Local transfer is slow.

maurobottone · #1 **(View Single Post)** 10th January 2009

Hi, I know I know...often here with my problems :/ I'm trying to learn, I'm reading all I can, but something I can't find solutions or, if I found it, I can't undestand the causes :°D
Here my pf.conf:

Code:

### macros
int_if = "re0"
dmz_if = "re1"
ext_if = "pppoe0"

tcp_services = "{ 20, 21, 22, 25, 80, 110, 113 }"
udp_service = "{ 53, 5060 }"

icmp_types = "echoreq"

priv_nets = "{ 127.0.0.0/8, 192.168.0.0/16 }"
dmz_net = "192.168.1.0/16"

bnd_upstream="512Kb"
bnd_downstream="7168Kb"

host_usr1="192.168.0.1"
host_usr4="192.168.0.4"
host_usr5="192.168.0.5"
host_usr6="192.168.0.6"
host_usr8="192.168.0.8"
host_usr9="192.168.0.9"
host_usr10="192.168.0.10"
host_usr11="192.168.0.11"
host_usr12="192.168.0.12"
host_usr13="192.168.1.13"
host_usr14="192.168.1.14"
host_usr15="192.168.0.15"
host_usr16="192.168.0.16"
host_usr17="192.168.0.17"
host_usr18="192.168.0.18"


### options
set optimization normal
set block-policy return
set loginterface $ext_if
set skip on lo0


### scrub
scrub in all
scrub out on $ext_if max-mss 1440


### altq
altq on $ext_if cbq bandwidth $bnd_upstream   queue { up_def }
altq on $int_if cbq bandwidth $bnd_downstream queue { dn_def }
altq on $dmz_if cbq bandwidth $bnd_downstream queue { dn_def }

queue up_def    bandwidth   100% cbq(default) { up_host1 up_host4 up_host5 up_host6 up_host8 up_host9 up_host10 up_host11 up_host12 up_host13 up_host14 up_host15 up_host16 up_host17 up_host18 }
        queue up_host1   bandwidth   13% cbq(borrow)
        queue up_host4   bandwidth    7% cbq(borrow)
        queue up_host5   bandwidth    7% cbq(borrow)
        queue up_host6   bandwidth    7% cbq(borrow)
        queue up_host8   bandwidth    6% cbq(borrow)
        queue up_host9   bandwidth    6% cbq(borrow)
        queue up_host10  bandwidth    6% cbq(borrow)
        queue up_host11  bandwidth    6% cbq(borrow)
        queue up_host12  bandwidth    6% cbq(borrow)
        queue up_host13  bandwidth    6% cbq(borrow)
        queue up_host14  bandwidth    6% cbq(borrow)
        queue up_host15  bandwidth    6% cbq(borrow)
        queue up_host16  bandwidth    6% cbq(borrow)
        queue up_host17  bandwidth    6% cbq(borrow)
        queue up_host18  bandwidth    6% cbq(borrow)

queue dn_def    bandwidth   100% cbq(default) { dn_host1 dn_host4 dn_host5 dn_host6 dn_host8 dn_host9 dn_host10 dn_host11 dn_host12 dn_host13 dn_host14 dn_host15 dn_host16 dn_host17 dn_host18}
        queue dn_host1   bandwidth   13% cbq(borrow)
        queue dn_host4   bandwidth    7% cbq(borrow)
        queue dn_host5   bandwidth    7% cbq(borrow)
        queue dn_host6   bandwidth    7% cbq(borrow)
        queue dn_host8   bandwidth    6% cbq(borrow)
        queue dn_host9   bandwidth    6% cbq(borrow)
        queue dn_host10  bandwidth    6% cbq(borrow)
        queue dn_host11  bandwidth    6% cbq(borrow)
        queue dn_host12  bandwidth    6% cbq(borrow)
        queue dn_host13  bandwidth    6% cbq(borrow)
        queue dn_host14  bandwidth    6% cbq(borrow)
        queue dn_host15  bandwidth    6% cbq(borrow)
        queue dn_host16  bandwidth    6% cbq(borrow)
        queue dn_host17  bandwidth    6% cbq(borrow)
        queue dn_host18  bandwidth    6% cbq(borrow)


### nat/rdr
nat on $ext_if from $int_if:network to any -> ($ext_if)
nat on $ext_if from $dmz_if:network to any -> ($ext_if)
nat on $int_if from $dmz_if:network to any -> ($int_if)
nat on $dmz_if from $int_if:network to any -> ($dmz_if)
#redirect per nucleo, anima, xaser ed enjoy
rdr pass on $ext_if proto { tcp udp } from any to ($ext_if) port {4001:4005, 1063:1083} -> $host_usr1
rdr pass on $ext_if proto { tcp udp } from any to ($ext_if) port 1000:1020 -> $host_usr8
rdr pass on $ext_if proto { tcp udp } from any to ($ext_if) port {1021:1041, 3724, 6112 } -> $host_usr9
rdr pass on $ext_if proto { tcp udp } from any to ($ext_if) port 1042:1062 -> $host_usr10
rdr-anchor miniupnpd #*


### filter rules
block all
block drop in quick on $ext_if from $priv_nets to any
block drop out quick on $ext_if from any to $priv_nets
block drop in quick on $ext_if from $dmz_net to any
block drop out quick on $ext_if from any to $dmz_net

pass in on $int_if proto { tcp udp } from $host_usr1  to any queue up_host1
pass in on $int_if proto { tcp udp } from $host_usr4  to any queue up_host4
pass in on $int_if proto { tcp udp } from $host_usr5  to any queue up_host5
pass in on $int_if proto { tcp udp } from $host_usr6  to any queue up_host6
pass in on $int_if proto { tcp udp } from $host_usr8  to any queue up_host8
pass in on $int_if proto { tcp udp } from $host_usr9  to any queue up_host9
pass in on $int_if proto { tcp udp } from $host_usr10 to any queue up_host10
pass in on $int_if proto { tcp udp } from $host_usr11 to any queue up_host11
pass in on $int_if proto { tcp udp } from $host_usr12 to any queue up_host12
pass in on $dmz_if proto { tcp udp } from $host_usr13 to any queue up_host13
pass in on $dmz_if proto { tcp udp } from $host_usr14 to any queue up_host14
pass in on $int_if proto { tcp udp } from $host_usr15 to any queue up_host15
pass in on $int_if proto { tcp udp } from $host_usr16 to any queue up_host16
pass in on $int_if proto { tcp udp } from $host_usr16 to any queue up_host17
pass in on $int_if proto { tcp udp } from $host_usr16 to any queue up_host18

pass in on $ext_if inet proto tcp from any to ($ext_if) port $tcp_services flags S/SA keep state
pass in on $ext_if inet proto udp from any to ($ext_if) port $udp_service keep state
pass in on $ext_if inet proto { tcp udp } from any to ($dmz_if) keep state
pass in inet proto icmp all icmp-type $icmp_types keep state
pass in on $int_if from $int_if:network to any
pass in on $dmz_if all keep state


pass out on $int_if proto { tcp udp } from any to $host_usr1  queue dn_host1
pass out on $int_if proto { tcp udp } from any to $host_usr4  queue dn_host4
pass out on $int_if proto { tcp udp } from any to $host_usr5  queue dn_host5
pass out on $int_if proto { tcp udp } from any to $host_usr6  queue dn_host6
pass out on $int_if proto { tcp udp } from any to $host_usr8  queue dn_host8
pass out on $int_if proto { tcp udp } from any to $host_usr9  queue dn_host9
pass out on $int_if proto { tcp udp } from any to $host_usr10 queue dn_host10
pass out on $int_if proto { tcp udp } from any to $host_usr11 queue dn_host11
pass out on $int_if proto { tcp udp } from any to $host_usr12 queue dn_host12
pass out on $dmz_if proto { tcp udp } from any to $host_usr13 queue dn_host13
pass out on $dmz_if proto { tcp udp } from any to $host_usr14 queue dn_host14
pass out on $int_if proto { tcp udp } from any to $host_usr15 queue dn_host15
pass out on $int_if proto { tcp udp } from any to $host_usr16 queue dn_host16
pass out on $int_if proto { tcp udp } from any to $host_usr16 queue dn_host17
pass out on $int_if proto { tcp udp } from any to $host_usr16 queue dn_host18

pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state
pass out on $int_if from any to $int_if:network
pass out on $dmz_if all keep state


###Deny spoofing
antispoof for $ext_if
antispoof for $dmz_if
antispoof for $int_if

anchor miniupnpd #*

I followed some tutorials and created this system of bandwidth management to redistribute a specific percent of internet band to each computer.
My first question: is it correct?!
My second question: if it's correct, why these rules give me problems with local transfer of files? When I use this firewall and try to transfer a file from a pc to another pc of my local net, the maximum band is assumed to be that was defined in "bnd_downstream" and the rate can't be taller than "7168MB"...but it isn't correct: this value should be EXTERNAL DOWNLOAD BAND, not internal that is 1000MB/s (gigabit ethernet card). If I use the same firewall without this bandwidth management, but with the same other rules, local transfer goes well!
Where is the problem?! Thanks.

maurobottone · #2 **(View Single Post)** 10th January 2009

Oh...The problem seems to be in altq on internal interfaces ($int_if and $dmz_if) because if I comment these altq rules and all rules for bandwidth management on these nets, transfer rate is owkee...I also tried to change:

pass out on $int_if proto { tcp udp } from any to $host_usr1 queue dn_host1

to:

pass out on $int_if proto { tcp udp } from ($ext_if) to $host_usr1 queue dn_host1

(for all download rules), but not any good changes...

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
transfer rate	zomo	OpenBSD General	7	26th January 2009 03:00 AM
Have problem transfer large file bigger 1GB	bsdme2	FreeBSD General	9	14th January 2009 05:49 AM
local dns (dnsmasq)	bsdperson	FreeBSD Ports and Packages	3	3rd September 2008 06:48 AM
proxy : replace gif with local gif	milo974	OpenBSD General	4	17th July 2008 06:45 AM
Apache data transfer limit	cajunman4life	General software and network	5	7th June 2008 05:13 PM