Travis H. wrote:
My scp and sftp clients (openssh) certainly don't set it.
When I scp, it's ToS 0x8. When I do interactive ssh, it's 0x10.
Hmmm, after rechecking I can't get 0x10 on bulk ssh transfers, but I could
swear I've seen one. Oh well.
Other parties welcome to debate this.
I've noticed that many programs love to abuse TOS byte, lowdelay bit in
particular. The effect is, that a lot of packets that one would never
expect, land in the 2nd queue (even scp sftp set it), destroying in
practice the purpose of having one.
I adjusted the condition in sys/net/pf.c in
Well, I have tested a bit more, including DFBSD. Although it handled the
traffic with limits a bit better (otoh, the computer was much slower - p2
333, so it might have had some influence), it still had problems. Option HZ
bumped to 1000 (as is recommended in most cases, when altq is in
Small correction - that table 1.5 vs. 12 was from some other test. This
is what I meant to post (hfsc, tbrsize 12k,
bandwidth/realtime/link/upper
set to the same value, although anything besides upperlimit
didn't matter much):
theoretical / actual
8 / 8
10 / 10
12 /
George Pontis wrote:
Daniel - any attempt that I can muster to subscribe to the pf mailing
list fails because spamassassin flags it as spam. The recommended text
subscribe in the body of the message is rated as spam and the mail
rejected as so:
[cut]
I had similar problems where anything
While doing more tests with my setup, I've noticed quite large
differences between required and effective throughput, both in
hfsc and cbq cases. The problems start, when requested bandwidth
is above 10 - 12 Mb and is also *limited* (so either upperlimit
is set in hfsc, or there's no borrow
I noticed, that for some reason, subequeues have hard time
borrowing unless the parent queue can borrow itself.
For example, consider following setup (only important parts):
altq on $if_100 cbq bandwidth 100Mb queue { if100_www,if100_mail, \
if100_misc, if100_ftp, if100_pri, if100_extbulk,
[EMAIL PROTECTED] (Travis H.) wrote in
news:[EMAIL PROTECTED]:
I can't parse this. If the traffic is to the server, it will be
inbound. Queuing works on outbound traffic. They are distinct, and
don't interact in full-duplex mode.
Or are you talking about doing this on your external
Recently I've been writing rules for small router (2 internal interfaces, 1
external, few services running). Originally I didn't thought about
subqueuing (cbq) inbound traffic - I've just set 1 queue for the whole
inbound (1 mbit) on internal interface, so it won't get stalled by other
traffic
outside = { a.b.c.d }
special = { 10.23.145.10 }
internal = { 10.23.145.0/24, !10.23.145.10 }
nat on fxp0 from $internal to any - $outside
binat on fxp0 from $special to any - $outside
Meaning of this is that i do with natting and portmapping on all
normal connections, but only the host
I followed your suggestions regarding nc.
Also this time I had 4 nics - 2 compex nics (the same model as
previously - RL100-ATX, running under wb driver) and my two old
trusty cards - 3c905 and 3c905b.
First - both 3com cards solved any anomalies I've had - everything
worked beautifully and as
On Tue, 02 May 2006 09:15:17 +0200, jared r r spiegel [EMAIL PROTECTED]
=
wrote:
just to be clear, you're definately not confusing b with B, right?
eg, when altq/cbq is 4Mb, 'pfctl -vvsq' is saying Kb/s and not Mb/s =
?
not to say it is the cause, but in the case of
First about the setup: a bit older hardware - P2B mobo, P2 333, 192 mb
ram, compex pci nics (dmesg attached at the end). 2 boxes - 1 obsd with
old 20gb disk, and one ftp client on w2k with even older 3gb hdd.
OBSD box is pretty much vanilla 3.8 with vsftpd accepting passive
connections at
[EMAIL PROTECTED] (Camiel Dobbelaar) wrote in
To answer your question: data connections go _through_ the firewall,
so both an 'in' and 'out' pass rule are needed.
I think I got confused in the same way like Gabriel recently in the other
thread (clarification of the NAT behaviour) - I
Hello
I have two (unreleated) questions - the first one regarding new
ftp-proxy (the one using anchors) and the other regarding company
example in official obsd faq
(http://www.openbsd.org/faq/pf/queueing.html#example2)
1)...
This is how I understand pf + ftp-proxy functionality:
First, two
15 matches
Mail list logo
