> Hi, thanks for your reply. I am still NOT be able to get it done ( i.e - > downloading @ 80 Kbps without borrowing for the student . Pls see below. >
> > > > and wrote my rules. But, I still can NOT allocate 80Kbps for the student, > > while downloading. it goes up whole a lot. here are my rules. ( em0 is > > ext_if and em1 is int_if ) > > > > > > # enable queueing on the external interface to control traffic going to > > # the Internet. use the priq scheduler to control only priorities. set > > # the bandwidth to 485Kbps to get the best performance out of the TCP > > # ACK queue. > > > > altq on em0 priq bandwidth 485Kb queue { std_out, ssh_im_out, dns_out, \ > > tcp_ack_out } > > altq on em0 cbq bandwidth 485Kb queue { std_out, ssh_im_out, dns_out, \ > tcp_ack_out } > > it should be like below. ( I added tcp_student_out ) ltq on em0 cbq bandwidth 485Kb queue { std_out, ssh_im_out, dns_out, \ tcp_ack_out, tcp_student_out } queue std_out bandwidth 300Kb cbq(default borrow) > queue ssh_im_out bandwidth 50Kb cbq(red) > queue dns_out bandwidth 25Kb cbq(borrow) > queue tcp_ack_out bandwidth 30Kb priority 6 cbq(borrow red) > queue tcp_student_out bandwidth 80Kb cbq(red) > > > > > # define the parameters for the child queues. > > # std_out - the standard queue. any filter rule below that does not > > # explicitly specify a queue will have its traffic added > > # to this queue. > > # ssh_im_out - interactive SSH and various instant message traffic. > > # dns_out - DNS queries. > > # tcp_ack_out - TCP ACK packets with no data payload. > > > > > > # enable queueing on the internal interface to control traffic coming in > > # from the Internet. use the cbq scheduler to control bandwidth. max > > # bandwidth is 2Mbps. > > > altq on em1 cbq bandwidth 2Mb queue { std_in, ssh_im_in, dns_in, > student_in > } > > > > > > # define the parameters for the child queues. > > # std_in - the standard queue. any filter rule below that does not > > # explicitly specify a queue will have its traffic added > > # to this queue. > > # ssh_im_in - interactive SSH and various instant message traffic. > > # dns_in - DNS replies. > > # student_in - bandwidth reserved for the workstation. > > # > > > > queue std_in bandwidth 1.6Mb cbq(default) > > queue ssh_im_in bandwidth 200Kb priority 4 > > queue dns_in bandwidth 120Kb priority 5 > > queue student_in bandwidth 80Kb cbq > > > queue std_in bandwidth 1.6Mb cbq(default borrow) > queue ssh_im_in bandwidth 200Kb priority 4 > queue dns_in bandwidth 120Kb priority 5 > queue student_in bandwidth 80Kb cbq > > added as given above. > > > > > clienttcpports="{ 21, 80, 8080, 443 }" > > clientudpports="{ 53 }" > > > > > > # FTP-Proxy > > anchor "ftp-proxy/*" > > pass in quick on $int_if proto tcp from $lan_net to any port 21 \ > > flags S/SA keep state rdr-to 127.0.0.1 port 8021 > > > > # Squid Redirect > > pass in quick on $int_if proto tcp from $lan_net to any port { 80 8080 } > \ > > flags S/SA keep state rdr-to 127.0.0.1 port 3128 > #---------- > > pass in quick on $int_if proto tcp from $student_pc to any port 21 \ > flags S/SA keep state rdr-to 127.0.0.1 port 8021 queue student_in > > pass in quick on $int_if proto tcp from $student_pc to any port { 80 8080 > } \ > flags S/SA keep state rdr-to 127.0.0.1 port 3128 queue student_in > > pass in quick on $int_if proto tcp from $lan_net to any port 21 \ > flags S/SA keep state rdr-to 127.0.0.1 port 8021 > > pass in quick on $int_if proto tcp from $lan_net to any port { 80 8080 } \ > flags S/SA keep state rdr-to 127.0.0.1 port 3128 > > added as given above > > > > > > > > # filter rules > > block in log > > block out log > > #pass out log keep state > > > > antispoof quick for { lo $int_if ext_if } > > > > > > pass in log on $int_if inet proto udp from $lan_net to !$int_if \ > > port $clientudpports keep state > > > pass in log on $int_if inet proto tcp from $student_pc to !$int_if \ > port $https flags S/SA keep state queue student_in > > > pass in log on $int_if inet proto tcp from $lan_net to !$int_if \ > > port $https flags S/SA keep state > > > > > > pass out log on $ext_if inet proto udp from $ext_if to any \ > > port $clientudpports keep state queue dns_out > > > > pass out log on $ext_if inet proto tcp from $ext_if to any \ > > port $clienttcpports flags S/SA modulate state queue(std_out, > tcp_ack_out) > > > > > > > > ###pass out on $int_if proto udp from port $clientudpports to $student_pc > \ > > ### queue dns_in --delete > > > > ###pass out on $int_if proto tcp from port $clienttcpports to $student_pc > \ > > ### queue student_in -delete > > > I understood the above 2 rules > block out on $int_if > I think this is NOT needed. since I have default block the above block in log block out log > > if a rule "pass in on $int_if" with "keep state" it will pass back to > $student_pc > > Yeah, I understand. Hope to hear from you. -- Thank you Indunil Jayasooriya