DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 10th January 2009
maurobottone maurobottone is offline
Real Name: Mauro Bottone
Port Guard
 
Join Date: May 2008
Location: Aversa, IT
Posts: 24
Default Local transfer is slow.

Hi, I know I know...often here with my problems :/ I'm trying to learn, I'm reading all I can, but something I can't find solutions or, if I found it, I can't undestand the causes :°D
Here my pf.conf:

Code:
### macros
int_if = "re0"
dmz_if = "re1"
ext_if = "pppoe0"

tcp_services = "{ 20, 21, 22, 25, 80, 110, 113 }"
udp_service = "{ 53, 5060 }"

icmp_types = "echoreq"

priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16 }"
dmz_net = "192.168.1.0/16"

bnd_upstream="512Kb"
bnd_downstream="7168Kb"

host_usr1="192.168.0.1"
host_usr4="192.168.0.4"
host_usr5="192.168.0.5"
host_usr6="192.168.0.6"
host_usr8="192.168.0.8"
host_usr9="192.168.0.9"
host_usr10="192.168.0.10"
host_usr11="192.168.0.11"
host_usr12="192.168.0.12"
host_usr13="192.168.1.13"
host_usr14="192.168.1.14"
host_usr15="192.168.0.15"
host_usr16="192.168.0.16"
host_usr17="192.168.0.17"
host_usr18="192.168.0.18"


### options
set optimization normal
set block-policy return
set loginterface $ext_if
set skip on lo0


### scrub
scrub in all
scrub out on $ext_if max-mss 1440


### altq
altq on $ext_if cbq bandwidth $bnd_upstream   queue { up_def }
altq on $int_if cbq bandwidth $bnd_downstream queue { dn_def }
altq on $dmz_if cbq bandwidth $bnd_downstream queue { dn_def }

queue up_def    bandwidth   100% cbq(default) { up_host1 up_host4 up_host5 up_host6 up_host8 up_host9 up_host10 up_host11 up_host12 up_host13 up_host14 up_host15 up_host16 up_host17 up_host18 }
        queue up_host1   bandwidth   13% cbq(borrow)
        queue up_host4   bandwidth    7% cbq(borrow)
        queue up_host5   bandwidth    7% cbq(borrow)
        queue up_host6   bandwidth    7% cbq(borrow)
        queue up_host8   bandwidth    6% cbq(borrow)
        queue up_host9   bandwidth    6% cbq(borrow)
        queue up_host10  bandwidth    6% cbq(borrow)
        queue up_host11  bandwidth    6% cbq(borrow)
        queue up_host12  bandwidth    6% cbq(borrow)
        queue up_host13  bandwidth    6% cbq(borrow)
        queue up_host14  bandwidth    6% cbq(borrow)
        queue up_host15  bandwidth    6% cbq(borrow)
        queue up_host16  bandwidth    6% cbq(borrow)
        queue up_host17  bandwidth    6% cbq(borrow)
        queue up_host18  bandwidth    6% cbq(borrow)

queue dn_def    bandwidth   100% cbq(default) { dn_host1 dn_host4 dn_host5 dn_host6 dn_host8 dn_host9 dn_host10 dn_host11 dn_host12 dn_host13 dn_host14 dn_host15 dn_host16 dn_host17 dn_host18}
        queue dn_host1   bandwidth   13% cbq(borrow)
        queue dn_host4   bandwidth    7% cbq(borrow)
        queue dn_host5   bandwidth    7% cbq(borrow)
        queue dn_host6   bandwidth    7% cbq(borrow)
        queue dn_host8   bandwidth    6% cbq(borrow)
        queue dn_host9   bandwidth    6% cbq(borrow)
        queue dn_host10  bandwidth    6% cbq(borrow)
        queue dn_host11  bandwidth    6% cbq(borrow)
        queue dn_host12  bandwidth    6% cbq(borrow)
        queue dn_host13  bandwidth    6% cbq(borrow)
        queue dn_host14  bandwidth    6% cbq(borrow)
        queue dn_host15  bandwidth    6% cbq(borrow)
        queue dn_host16  bandwidth    6% cbq(borrow)
        queue dn_host17  bandwidth    6% cbq(borrow)
        queue dn_host18  bandwidth    6% cbq(borrow)


### nat/rdr
nat on $ext_if from $int_if:network to any -> ($ext_if)
nat on $ext_if from $dmz_if:network to any -> ($ext_if)
nat on $int_if from $dmz_if:network to any -> ($int_if)
nat on $dmz_if from $int_if:network to any -> ($dmz_if)
#redirect per nucleo, anima, xaser ed enjoy
rdr pass on $ext_if proto { tcp udp } from any to ($ext_if) port {4001:4005, 1063:1083} -> $host_usr1
rdr pass on $ext_if proto { tcp udp } from any to ($ext_if) port 1000:1020 -> $host_usr8
rdr pass on $ext_if proto { tcp udp } from any to ($ext_if) port {1021:1041, 3724, 6112 } -> $host_usr9
rdr pass on $ext_if proto { tcp udp } from any to ($ext_if) port 1042:1062 -> $host_usr10
rdr-anchor miniupnpd #*


### filter rules
block all
block drop in quick on $ext_if from $priv_nets to any
block drop out quick on $ext_if from any to $priv_nets
block drop in quick on $ext_if from $dmz_net to any
block drop out quick on $ext_if from any to $dmz_net

pass in on $int_if proto { tcp udp } from $host_usr1  to any queue up_host1
pass in on $int_if proto { tcp udp } from $host_usr4  to any queue up_host4
pass in on $int_if proto { tcp udp } from $host_usr5  to any queue up_host5
pass in on $int_if proto { tcp udp } from $host_usr6  to any queue up_host6
pass in on $int_if proto { tcp udp } from $host_usr8  to any queue up_host8
pass in on $int_if proto { tcp udp } from $host_usr9  to any queue up_host9
pass in on $int_if proto { tcp udp } from $host_usr10 to any queue up_host10
pass in on $int_if proto { tcp udp } from $host_usr11 to any queue up_host11
pass in on $int_if proto { tcp udp } from $host_usr12 to any queue up_host12
pass in on $dmz_if proto { tcp udp } from $host_usr13 to any queue up_host13
pass in on $dmz_if proto { tcp udp } from $host_usr14 to any queue up_host14
pass in on $int_if proto { tcp udp } from $host_usr15 to any queue up_host15
pass in on $int_if proto { tcp udp } from $host_usr16 to any queue up_host16
pass in on $int_if proto { tcp udp } from $host_usr16 to any queue up_host17
pass in on $int_if proto { tcp udp } from $host_usr16 to any queue up_host18

pass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services flags S/SA keep state
pass in on $ext_if inet proto udp from any to ($ext_if) port $udp_service keep state
pass in on $ext_if inet proto { tcp udp } from any to ($dmz_if) keep state
pass in inet proto icmp all icmp-type $icmp_types keep state
pass in on $int_if from $int_if:network to any
pass in on $dmz_if all keep state


pass out on $int_if proto { tcp udp } from any to $host_usr1  queue dn_host1
pass out on $int_if proto { tcp udp } from any to $host_usr4  queue dn_host4
pass out on $int_if proto { tcp udp } from any to $host_usr5  queue dn_host5
pass out on $int_if proto { tcp udp } from any to $host_usr6  queue dn_host6
pass out on $int_if proto { tcp udp } from any to $host_usr8  queue dn_host8
pass out on $int_if proto { tcp udp } from any to $host_usr9  queue dn_host9
pass out on $int_if proto { tcp udp } from any to $host_usr10 queue dn_host10
pass out on $int_if proto { tcp udp } from any to $host_usr11 queue dn_host11
pass out on $int_if proto { tcp udp } from any to $host_usr12 queue dn_host12
pass out on $dmz_if proto { tcp udp } from any to $host_usr13 queue dn_host13
pass out on $dmz_if proto { tcp udp } from any to $host_usr14 queue dn_host14
pass out on $int_if proto { tcp udp } from any to $host_usr15 queue dn_host15
pass out on $int_if proto { tcp udp } from any to $host_usr16 queue dn_host16
pass out on $int_if proto { tcp udp } from any to $host_usr16 queue dn_host17
pass out on $int_if proto { tcp udp } from any to $host_usr16 queue dn_host18

pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state
pass out on $int_if from any to $int_if:network
pass out on $dmz_if all keep state


###Deny spoofing
antispoof for $ext_if
antispoof for $dmz_if
antispoof for $int_if

anchor miniupnpd #*
I followed some tutorials and created this system of bandwidth management to redistribute a specific percent of internet band to each computer.
My first question: is it correct?!
My second question: if it's correct, why these rules give me problems with local transfer of files? When I use this firewall and try to transfer a file from a pc to another pc of my local net, the maximum band is assumed to be that was defined in "bnd_downstream" and the rate can't be taller than "7168MB"...but it isn't correct: this value should be EXTERNAL DOWNLOAD BAND, not internal that is 1000MB/s (gigabit ethernet card). If I use the same firewall without this bandwidth management, but with the same other rules, local transfer goes well!
Where is the problem?! Thanks.
__________________
"Non ex regula ius sumatur, sed ex iure quod est regula fiat."

Last edited by maurobottone; 10th January 2009 at 02:07 PM.
Reply With Quote
  #2   (View Single Post)  
Old 10th January 2009
maurobottone maurobottone is offline
Real Name: Mauro Bottone
Port Guard
 
Join Date: May 2008
Location: Aversa, IT
Posts: 24
Default

Oh...The problem seems to be in altq on internal interfaces ($int_if and $dmz_if) because if I comment these altq rules and all rules for bandwidth management on these nets, transfer rate is owkee...I also tried to change:

pass out on $int_if proto { tcp udp } from any to $host_usr1 queue dn_host1

to:

pass out on $int_if proto { tcp udp } from ($ext_if) to $host_usr1 queue dn_host1

(for all download rules), but not any good changes...
__________________
"Non ex regula ius sumatur, sed ex iure quod est regula fiat."
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
transfer rate zomo OpenBSD General 7 26th January 2009 03:00 AM
Have problem transfer large file bigger 1GB bsdme2 FreeBSD General 9 14th January 2009 05:49 AM
local dns (dnsmasq) bsdperson FreeBSD Ports and Packages 3 3rd September 2008 06:48 AM
proxy : replace gif with local gif milo974 OpenBSD General 4 17th July 2008 06:45 AM
Apache data transfer limit cajunman4life General software and network 5 7th June 2008 05:13 PM


All times are GMT. The time now is 07:41 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick