altq, packet rate

Hello , > >>> But under dynamic queues, I understand, the creation of a large number of >> dynamic patterns. >>> For example creates template for the queue with an indication of the speed >> such as 512Kbit / s, >>> and then creates template for the filter of which you can >>> specify a subnet lik

Re: pf, altq, packet rate

2009/5/28 SJP Lists : > In other words, doing it on the incoming is pointless. Thus, as in > your examples, the logic behind shaping only on the outbound. > > i.e.You can easily delay sending something you have, but you have > little to no control over the ingress traffic of a link where only the

Re: pf, altq, packet rate

On Wed, May 27, 2009 at 10:44 PM, SJP Lists wrote: > I know this is an option, but forcing the resending of traffic doesn't > seem to be the most efficient method to me, when I could instead just > shape that same traffic when it leaves another interface. It's a horrible option, but it's what wa

Re: pf, altq, packet rate

2009/5/28 Johan Beisser : >> I was trying to highlight to irix that once traffic is received, it is >> too late to alter the bandwidth it already used coming in. >> >> In other words, doing it on the incoming is pointless. Thus, as in >> your examples, the logic behind shaping only on the outboun

Re: pf, altq, packet rate

> I was trying to highlight to irix that once traffic is received, it is > too late to alter the bandwidth it already used coming in. Dropping packets you've already received can have the impact of causing well-behaved hosts to back off when sending future packets. That's a useful result in itself

Re: pf, altq, packet rate

On 2009-05-27, irix wrote: > Assume that you are right and the traffic can Shape only outlet > for what purpose then in other projects (freebsd, linux, netbsd) > including the original altqd opportunity for shaping incoming traffic > via CDNR has been included? so, let's look at FreeBSD's manpag

Re: pf, altq, packet rate

2009/5/27 irix : > Hello Misc, > >> since queueing only happens at output, that's going to be totally >> useless. it's not just a question of how altq distinguishes traffic, >> you're asking to totally change how altq works. > > Okey, i see. But I can not understand why you are sure that traffic

Re: pf, altq, packet rate

On Wed, May 27, 2009 at 12:02 PM, SJP Lists wrote: > Thanks Lars and Johan, > > I was trying to highlight to irix that once traffic is received, it is > too late to alter the bandwidth it already used coming in. > > In other words, doing it on the incoming is pointless. Thus, as in > your exampl

Re: pf, altq, packet rate

2009/5/28 Johan Beisser : > On Wed, May 27, 2009 at 11:04 AM, SJP Lists wrote: >> How do you shape traffic that you have already received? Or to put it >> another way, how do you alter the past? > > I've always just assigned inbound traffic to the existing outbound > queues. My assumption is that

Re: pf, altq, packet rate

Hello , > * irix [2009-05-27 18:12]: >> But I can not understand why you are sure that traffic can only >> outlet Shape > > i can not understand why you want to shape outlets. > > you don't understand that inbound shaping doesn't work because you > have obviously no idea how the network stack wo

Re: pf, altq, packet rate

On Wed, May 27, 2009 at 11:04 AM, SJP Lists wrote: > How do you shape traffic that you have already received? Or to put it > another way, how do you alter the past? I've always just assigned inbound traffic to the existing outbound queues. My assumption is that the responding traffic would use t

Re: pf, altq, packet rate

SJP Lists wrote: > 2009/5/28 irix : > >> Okey, i see. But I can not understand why you are sure that traffic >> can only outlet Shape , You can say that's silly to try to Shape traffic > that came, >> but if it works it's worse than outgoing (if only for tcp) it is not >> stupid ? > > How do

Re: pf, altq, packet rate

2009/5/28 irix : > Okey, i see. But I can not understand why you are sure that traffic > can only outlet Shape , You can say that's silly to try to Shape traffic that came, > but if it works it's worse than outgoing (if only for tcp) it is not > stupid ? How do you shape traffic that you hav

Re: pf, altq, packet rate

* irix [2009-05-27 18:12]: > But I can not understand why you are sure that traffic can only > outlet Shape i can not understand why you want to shape outlets. you don't understand that inbound shaping doesn't work because you have obviously no idea how the network stack works. there is no suita

Re: pf, altq, packet rate

Hello Misc, > since queueing only happens at output, that's going to be totally > useless. it's not just a question of how altq distinguishes traffic, > you're asking to totally change how altq works. Okey, i see. But I can not understand why you are sure that traffic can only outlet Shape , Y

Re: pf, altq, packet rate

On 2009-05-27, irix wrote: > Hello Misc, > > Or may be remove from altq distinguish incoming traffic or outgoing. > What could box up to the queue as incoming and outgoing. since queueing only happens at output, that's going to be totally useless. it's not just a question of how altq distingu

Re: pf, altq, packet rate

2009/5/27, Henning Brauer : > may be someone better to do my laundry you mean you don't have a laundromat yet?

Re: pf, altq, packet rate

* irix [2009-05-27 06:14]: > May be someone better to write in a kind of pseudo device ifb may be someone better to do my laundry -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers,

Re: pf, altq, packet rate

Hello Misc, Or may be remove from altq distinguish incoming traffic or outgoing. What could box up to the queue as incoming and outgoing. -- Best regards, irix mailto:i...@ukr.net

Re: pf, altq, packet rate

Hello Misc, May be someone better to write in a kind of pseudo device ifb (The Intermediate Functional Block device) like in linux, so you can cheat altq. Redirect incoming traffic from the physical device (fxp0) to a device (ifb0) and that it passed altq traffic considered as originating

Re: pf, altq, packet rate

Hello Misc, Where i can find openbsd public roadmap ? * irix [2009-05-25 23:04]: > I want to ask, will be shortly removed cbq? > > And when which will be supplemented pf.conf (5) of hfsc more detail > and with examples ?? >the date and time of all future changes is in our public roadmap,

Re: pf, altq, packet rate

* irix [2009-05-25 23:04]: > I want to ask, will be shortly removed cbq? > > And when which will be supplemented pf.conf (5) of hfsc more detail > and with examples ?? the date and time of all future changes is in our public roadmap, with precision to the second. each roadmap entry also has t

Re: pf, altq, packet rate

On Mon, May 25, 2009 at 10:35 PM, Philip Guenther wrote: > 2009/5/25 irix : >> And it will be added to the main tree? > > Let's see, no code, no mention of license, and no demonstration that > it actually solves a/your problem. How can your question possibly be > answered? > > > Philip Guenther >

Re: pf, altq, packet rate

Hello Misc, Good, I understand your position, ok. I want to ask, will be shortly removed cbq? And when which will be supplemented pf.conf (5) of hfsc more detail and with examples ?? 2009/5/25 irix : > And it will be added to the main tree? >Let's see, no code, no mention of license, and

Re: pf, altq, packet rate

2009/5/25 irix : > And it will be added to the main tree? Let's see, no code, no mention of license, and no demonstration that it actually solves a/your problem. How can your question possibly be answered? Philip Guenther

Re: pf, altq, packet rate

Hello Misc, And it will be added to the main tree? * irix [2009-05-25 03:53]: > About add some queue disciplines, I agree with you. > But about completion of porting CNDR , about dynamic queues and about > packet rate limit per state your position is not clear. > > Why CNDR porting froze in

Re: pf, altq, packet rate

* irix [2009-05-25 03:53]: > About add some queue disciplines, I agree with you. > But about completion of porting CNDR , about dynamic queues and about > packet rate limit per state your position is not clear. > > Why CNDR porting froze in halfway, Why not bring to the end ? you are free to d

Re: pf, altq, packet rate

Hello Misc, About add some queue disciplines, I agree with you. But about completion of porting CNDR , about dynamic queues and about packet rate limit per state your position is not clear. Why CNDR porting froze in halfway, Why not bring to the end ? -- Best regards, irix

Re: pf, altq, packet rate

* irix [2009-05-24 08:20]: > Over the past six years, the project altq was not added any new > features. no. I don't really see a need to add anything. If anyone does (s)he's free to submit diffs. > Although the project is fully prepared to little. parser error > There is a shortage of

pf, altq, packet rate

Hello Misc, I was wondering when i can't find packet rate limiting per state in pf. Number of state's per src ip, found. State rate limiting found. And packet rate limiting per one state (or packet rate limiting at all) don't found. This function will be added ? The altq project

(Fwd) Re: pf-altq-bandwith_problem

interface ($int_if), then do a ftp transfer to the gateway ( the > >> one with the PF+ALTQ) and time the put and get transfers with a > >> large file. > >> > >> When I get a download time of 3 minutes, the upload is of 10 > >> seconds... :s > > > &g

Re: pf-altq-bandwith_problem

If that's what you meant, isn't that behavior normal? Considering that (as the PF user's guide puts it): "Note that queueing is only useful for packets in the outbound direction. Once a packet arrives on an interface in the inbound direction it's already too late to queue it -- it's alread

Re: pf-altq-bandwith_problem

Martin Gignac escribis: I will try, thanks for the info. Just to make sure I'm not dealing with a bug can anyone try this??... just set a global limit to a interface ($int_if), then do a ftp transfer to the gateway ( the one with the PF+ALTQ) and time the put and get transfers with a

Re: pf-altq-bandwith_problem

I will try, thanks for the info. Just to make sure I'm not dealing with a bug can anyone try this??... just set a global limit to a interface ($int_if), then do a ftp transfer to the gateway ( the one with the PF+ALTQ) and time the put and get transfers with a large file. When I

Re: pf-altq-bandwith_problem

limit to a interface ($int_if), then do a ftp transfer to the gateway ( the one with the PF+ALTQ) and time the put and get transfers with a large file. When I get a download time of 3 minutes, the upload is of 10 seconds... :s Thanks for your time. -Jesus

Re: pf-altq-bandwith_problem

On 2008-05-18, Lord Sporkton <[EMAIL PROTECTED]> wrote: > as a side note, i dont believe openbsd can do altq on anything other > than a physical interface, so if you put the servers on a dmz, make > sure to use a physical interface, not a vlan. altq works here on pppoe and vlan.

Re: pf-altq-bandwith_problem

ough you may be >> able to do bandwidth control in the layer2 hardware its self. >> >> as a side note, i dont believe openbsd can do altq on anything other >> than a physical interface, so if you put the servers on a dmz, make >> sure to use a physical interface, n

Re: pf-altq-bandwith_problem

limit its the hardware limit, but I just want to limit one of the interfaces on my OpenBSD box to a certain number of Kbs (100Kbs), so PF already made changes, but I saw this weird behaviour and want to make the 100Kbs limit universal to all the interface transfers. If Joe want a file from the OpenBS

Re: pf-altq-bandwith_problem

2008/5/17 Jesus Sanchez <[EMAIL PROTECTED]>: > Hi, I'm using OpenBSD 4.2 > > Here my network to explain later: > > [Joe PC] --- $int_if [MY_OPENBSD] $ext_if --- [INTERNET] > > I have a little problem when trying to setup a altq bandwidth shape with > pf. My intention is to give Joe only 100Kbs (bit

pf-altq-bandwith_problem

Hi, I'm using OpenBSD 4.2 Here my network to explain later: [Joe PC] --- $int_if [MY_OPENBSD] $ext_if --- [INTERNET] I have a little problem when trying to setup a altq bandwidth shape with pf. My intention is to give Joe only 100Kbs (bits) of the Internet total bandwidth, and also I have set s

Re: PF/ALTQ/Bridge Question

any port {5060:5063, > 1:2} queue ivoip > pass in quick proto tcp from $VOIP to any port {5060} queue ovoip > pass in quick proto udp from $VOIP to any port {5060:5063, > 1:2} queue ovoip > --------

Re: PF/ALTQ problem : using max states limits breaks queueing

NetOne - Doichin Dokov P=P0P?P8Q
P0: Henning Brauer P=P0P?P8Q
P0: * NetOne - Doichin Dokov <[EMAIL PROTECTED]> [2007-11-07 01:57]: Hello, I have an OpenBSD 4.2 box set up to shape clients traffic. Each client gets limited by these 4 rules: pass in on $int_if from $client_ip to any queue c

Re: PF/ALTQ problem : using max states limits breaks queueing

Henning Brauer P=P0P?P8Q
P0: * NetOne - Doichin Dokov <[EMAIL PROTECTED]> [2007-11-07 01:57]: Hello, I have an OpenBSD 4.2 box set up to shape clients traffic. Each client gets limited by these 4 rules: pass in on $int_if from $client_ip to any queue client_in pass out on $int_if from any

PF/ALTQ/Bridge Question

from $VOIP to any port {5060} queue ovoip pass in quick proto udp from $VOIP to any port {5060:5063, 1:2} queue ovoip Does anyone have any ideas on how I can get this to work? Any information or ex

Re: PF/ALTQ problem : using max states limits breaks queueing

* NetOne - Doichin Dokov <[EMAIL PROTECTED]> [2007-11-07 01:57]: > Hello, > > I have an OpenBSD 4.2 box set up to shape clients traffic. Each client gets > limited by these 4 rules: > > pass in on $int_if from $client_ip to any queue client_in > pass out on $int_if from any to $client_ip queue cli

Re: pf+altq

Try defining q_pri with a bandwidth, you might even be able to set it as: queue q_pri bandwidth 0% priority 7 cbq(borrow) This way it wouldnt reserve any bandwidth but it shouldnt cause issues with the bandwidth math either. If you get that working, please let me know. On 1/17/07, sonjaya <[E

Re: pf+altq

as far i know min bw 5,59 kbps . now is working , i got from other queue. i try to use cbq n hfsc witch better in shaping . On 1/17/07, Lawrence Horvath <[EMAIL PROTECTED]> wrote: Try defining q_pri with a bandwidth, you might even be able to set it as: queue q_pri bandwidth 0% priority 7 cbq(

Re: pf+altq

On Wednesday 17 January 2007 07:28 am, sonjaya wrote: > queue q_std bandwidth 100% cbq \ > {q_def,q_pri,q_web,q_msc,q_dat,q_gms} > queue q_def bandwidth 25% priority 1 cbq(borrow default red ecn) > queue q_dat bandwidth 10% priority 0 cbq(red) > queue q_web bandwidth 25% priority 5 cbq(borro

pf+altq

Dear All here my altq+pf ##---queue+alq---### altq on $ext_if cbq bandwidth 100Kb queue{q_std} queue q_std bandwidth 100% cbq \ {q_def,q_pri,q_web,q_msc,q_dat,q_gms} queue q_def bandwidth 25% priority 1 cbq(borrow default red ecn) queue q_dat bandwidth

pf - altq shaping http download

Hi, I am thinking to implement altq to limit the download speed to our web server. Ideally I would like to limit everyone let's say to 30Kbps/thread and every source IP is allowed to open 1 download connection only. Is it possible to differentiate between normal browsing and downloading us

Re: pf - altq shaping http download

Please disregard this email. Sent to wrong mailing list :) Edy wrote: Hi, I am thinking to implement altq to limit the download speed to our web server. Ideally I would like to limit everyone let's say to 30Kbps/thread and every source IP is allowed to open 1 download connection only. Is

Re: pf altq and cbq borrowing

On 12/12/06, Matt Hamilton <[EMAIL PROTECTED]> wrote: Hi All, Something I just noticed on 3.9 with our firewall that I'm hoping someone can explain, as it looks like a bug to me. Our simplified config for queueing is: altq on $ext_if cbq bandwidth 8Mb queue { colo, bmex, deflt } queue bme

pf altq and cbq borrowing

Hi All, Something I just noticed on 3.9 with our firewall that I'm hoping someone can explain, as it looks like a bug to me. Our simplified config for queueing is: altq on $ext_if cbq bandwidth 8Mb queue { colo, bmex, deflt } queue bmex bandwidth 4Mb cbq { A, B, C, D } queue A bandwidt

pf+altq problem

Dear list. My pf.conf not working. I have pf in bridge machine with xl2 to internet firewall and xl1 to internal switch. Bridging is ok. This my simple pf.conf me="172.16.0.228" altq on xl1 bandwidth 100% cbq queue {me,dflt} queue mebandwidth 8Kb queue dflt bandwidth 16Kb cbq (d

Re: pf + altq syntax check plz

On Jul 2, 2006, at 11:38 AM, S t i n g r a y wrote: I am configuring altq & pf for the first time , & have a few problems here .. well i need to traffic shape between diffrent protocols as you can see in my pf.conf now i am stuck & confused what to do next as i have built this file with

Re: pf + altq syntax check plz

On 7/2/06, S t i n g r a y <[EMAIL PROTECTED]> wrote: I am configuring altq & pf for the first time , & have a few problems here .. well i need to traffic shape between diffrent protocols as you can see in my pf.conf now i am stuck & confused what to do next as i have built this file with dif

pf + altq syntax check plz

I am configuring altq & pf for the first time , & have a few problems here .. well i need to traffic shape between diffrent protocols as you can see in my pf.conf now i am stuck & confused what to do next as i have built this file with diffrent ref from web. the im is the most common Instant m

pf+altq+hfsc

Where can i find a some good exampels with pf+altq+hfsc or with cbq that works givving CIR and MIR. -- Best regards, G.Stefan mailto:[EMAIL PROTECTED]

Re: pf altq blocking ssh

* Dimitry Andric <[EMAIL PROTECTED]> [2005-10-10 20:51]: > Reyk Floeter wrote: > >> altq on $if cbq bandwidth 100Mb queue { all, local, http, ssh, rsets } > > use a different name instead of "all", like "std". "all" is a reserved > > keyword. > > Hmm, wouldn't it be nice to generate some warnings

Re: pf altq blocking ssh

Reyk Floeter wrote: >> altq on $if cbq bandwidth 100Mb queue { all, local, http, ssh, rsets } > use a different name instead of "all", like "std". "all" is a reserved > keyword. Hmm, wouldn't it be nice to generate some warnings on 'misuse' of keywords such as this? [demime 1.01d removed an attac

Re: pf altq blocking ssh

thanks everyone, problems fixed. I love you guys. On 10/11/05, John Kintaro Tate <[EMAIL PROTECTED]> wrote: > There is something wrong with my rules file, and I cant find the problem. > > pf.conf... > # $OpenBSD: pf.conf,v 1.28 2004/04/29 21:03:09 frantzen Exp $ > # > # See pf.conf(5) and /u

Re: pf altq blocking ssh

On Tue, Oct 11, 2005 at 12:35:10AM +1000, John Kintaro Tate wrote: > altq on $if cbq bandwidth 100Mb queue { all, local, http, ssh, rsets } > use a different name instead of "all", like "std". "all" is a reserved keyword. > queue all bandwidth 32Kb proirity 1 > queue local bandwidth 100Mb proiri

Re: pf altq blocking ssh

On 10.10.2005, at 16:35, John Kintaro Tate wrote: altq on $if cbq bandwidth 100Mb queue { all, local, http, ssh, rsets } try other names. one of them seems to be a keyword?! { xall, xlocal, xhttp, xssh, xrsets } Karl-Heinz

pf altq blocking ssh

There is something wrong with my rules file, and I cant find the problem. pf.conf... # $OpenBSD: pf.conf,v 1.28 2004/04/29 21:03:09 frantzen Exp $ # # See pf.conf(5) and /usr/share/pf for syntax and examples. # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 # in /

Re: PF ALTQ

On Tue, Sep 20, 2005 at 01:16:19AM +0100, Stuart Henderson wrote: > > You can only queue outgoing traffic with altq, not incoming. > > You can sometimes achieve the same effect by queuing outgoing traffic > on a different interface (e.g. to queue internet->LAN bandwidth, queue > on the LAN inte

Re: PF ALTQ

--On 20 September 2005 01:07 +0200, Raphael Brunner wrote: I try to limit the Bandwidth on my OpenBSD 3.7 (Release). But there is something wrong. The traffic walk through the rules (log with tcpdump...), but there isn't a limit of the inbound-Traffic. If I add "keep state" to it, then there

PF ALTQ

Hi @ all, I try to limit the Bandwidth on my OpenBSD 3.7 (Release). But there is something wrong. On my box run a ftp-server (10.0.0.1) without proxy. and I try to copy from/to it from 10.0.0.20 via FTP The traffic walk through the rules (log with tcpdump...), but there isn't a limit of the