View Single Post
  #2   (View Single Post)  
Old 15th October 2008
plexter plexter is offline
Shell Scout
 
Join Date: May 2008
Posts: 124
Default

Hello,

While I have been waiting for a reply I decided to setup CBQ. I have run into a more specific error which I think "could" be part of it not the reason my HFSC queuing was not working.

I am getting an error now that says "error on line 30"

Line 30 for me is:

Code:
altq on $ext_if cbq bandwidth 600Kb qlimit 500 queue { ack, dns, ssh, webftp, bitt, voip, rdpvnc, general }
I cannot see anything wrong with this!

I have also tried for the sake of argument commenting out mine and typing various examples I have seen. All produce the same error!

I just don't understand! Is ALTQ somehow not supported on my install? ....this isnt possible with a GENERIC kernel right? By default OpenBSD comes with ALTQ support...right?

Actually here is my complete PF.CONF

Code:
#Interfaces
ext_if="fxp0"
int_if="fxp1"

#Options
set require-order yes
set block-policy drop
set loginterface $ext_if
set state-policy if-bound
set fingerprints "/etc/pf.os"
set ruleset-optimization none

#Timeout Settings
set optimization aggressive
set timeout { frag 10, tcp.established 3600 }
set timeout { tcp.first 30, tcp.closing 10, tcp.closed 10, tcp.finwait 10 }
set timeout { udp.first 30, udp.single 30, udp.multiple 30 }
set timeout { other.first 30, other.single 30, other.multiple 30 }
set timeout { adaptive.start 5000, adaptive.end 10000 }

#Connection Normalization

scrub on $ext_if all random-id min-ttl 254 max-mss 1452 reassemble tcp fragment reassemble

#Queuing ALTQ
#Upload assumed aprox 80kb or 640Kb queued aprox 94%

altq on $ext_if cbq bandwidth 600Kb qlimit 500 queue { tos, dns, ssh, webftp, bitt, voip, rdpvnc, general }

queue   tos     bandwidth 20% priority 7      qlimit 500 cbq (borrow red ecn) { ack, ssh_login }
                queue   ack             bandwidth 90%   qlimit 500 cbq (borrow red ecn)
                queue   ssh_login       bandwidth 10%   qlimit 500 cbq (borrow red ecn)
queue   voip    bandwidth 50% priority 6      qlimit 500 cbq (borrow red ecn)
queue   dns     bandwidth 5%  priority 5      qlimit 500 cbq (borrow red ecn)
queue   ssh     bandwidth 2%  priority 4      qlimit 500 cbq (borrow red ecn)
queue   webftp  bandwidth 5%  priority 4      qlimit 500 cbq (borrow red ecn)
queue   games   bandwidth 5%  priority 3      qlimit 500 cbq (borrow red ecn)
queue   bitt    bandwidth 10% priority 2      qlimit 500 cbq (borrow red ecn)
queue   general bandwidth 3%  priority 1      qlimit 500 cbq (borrow red ecn default)

pass out quick on $ext_if inet proto udp from any to any port 5060 keep state queue (voip, ack)
pass out quick on $ext_if inet proto udp from any to any port domain keep state queue (dns, ack)
pass out quick on $ext_if inet proto tcp from any to any port ssh modulate state queue (ssh, ssh_login)
pass out quick on $ext_if inet proto tcp from any to any port 3389 modulate state queue (rdpvnc, ack)
pass out quick on $ext_if inet proto udp from any to any port 30340:30341 keep state queue (games, ack)
pass out quick on $ext_if inet proto udp from any to any port 6112 keep state queue (games, ack)
pass out quick on $ext_if inet proto tcp from any to any port 10050 modulate state queue (bitt, ack)
pass out quick on $ext_if inet proto (tcp, udp) from any to any keep state queue (general, ack)

pass in
pass out

Anyway I am hoping someone can help me figure this out.

Thanks for your help.

Last edited by plexter; 15th October 2008 at 11:15 PM. Reason: Posting my whole PF.CONF
Reply With Quote