Pretty sure I don't understand my own pf.conf

My NATting firewall/router is working fine: the problem is I don't understand why. Specifically, I can't see how packets are getting out the rl0 interface when there's no explicit rule to pass them out. Notes: 1) This is on an old OpenBSD 3.9 system. Sorry, that's what I have to work with for now

Working example of bi-directional asymmetric ALTQ + NAT ruleset?

I have an 12mbit down/1mbit up ADSL connection, an OpenBSD router- firewall, and several Net-hungry roommates connecting through it. So...I want to give each roomie a guaranteed bandwidth allotment, but not let them hog the ADSL pipe in either direction, upstream or downstream. I'm trying to wrap m

Re: Working example of bi-directional asymmetric ALTQ + NAT ruleset?

Although I respect the theoretical argument that "you can't shape/ limit inbound packets", my observations agree with those of with Karl that it's simply not true in the real world. If you read my original posting, I am effectively limiting inbound traffic as far as the user is concerned (inbound =

Re: Working example of bi-directional asymmetric ALTQ + NAT ruleset?

On Jan 11, 2:44=A0pm, s...@spacehopper.org (Stuart Henderson) wrote: > On 2011/01/11 12:46, Bonnie Packet wrote: > > > =A0 =A0 =A0 =A0 the question is how to manage it simultaneously with th= e > > download direction when those packets already part of an established, > >

Re: Working example of bi-directional asymmetric ALTQ + NAT ruleset?

tcpack already exists on interface rl0 /etc/pf.conf:48: errors in queue definition pfctl: Syntax error in config file: pf rules not loaded On Jan 12, 12:01=A0am, jhe...@logn.net (Jason Healy) wrote: > On Jan 11, 2011, at 1:35 AM, Bonnie Packet wrote: > > > Note that I know PF re

Re: Working example of bi-directional asymmetric ALTQ + NAT ruleset?

hanks again for the help and discussion, all. This has been instructive and illuminating. -BP- On Jan 12, 12:08=A0pm, s...@spacehopper.org (Stuart Henderson) wrote: > On 2011/01/12 08:40, Bonnie Packet wrote: > > > altq on $int_if cbq bandwidth 5000Kb queue { std, slow, fast, tcpack

Re: Best/simplest/fastest approach for creating "virtual switch" out

Shoot. Forgot to mention the most important user advantage of the current s= etup: since there's only one physical interface on the firewall handling al= l the (aggregated by the switch) wireless traffic, everyone can use that in= terface's IP as the same gateway address, no matter which AP they co

Best/simplest/fastest approach for creating "virtual switch" out of

Hellos to all. Our setup has two different wifi access points, each to cover a different p= art of the building. Any user or device might connect to either one of the = access points at any one time, depending on signal strength and phase of th= e moon. From the firewall's perspective, packets com