View Single Post
  #3   (View Single Post)  
Old 18th October 2008
plexter plexter is offline
Shell Scout
 
Join Date: May 2008
Posts: 124
Default

What has everyone gone on holiday? haha.

I'm really baffled with this. I was hoping that one of the more experienced OpenBSD users would be able to comment as his/her knowledge of OpenBSD inner workings might help. It seems really odd that neither the sample commands from OpenBSD's FAQ nor mine will work and I am starting to think there might be more going on than just my PF syntax.

ANY help would be greatly appreciated.

Updated PF.CONf also keep in mine lines may not be exact and you should look at my comments "line 30 is...." for reference.
Code:
#Interfaces
ext_if="fxp0"
int_if="fxp1"
 
#Options
set require-order yes
set block-policy drop
set loginterface $ext_if
set state-policy if-bound
set fingerprints "/etc/pf.os"
set ruleset-optimization none
 
#Timeout Settings
set optimization aggressive
set timeout { frag 10, tcp.established 3600 }
set timeout { tcp.first 30, tcp.closing 10, tcp.closed 10, tcp.finwait 10 }
set timeout { udp.first 30, udp.single 30, udp.multiple 30 }
set timeout { other.first 30, other.single 30, other.multiple 30 }
set timeout { adaptive.start 5000, adaptive.end 10000 }
 
#Connection Normalization
 
scrub on $ext_if all random-id min-ttl 254 max-mss 1452 reassemble tcp fragment reassemble
 
#Queuing ALTQ
#Upload assumed aprox 80kb or 640Kb queued aprox 94%
 
altq on $ext_if cbq bandwidth 600Kb queue { tos, voip, dns, ssh, webftp, bitt, general }
 
queue   tos     bandwidth 20% priority 7      cbq (borrow red) { ack, ssh_login }
                queue   ack             bandwidth 90%   cbq (borrow red)
                queue   ssh_login       bandwidth 10%   cbq (borrow red)
queue   voip    bandwidth 50% priority 6      cbq (borrow red)
queue   dns     bandwidth 7%  priority 5      cbq (borrow red)
queue   ssh     bandwidth 3%  priority 4      cbq (borrow red)
queue   webftp  bandwidth 5%  priority 4      cbq (borrow red)
queue   bitt    bandwidth 10% priority 2      cbq (borrow red)
queue   general bandwidth 5%  priority 1      cbq (borrow red default)
 
pass out quick on $ext_if inet proto udp from any to any port 5060 keep state queue (voip, ack)
pass out quick on $ext_if inet proto udp from any to any port domain keep state queue (dns, ack)
pass out quick on $ext_if inet proto tcp from any to any port ssh modulate state queue (ssh, ssh_login)
pass out quick on $ext_if inet proto tcp from any to any port 10050 modulate state queue (bitt, ack)
pass out quick on $ext_if inet proto { tcp, udp } from any to any keep state queue (general, ack)
 
pass in
pass out
Thanks!
Reply With Quote