DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 10th November 2009
MarcRiv MarcRiv is offline
New User
 
Join Date: Oct 2009
Posts: 6
Default I need help setting up queues.

I have a T1 and I am breaking it down into 4 parts Ack, voip, mail, and bulk(everything else). The main problem we face is people downloading steaming videos or are even downloading large files. I know that portion of altq doesn't work as well because you can't stop the other person from sending data. It should help by allowing the router to at least see that mail or VOIP is coming though and allow it priority right?

External interface

Code:
altq on $extif bandwidth 1.5Mb hfsc queue {e_ack, e_voip, e_network}
  queue e_ack bandwidth 1% priority 7 qlimit 50 hfsc (realtime (450Kb, 10000, 225Kb))
  queue e_voip bandwidth 1%  priority 6 qlimit 50 hfsc (realtime (300Kb, 20000, 190Kb))
  queue e_network bandwidth 1% priority 5 qlimit 50 hfsc (realtime 450Kb linkshare (1200Kb, 20000, 500Kb)) {e_mail, e_bulk}
   queue e_mail bandwidth 40% priority 7 qlimit 50 hfsc (linkshare (40%, 15000, 25%))
   queue e_bulk bandwidth 40% priority 6 qlimit 50 hfsc (linkshare 40% default)
Internal Interface

Code:
altq on $intif bandwidth 1Gb hfsc queue {ext, int}
 queue ext bandwidth 1.5Mb hfsc {i_ack, i_voip, network }
  queue i_ack bandwidth 1% priority 7 qlimit 50 hfsc (realtime (400Kb, 10000, 225Kb))
  queue i_voip bandwidth 1%  priority 6 qlimit 50 hfsc (realtime (300Kb, 20000, 190Kb))
  queue network bandwidth 1% priority 5 qlimit 50 hfsc (realtime 450Kb linkshare (1200Kb, 20000, 500Kb)) {i_mail, i_bulk}
   queue i_mail bandwidth 40% priority 7 qlimit 50 hfsc (linkshare (180Kb, 15000, 112Kb))
   queue i_bulk bandwidth 40% priority 6 qlimit 50 hfsc (linkshare (180Kb, 15000, 112Kb ) default)
 queue int bandwidth 997Mb hfsc
So once I have the queues set up I start to assign them to the proper queue
Code:
match out on $extif proto tcp from $mailserver port 25 to any queue (e_mail, e_ack)
match out on $intif proto tcp from any to $mailserver port 25 queue (i_mail, i_ack)
Of course they are allowed to pass through since everything is working. The queues don't work correctly. Everything going out on the internal interface is riding on the correct queue but when I look at the external queue everything is being applied to the bulk queue. When I use tcpdump -nettt -i pflog0 port 25 and host 192.168.5.20 it shows this to me.

Code:
rule 24/(match) pass in on em1: 192.168.5.20.39098 > 209.85.223.42.25: S 1692899968:1692899968(0) win 65535 <mss 1460,nop,nop,sackOK> (DF)
em1 is the internal interface it shows this rule then doesn't show the out rule on em0 which is the external interface. It also looks like nat is being applied on the internal network?

Let me know if you need more information about the setup.
Reply With Quote
 

Tags
altq, hfsc, pf traffic shaping, queue

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Setting up nameservers paran0iaX OpenBSD General 11 13th March 2009 12:16 PM
getting and setting time from router michaelrmgreen General software and network 1 5th February 2009 01:58 PM
help for setting ezjail? bgobs FreeBSD General 13 15th June 2008 10:50 AM
Setting Up MPD benjgvps FreeBSD General 0 21st May 2008 12:20 PM
thanks for setting this up DraconianTimes Off-Topic 8 5th May 2008 08:14 AM


All times are GMT. The time now is 08:46 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick