DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 19th January 2009
LordZ LordZ is offline
Port Guard
 
Join Date: May 2008
Posts: 10
Thanked 0 Times in 0 Posts
Default Dynamic Traffic Shaping

Hello to all OpenBSD and pf users. Has anyone done dynamic traffic shaping with pf? Is this possible? Can I see some example configs in order to create my config.
Reply With Quote
  #2   (View Single Post)  
Old 19th January 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,431
Thanked 214 Times in 189 Posts
Default

Do you happen to mean the ability to "borrow" bandwidth, up to some limit, when there is capacity available? If so, this is built-in to class based queuing. Examples of borrow rules are in the PF User's Guide.

If you mean something else, you'll have to formulate your question more completely.
Reply With Quote
  #3   (View Single Post)  
Old 19th January 2009
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,116
Thanked 182 Times in 149 Posts
Default

The pf.conf man page also has an example. Use altq and queue to search this forum, and you will find some examples.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #4   (View Single Post)  
Old 19th January 2009
LordZ LordZ is offline
Port Guard
 
Join Date: May 2008
Posts: 10
Thanked 0 Times in 0 Posts
Default

I have an ADSL connection with 8 Mb/s download and 1 Mb/s upload, and a network with 4 workstations.Sometimes when someone in the network starts downloading something surfing the network is awful. What I want to do is that only 2 people are working simultaneously the bandwidth is shared equally among them no matter what are they doing.
Reply With Quote
  #5   (View Single Post)  
Old 19th January 2009
DutchDaemon's Avatar
DutchDaemon DutchDaemon is offline
Real Name: Ben
Spam Refugee
 
Join Date: Jul 2008
Location: Rotterdam, The Netherlands
Posts: 337
Thanked 32 Times in 30 Posts
Default

Traffic shaping only works on the upload bandwidth (with altq). What you want can be done using pipes in ipfw (if that's available in OpenBSD).
Reply With Quote
  #6   (View Single Post)  
Old 19th January 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,431
Thanked 214 Times in 189 Posts
Default

If LordZ's OpenBSD platform is the router, then traffic from the ISP may be shaped as it enters the local network (which would be an outbound direction when leaving the router).
Reply With Quote
  #7   (View Single Post)  
Old 19th January 2009
DutchDaemon's Avatar
DutchDaemon DutchDaemon is offline
Real Name: Ben
Spam Refugee
 
Join Date: Jul 2008
Location: Rotterdam, The Netherlands
Posts: 337
Thanked 32 Times in 30 Posts
Default

Still, I believe traffic shaping 'in the opposite direction' has limited usefulness, because you cannot control/shape the traffic all the way back to its origin. You're likely to drop packets, forcing retransmits and basically wasting downstream bandwidth (and the resources of peers sending you traffic).
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
[FreeBSD + PF cbq + borrow] Dynamic shaping Enemy FreeBSD General 4 19th May 2009 08:56 AM
PF Blocking VPN Traffic plexter OpenBSD Security 6 23rd January 2009 05:25 PM
Suggestions for Web Traffic Logging? Bruco FreeBSD Ports and Packages 16 18th September 2008 10:54 PM
Ajax dynamic table/spreadsheet robbak Programming 1 7th June 2008 10:33 PM
dhcpd problems... dynamic and static leases present edhunter FreeBSD General 7 16th May 2008 02:34 PM


All times are GMT. The time now is 06:22 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick