i start experimenting with alt-q ,and manage to make a nice test config. my box has 3 LAN interfaces, but i am playing atm only with one network.
i manage to get the trafic that comes from the internet to each machine nicely as i want it. the global out speed to internet is set to 256Kbs. while each machine is set with 1Mbit out but the outspeed stays at the 256kbs ,and not the values i want,so my question, what is wrong with my config ? below my current pf.conf ######## START CONFIG ########## # ext_if = "fxp0" int0_if = "re0" int2_if = "rl0" int3_if = "rl1" # localnet0 ="192.168.0.0/24" localnet2 ="192.168.2.0/24" localnet3 ="192.168.3.0/24" # blockedport ="{21,25,53,80,110,119, 2128}" openport ="{ 21,25,110,8002,45631 }" # table <firewall> persist file "/etc/table/firewall.table" # # extern -> intern IF-0 altq on $int0_if cbq bandwidth 1000Mb queue / { std0_in, core_in, soep_in, global0_in, server2_in } queue std0_in bandwidth 15Mb priority 1 cbq(default) queue global0_in bandwidth 192Kb cbq queue core_in bandwidth 2024Kb cbq queue soep_in bandwidth 1024Kb cbq queue server2_in bandwidth 512Kb cbq # # # intern -> extern altq on $ext_if cbq bandwidth 10Mb queue / { std_ext , lan_ext ,core_ext, soep_ext, server2_ext } queue std_ext bandwidth 6Mb cbq(default) queue lan_ext bandwidth 256Kb cbq queue core_ext bandwidth 1024Kb cbq queue soep_ext bandwidth 1024Kb cbq queue server2_ext bandwidth 512Kb cbq # match out on egress inet from !(egress) to any nat-to (egress:0) # block in on $ext_if all block quick on $ext_if proto {tcp,udp} from <firewall> to any port / $blockedport antispoof for $ext_if inet # # Local servers (mail / ftp / other) pass in quick on $ext_if proto { tcp,udp } from any to $ext_if port / $openport rdr-to 192.168.0.254 # traffic from localnet0 to internet pass out on $ext_if keep state queue lan_ext pass out on $ext_if from 192.168.0.238 keep state queue core_ext pass out on $ext_if from 192.168.0.227 keep state queue soep_ext pass out on $ext_if from 192.168.0.254 keep state queue server2_ext # Traffic from internet to localnet0 (this block work correct) pass in on $int0_if from $localnet0 keep state queue global0_in pass in on $int0_if from 192.168.0.238 keep state queue core_in pass in on $int0_if from 192.168.0.227 keep state queue soep_in pass in on $int0_if from 192.168.0.254 keep state queue server2_in ########## END CONFIG ############ simply sayd. i dont want a global CAP on outgoing trafic. each machine should have his own CAP on outgoing trafic. any advice ?