View Single Post
Old 21st July 2008
ivanatora ivanatora is offline
Real Name: Ivan
Fdisk Soldier
Join Date: Jul 2008
Location: Bulgaria
Posts: 51

Sorry about iptables - this was the only term I can come with for that moment

I just get into pf and it rocks - got up nat running for my second PC in less than a minute, *without* running any extra daemons like natd
That 'last matching rule wins' is a bit confusing (like reading the rules file backwards), but at least there is the 'quick' word. I'm going to read the documentation more in-depth.

Thanks for your tips!
Portion of another questions is comming This thime I'm trying to do some very basic traffic shaping - ALTQ. For beginning I want just to restrict HTTP downloading speed (which is port 80) to a fixed number... lets say 100Kbps. I'm on ADSL line providing me 12Mb down / 2Mb up, but for now let's concentrate only on limiting downloading speed.
I've read some tutorials and I've reached to the following code:
### Queueing
# I'm not sure what to set up for a total bandwidth - 100Mb for the carrier media (Cat5 cables) or 12Mb for the provided bandwidth
altq on re0 cbq bandwidth 100Mb queue {restrict, fast}
# This queue 'restrict' should get the shaped traffic
queue restrict bandwidth 100Kb cbq(default)
# This 'fast' queue should take some fast traffic, DNS requests for example.
queue fast bandwidth 500Kb priority 4
### Translation
# This is for my other PC and I don't think it plays a role here
nat pass on re0 from to any ->

### Filtering
# Restrict traffic on port 80. This is my IP.
pass in on re0 proto tcp from any port 80 to queue restrict
# Pass DNS requests on the 'fast' queue
pass in on re0 proto { udp, tcp } from any port 53 to queue fast
So I see DNS resolutions are done really fast (definately faster than if they fell into the 'restricted' queue), but HTTP traffic is not going with the specified bandwidth. Instead it goes about 3Mb. First I thought it is due to wrong number here:
altq on re0 cbq bandwidth *100Mb* queue {restrict, fast}
But changing that did not reflected in any way - the downloads went on 3Mb.

Second problem - how to build the rule for queuing the other PC's NATed bandwidth?
I tried
pass on re0 from any to queue restrict
and variations but it just didn't passed to the queue. I.e. the effect was nothing. I'm routing over only one NIC - re0 (using aliases - and and maybe this is wrong?

Last edited by ivanatora; 21st July 2008 at 07:23 PM.
Reply With Quote