Re: pf + altq syntax check plz

Sun, 02 Jul 2006 09:25:40 -0700 

On Jul 2, 2006, at 11:38 AM, S t i n g r a y wrote:
I am configuring altq & pf for the first time , & have a few problems here .. 


well i need to traffic shape between diffrent protocols as you can  
see in my pf.conf



now i am stuck & confused what to do next as i have built this file  
with diffrent ref from web.



the im is the most common Instant messengers protocoles can you  
tell me how to make it right ?



also when running hte file as it is i get pfctl: SIOCGIFMTU: Device  
not configured error.


what does this mean ?



That error means it doesn't recognize the device you've referenced.   
In your altq line you have "extif" which does not exist in any of the  
macros you've listed.



extad="192.168.0.6/32"
chadd="10.0.0.6/32"
scrub in all
altq on extif hfsc bandwidth 500Kb \
queue { www, dns, im, mail, other}
queue www bandwidth (linkshare 35%)
queue dns bandwidth (linkshare 10%)
queue im bandwidth (linkshare 25%)
queue mail bandwidth (linkshare 10%)
queue other hfsc (default)
rdr on $intif proto tcp from $intad to any port 80 -> $chadd port 8080
nat on $extif inet from $intad -> $extad
pass out on $extif inet proto { icmp, udp, tcp } keep state



First, I would stop using hfsc and just use priority queueing  
(priq).  All you're trying to do is prioritize services.  HFSC is an  
advanced algorithm that is certainly overkill for your use.  You  
don't list your devices, so I'm going to pretend you're using em  
(4).  Here is a revised version of yours that should work (not  
tested), with a bonus tossed in for free (ack prioritization).  I've  
removed IM protocols;  they are easy enough for you to insert them  
once you understand the concepts and know *which* IM protocols you  
wish to prioritize.


# Define our macros
ext_if="em0"
int_if="em1"
extadd="192.168.0.6"
chadd="10.0.0.6"
www_ports="{ http, https }"
mail_ports="{ pop3, pop3s, imap, imaps, smtp }"

# Normalization
scrub in all

# Queueing

altq on $ext_if priq bandwidth 500Kb queue { other, mail, www, dns,  
ack }

   queue other priq(default)
   queue mail priority 2
   queue www priority 3
   queue dns priority 5
   queue ack priority 6

# Translation

rdr on $int_if proto tcp from ($int_if:network) to any port http ->  
$chadd port 8080

nat on $ext_if inet from ($int_if:network) to any -> $chadd

# Filtering
block in on $ext_if all
pass out on $ext_if inet proto { icmp, udp } all keep state queue other
pass out on $ext_if inet proto tcp all keep state queue(other, ack)

pass out on $ext_if inet proto { tcp, udp } from any to any port  
domain keep state queue dns
pass out on $ext_if inet proto tcp from ($int_if:network) to any port  
$www_ports keep state queue www
pass out on $ext_if inet proto tcp from ($int_if:network) to any port  
$mail_ports keep state queue mail



HTH.

--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net















    











					Reply via email to