DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 23rd July 2008
Weaseal's Avatar
Weaseal Weaseal is offline
Package Pilot
 
Join Date: May 2008
Location: East Coast, US
Posts: 177
Thanked 7 Times in 7 Posts
Default PF/ALTQ rules not working as intended

I am attempting to limit all clients on the network to 128Kbps down and 64Kbps up. This is *sort of* working, except that for some reason, ALL clients are falling under the "c1" queue (which is the default), instead of using the ones written specifically for them.

Here is my pf.conf:
Code:
$ cat /etc/pf.conf
int_if="rl0"
ext_if="nfe0"
int_net="192.168.2.0/24"

principal="192.168.2.2"
c1="192.168.2.3"
c2="192.168.2.4"
c3="192.168.2.5"
c4="192.168.2.6"
c5="192.168.2.7"
c6="192.168.2.8"
c7="192.168.2.9"
c8="192.168.2.10"
c9="192.168.2.11"


altq on $int_if cbq bandwidth 3Mb queue { principal_d,c1_d,c2_d,c3_d,c4_d,c5_d,c6_d,c7_d,c8_d,c9_d }
altq on $ext_if cbq bandwidth 1Mb queue { principal_u,c1_u,c2_u,c3_u,c4_u,c5_u,c6_u,c7_u,c8_u,c9_u }


queue principal_d bandwidth 192Kb cbq ( rio )
queue principal_u bandwidth 64Kb cbq ( rio )

queue c1_d bandwidth 128Kb cbq ( default rio )
queue c1_u bandwidth 64Kb cbq ( default rio )

queue c2_d bandwidth 128Kb cbq ( rio )
queue c2_u bandwidth 64Kb cbq ( rio )

queue c3_d bandwidth 128Kb cbq ( rio )
queue c3_u bandwidth 64Kb cbq ( rio )

queue c4_d bandwidth 128Kb cbq ( rio )
queue c4_u bandwidth 64Kb cbq ( rio )

queue c5_d bandwidth 128Kb cbq ( rio )
queue c5_u bandwidth 64Kb cbq ( rio )

queue c6_d bandwidth 128Kb cbq ( rio )
queue c6_u bandwidth 64Kb cbq ( rio )

queue c7_d bandwidth 128Kb cbq ( rio )
queue c7_u bandwidth 64Kb cbq ( rio )

queue c8_d bandwidth 1200Kb cbq ( rio )
queue c8_u bandwidth 64Kb cbq ( rio )

queue c9_d bandwidth 128Kb cbq ( rio )
queue c9_u bandwidth 64Kb cbq ( rio )


pass out on $int_if from any to $principal keep state queue principal_d
pass out on $int_if from any to $c1 keep state queue c1_d
pass out on $int_if from any to $c2 keep state queue c2_d
pass out on $int_if from any to $c3 keep state queue c3_d
pass out on $int_if from any to $c4 keep state queue c4_d
pass out on $int_if from any to $c5 keep state queue c5_d
pass out on $int_if from any to $c6 keep state queue c6_d
pass out on $int_if from any to $c7 keep state queue c7_d
pass out on $int_if from any to $c8 keep state queue c8_d
pass out on $int_if from any to $c9 keep state queue c9_d


pass out on $ext_if from $principal to any keep state queue principal_u
pass out on $ext_if from $c1 to any keep state queue c1_u
pass out on $ext_if from $c2 to any keep state queue c2_u
pass out on $ext_if from $c3 to any keep state queue c3_u
pass out on $ext_if from $c4 to any keep state queue c4_u
pass out on $ext_if from $c5 to any keep state queue c5_u
pass out on $ext_if from $c6 to any keep state queue c6_u
pass out on $ext_if from $c7 to any keep state queue c7_u
pass out on $ext_if from $c8 to any keep state queue c8_u
pass out on $ext_if from $c9 to any keep state queue c9_u
And here is "pftop" and pressing 8 on the keyboard:
Code:
pfTop: Up Queue 1-22/22, View: queue, Cache: 10000                                                                                     21:09:20

QUEUE                             BW SCH  PRIO     PKTS    BYTES   DROP_P   DROP_B QLEN BORROW SUSPEN     P/S     B/S
root_rl0                       3000K cbq     0      238    59029        0        0    0      0      0       9    2544
root_nfe0                      1000K cbq     0      275   212907        0        0    0      0      0      12    7886
 principal_d                    192K cbq              0        0        0        0    0      0      0       0       0
 principal_u                   64000 cbq              0        0        0        0    0      0      0       0       0
 c1_d                           128K cbq            238    59029        0        0    0      0      3       9    2544
 c1_u                          64000 cbq            275   212907       34    31105   33      0     65      12    7886
 c2_d                           128K cbq              0        0        0        0    0      0      0       0       0
 c2_u                          64000 cbq              0        0        0        0    0      0      0       0       0
 c3_d                           128K cbq              0        0        0        0    0      0      0       0       0
 c3_u                          64000 cbq              0        0        0        0    0      0      0       0       0
 c4_d                           128K cbq              0        0        0        0    0      0      0       0       0
 c4_u                          64000 cbq              0        0        0        0    0      0      0       0       0
 c5_d                           128K cbq              0        0        0        0    0      0      0       0       0
 c5_u                          64000 cbq              0        0        0        0    0      0      0       0       0
 c6_d                           128K cbq              0        0        0        0    0      0      0       0       0
 c6_u                          64000 cbq              0        0        0        0    0      0      0       0       0
 c7_d                           128K cbq              0        0        0        0    0      0      0       0       0
 c7_u                          64000 cbq              0        0        0        0    0      0      0       0       0
 c8_d                          1200K cbq              0        0        0        0    0      0      0       0       0
 c8_u                          64000 cbq              0        0        0        0    0      0      0       0       0
 c9_d                           128K cbq              0        0        0        0    0      0      0       0       0
 c9_u                          64000 cbq              0        0        0        0    0      0      0       0       0
Can anyone suggest what I am doing wrong?
__________________
FreeBSD addict since 4.2-RELEASE.
My FreeBSD wiki.
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help with pf rules TerranAce007 OpenBSD General 4 16th January 2009 10:14 PM
PF w/ ALTQ - Queue errors exceeding bandwidth plexter OpenBSD Security 11 26th October 2008 12:01 AM
ALTQ Question regarding RudiK FreeBSD Security 4 23rd July 2008 01:59 PM
[PF] Problem with ftp and ALTQ gotian FreeBSD Security 1 22nd July 2008 11:25 PM
Queuing with PF and ALTQ Weaseal FreeBSD Security 1 22nd July 2008 05:18 PM


All times are GMT. The time now is 03:50 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick