On 2012-04-06, Alex Santos <[email protected]> wrote:
> Unfortunately I am struggling to limit the bandwidth by up to a
> maximum of 128 Kbps for the local network as a whole and restrict the
> use of HTTP connections by 20%. I read the OpenBSD documentation found
> at this link (http://www.openbsd.org/faq/pf/queueing.html) and set the
> PF firewall to work with the CBQ as follows:
>
> # NAT (vic0 is my external network interface card and vic1 is my
> internal network interface card)
> nat on vic0 from vic1:network to any -> vic0:0
>
> # Qos Rules
> # I want to deliver only 16 kbytes per second to my internal network,
> divided in two groups on this test:
> # 20% to use of http (25,6 Kbps or 3.2 Kbytes per second)
> # 80% to all of another services (102,4 Kbps or 12.8 kbytes per second)
> # Eu nco quero que uma fila filha pegue a largura de banda disponmvel
> na rede para ela.
>
> altq on vic0 cbq bandwidth 128Kb queue {std, http}
> queue std bandwidth 80% cbq(default, red)
> queue http bandwidth 20% cbq(red)
Queuing affects only *outbound* traffic. You are queuing on vic0 i.e.
traffic going *to* the internet but you are not queuing on vic1 i.e.
traffic coming from the internet which you are passing on to the lan.
I find it's simpler to use 'match' rules to separate queuing from
filtering, so I would normally do something like this:
altq on vic1 cbq bandwidth 128Kb queue {std, http}
queue std bandwidth 80% cbq(default, red)
queue http bandwidth 20% cbq(red)
match from vic1:network to port 80 queue http
pass
or if you want to also limit traffic going out to the internet
(say, http posts etc):
altq on vic0 cbq bandwidth 64Kb queue {std, http}
queue std on vic0 bandwidth 80% cbq(default, red)
queue http on vic0 bandwidth 20% cbq(red)
altq on vic1 cbq bandwidth 128Kb queue {std, http}
queue std on vic1 bandwidth 80% cbq(default, red)
queue http on vic1 bandwidth 20% cbq(red)
match from vic1:network to port 80 queue http
pass
