I have a dedicated FBSD box for firewall/gateway use. Behind it are 2
Windows PC. I have read dhartmei's article on his website and have
seen various examples (#pf channel from freenode.org ) and also some
examples from the mailing lists. But it seems I can't find what I
need.
I am downloading from a fairly fast site at my 52kbytes/sec and tried
to upload at 10kybtes/sec and my download would suffer. I have a
512/128kbits ADSL line.
Here are the relevant lines in my pf.conf (macros definition has been
removed) Please take note of the 2nd to the last line. I first tried
using "pass in quick on $osaka_if proto tcp from xl1:network to any
port $osaka_in_tcp_ports flags S/SA keep state queue (q_primary,
q_default)" but it also doesn't seem to work.
Thank you very much for your help.
######## Snippet of my riules ###################
#ALTQ
altq on $ext_if priq bandwidth 100Kb queue { q_primary, q_default }
queue q_primary priority 7
queue q_default priority 1 priq(default)
###########################
#NAT and redirection
nat on $ext_if from $chiyo_if:network to any -> ($ext_if)
nat on $ext_if from $osaka_if:network to any -> ($ext_if)
rdr on $ext_if proto tcp from any to ($ext_if) port www -> 127.0.01 port 19999
###########################
#rules
block log all
block in quick on $ext_if from $private_net to any
block out quick on $ext_if from any to $private_net
block in quick proto { tcp, udp } from any port
$microsoft_shared_folder_ports to any
block out quick proto { tcp, udp } from any to any port
$microsoft_shared_folder_ports
pass out quick on $ext_if proto udp from ($ext_if) to any keep state
pass out quick on $ext_if proto tcp from any to any flags S/SA keep
state queue (q_primary, q_default)
pass in quick on $ext_if proto tcp from any to ($ext_if) port
$ext_in_tcp_ports_to flags S/SA keep state queue (q_primary,
q_default)
pass in quick on $ext_if inet proto tcp from any to 127.0.01 port
$ext_in_apache flags S/SA synproxy state queue (q_primary, q_default)
pass in quick on xl1 proto udp from xl1:network to 192.168.0.1 port
$osaka_in_udp_ports keep state
pass in quick on xl1 proto tcp from xl1:network to any port
$osaka_in_tcp_ports flags S/SA keep state queue
pass out quick on $osaka_if proto tcp from any to any flags S/SA keep state
