> Hi, thanks for your reply. I am still NOT be able to get it done ( i.e -
> downloading @ 80 Kbps without borrowing for the student . Pls see below.
>
> >
> > and wrote my rules. But, I still can NOT allocate 80Kbps for the student,
> > while downloading. it goes up whole a lot. here are my rules. ( em0 is
> > ext_if and em1 is int_if )
> >
> >
> > # enable queueing on the external interface to control traffic going to
> > # the Internet. use the priq scheduler to control only priorities. set
> > # the bandwidth to 485Kbps to get the best performance out of the TCP
> > # ACK queue.
> >
> > altq on em0 priq bandwidth 485Kb queue { std_out, ssh_im_out, dns_out, \
> > tcp_ack_out }
>
> altq on em0 cbq bandwidth 485Kb queue { std_out, ssh_im_out, dns_out, \
> tcp_ack_out }
>
> it should be like below. ( I added tcp_student_out )
ltq on em0 cbq bandwidth 485Kb queue { std_out, ssh_im_out, dns_out, \
tcp_ack_out, tcp_student_out }
queue std_out bandwidth 300Kb cbq(default borrow)
> queue ssh_im_out bandwidth 50Kb cbq(red)
> queue dns_out bandwidth 25Kb cbq(borrow)
> queue tcp_ack_out bandwidth 30Kb priority 6 cbq(borrow red)
> queue tcp_student_out bandwidth 80Kb cbq(red)
>
> >
> > # define the parameters for the child queues.
> > # std_out - the standard queue. any filter rule below that does not
> > # explicitly specify a queue will have its traffic added
> > # to this queue.
> > # ssh_im_out - interactive SSH and various instant message traffic.
> > # dns_out - DNS queries.
> > # tcp_ack_out - TCP ACK packets with no data payload.
> >
> >
> > # enable queueing on the internal interface to control traffic coming in
> > # from the Internet. use the cbq scheduler to control bandwidth. max
> > # bandwidth is 2Mbps.
> >
> altq on em1 cbq bandwidth 2Mb queue { std_in, ssh_im_in, dns_in,
> student_in
> }
>
>
> >
> > # define the parameters for the child queues.
> > # std_in - the standard queue. any filter rule below that does not
> > # explicitly specify a queue will have its traffic added
> > # to this queue.
> > # ssh_im_in - interactive SSH and various instant message traffic.
> > # dns_in - DNS replies.
> > # student_in - bandwidth reserved for the workstation.
> > #
> >
> > queue std_in bandwidth 1.6Mb cbq(default)
> > queue ssh_im_in bandwidth 200Kb priority 4
> > queue dns_in bandwidth 120Kb priority 5
> > queue student_in bandwidth 80Kb cbq
> >
> queue std_in bandwidth 1.6Mb cbq(default borrow)
> queue ssh_im_in bandwidth 200Kb priority 4
> queue dns_in bandwidth 120Kb priority 5
> queue student_in bandwidth 80Kb cbq
>
> added as given above.
>
> >
> > clienttcpports="{ 21, 80, 8080, 443 }"
> > clientudpports="{ 53 }"
> >
> >
> > # FTP-Proxy
> > anchor "ftp-proxy/*"
> > pass in quick on $int_if proto tcp from $lan_net to any port 21 \
> > flags S/SA keep state rdr-to 127.0.0.1 port 8021
> >
> > # Squid Redirect
> > pass in quick on $int_if proto tcp from $lan_net to any port { 80 8080 }
> \
> > flags S/SA keep state rdr-to 127.0.0.1 port 3128
> #----------
>
> pass in quick on $int_if proto tcp from $student_pc to any port 21 \
> flags S/SA keep state rdr-to 127.0.0.1 port 8021 queue student_in
>
> pass in quick on $int_if proto tcp from $student_pc to any port { 80 8080
> } \
> flags S/SA keep state rdr-to 127.0.0.1 port 3128 queue student_in
>
> pass in quick on $int_if proto tcp from $lan_net to any port 21 \
> flags S/SA keep state rdr-to 127.0.0.1 port 8021
>
> pass in quick on $int_if proto tcp from $lan_net to any port { 80 8080 } \
> flags S/SA keep state rdr-to 127.0.0.1 port 3128
>
> added as given above
>
>
>
>
> >
> > # filter rules
> > block in log
> > block out log
> > #pass out log keep state
> >
> > antispoof quick for { lo $int_if ext_if }
> >
> >
> > pass in log on $int_if inet proto udp from $lan_net to !$int_if \
> > port $clientudpports keep state
>
>
> pass in log on $int_if inet proto tcp from $student_pc to !$int_if \
> port $https flags S/SA keep state queue student_in
>
> > pass in log on $int_if inet proto tcp from $lan_net to !$int_if \
> > port $https flags S/SA keep state
> >
> >
> > pass out log on $ext_if inet proto udp from $ext_if to any \
> > port $clientudpports keep state queue dns_out
> >
> > pass out log on $ext_if inet proto tcp from $ext_if to any \
> > port $clienttcpports flags S/SA modulate state queue(std_out,
> tcp_ack_out)
> >
> >
> >
> > ###pass out on $int_if proto udp from port $clientudpports to $student_pc
> \
> > ### queue dns_in --delete
> >
> > ###pass out on $int_if proto tcp from port $clienttcpports to $student_pc
> \
> > ### queue student_in -delete
> >
>
I understood the above 2 rules
> block out on $int_if
>
I think this is NOT needed. since I have default block the above
block in log
block out log
>
> if a rule "pass in on $int_if" with "keep state" it will pass back to
> $student_pc
>
> Yeah, I understand.
Hope to hear from you.
--
Thank you
Indunil Jayasooriya
