I wrote:
On Wednesday, Jun 25, 2003, at 02:21 US/Pacific, Ganbaa wrote:
I'm trying to do. I installed OpenBSD 3.3 and configured pf on the
our LAN.
OpenBSD box has 2 network cards (Internal and External). The purpose
is
testing to limit bandwidth for each hosts on the LAN. LAN has more
than 30
hosts. I divided into several groups those hosts. Example: developers,
marketing, servicing e.g
The problem is all traffic is going only one default queue (std queue
) on
the external interface. I attached pf.conf file and debug message. So
Could
The issue is the use of NAT on the external interface:
nat on $ext_if from $internal_net to any -> ($ext_if)
Translation happens before filtering, so by the time the packet gets to
pass out on $ext_if from { <developers> } to any keep state queue
developers_ex
the source address has already been changed from <developers> to
($ext_if).
The setup already uses queues on the internal interface, so tagging for
external queues can't happen there.
There's another possibility I missed: name the queues the same. Instead
of "developers_in" and "developers_ex", just have both be "developers".
That way you can do everything with filter rules on $int_if, and not
worry about $ext_if.
