Re: openbsd 5.6 pf sends all inbound traffic to default queue

Wed, 25 Mar 2015 05:03:52 -0700 

On 2015/03/25 10:56, Petr Topiarz wrote:
> Cannot queue inbound traffic, is that a BUG or PEBCAK?
> I am on 5.6 default kernel (tried amd64 and i386 - the same result).
> 
> 1. what works - queueing OUTBOUND TRAFFIC with "pass out":
> ----CODE START -----
> ext_if=em0
> int_if=axe0
> 
> pass in all 
> pass out all
> 
> queue rootq on $ext_if bandwidth 40M, min 40M, max 40M
> queue http parent rootq bandwidth 6M, min 1M, max 7M 
> queue std parent rootq bandwidth 1M, min 500K, max 2M default
> 
> pass out on $ext_if proto tcp from 192.168.8.5 set queue http 
> pass out on $ext_if proto tcp from 192.168.8.2 set queue std
> 
> match out on $ext_if from $int_if:network to any nat-to $ext_if
> -------END----------
> 
> 2. what does not work, but should - queueing INBOUNT with "pass out":
> 
> --- CODE START ---
> 
> ext_if=em0
> int_if=axe0
> 
> pass in all 
> pass out all
> 
> queue rootq on $int_if bandwidth 40M, min 40M, max 40M
> queue http parent rootq bandwidth 6M, min 1M, max 7M 
> queue std parent rootq bandwidth 1M, min 500K, max 2M default
> 
> pass out on $int_if proto tcp from any to 192.168.8.5 set queue http 
> pass out on $int_if proto tcp from any to 192.168.8.2 set queue std
> 
> match out on $ext_if from $int_if:network to any nat-to $ext_if
> ----- END -----
> 
> I am using a testing pc behind the nat as shown, with IP 192.168.8.5 and the
> queue http, which should work is always empty and everything goes into the
> default....
> 
> Can anyone help? Please! I am desperate...
> Thanks
> Peter
> 

Queueing is only done on output. For input, you have already received
the packet by the time it hits your machine, it is too late to queue.

Try somethinhg like this (adjust bw as needed).

queue rootq on $ext_if bandwidth 40M, min 40M, max 40M
queue http on $ext_if parent rootq bandwidth 6M, min 1M, max 7M 
queue std on $ext_if parent rootq bandwidth 1M, min 500K, max 2M default

queue rootq on $int_if bandwidth 40M, min 40M, max 40M
queue http on $int_if parent rootq bandwidth 6M, min 1M, max 7M 
queue std on $int_if parent rootq bandwidth 1M, min 500K, max 2M default

Reply via email to