Hi,
I've tried for many months (ever since http://www.benzedrine.cx/ackpri.html
was published) to speed up my downloads when uploading but nothing
seems to work. My cousins use BitTorrent and I've attempted to
limit their uploads to ~5kbps but downloads often max out at 200kbps.
I switched from priq to cbq because someone had mentioned that priq
isn't as good as cbq when shaping p2p bandwidth but the results are
still bad. Even putting web traffic on a separate queue doesn't
help speed up web surfing responsiveness. Any ideas?
My connection is a 1500Kbps/768Kbps ADSL connection using PPPoE, running on a
3.3-current machine.
pf.conf:
ext_if="tun0"
int_if="sis0"
aim_image="4443"
aim_default="5190"
aim_ports="{" $aim_image $aim_default "}"
cyth="168.100.177.129"
# Log $ext_if for pfstat.
set loginterface $ext_if
# Scrub everything.
scrub on $ext_if random-id no-df reassemble tcp fragment reassemble
altq on $ext_if cbq bandwidth 100Kb queue {bt_ext std_ext web_ext cs_ext ssh_aim_ext
dns_ext tcp_ack_ext ntp_ext}
queue bt_ext bandwidth 6Kb priority 0 cbq #BitTorrent
queue std_ext bandwidth 20% cbq(default red ecn) #Regular crap
queue web_ext bandwidth 60% priority 3 cbq(borrow red ecn) #Web Traffic
queue ssh_aim_ext bandwidth 20% priority 4 cbq(borrow red) #AIM and SSH
queue dns_ext bandwidth 10% priority 5 cbq(borrow) #DNS
queue tcp_ack_ext bandwidth 10% priority 6 cbq(borrow) #TCP ACKs
queue ntp_ext bandwidth 10% priority 6 cbq(borrow) #NTP
altq on $int_if cbq bandwidth 100% queue {net_int local_int}
#Internet traffic
queue net_int bandwidth 1.3Mb {bt_int std_int web_int cs_int ssh_aim_int dns_int
ntp_int}
queue bt_int bandwidth 5% priority 0 cbq #BitTorrent
queue std_int bandwidth 10% cbq(default) #Regular crap
queue web_int bandwidth 65% priority 3 cbq(borrow) #Web Traffic
queue ssh_aim_int bandwidth 10% priority 4 cbq(borrow red) #AIM/SSH
queue dns_int bandwidth 5% priority 5 cbq(borrow) #DNS
queue ntp_int bandwidth 5% priority 6 cbq(borrow) #NTP
queue local_int #Local network
# Block ipv6 traffic.
block log quick inet6
# Block spoofed traffic.
antispoof for { lo0 $ext_if $int_if } inet
block in log quick on $ext_if from $int_if:network
block in log quick on $int_if from ! $int_if:network
# Block all by default.
block in log on {$ext_if $int_if} inet
# Allow local network to access Internet.
pass in on $int_if inet from $int_if:network
# Allow pinging of all computers.
pass in quick on $ext_if inet proto icmp icmp-type echoreq code 0 keep state
# Allow AIM direct connects and file transfers, hopefully.
pass in on $ext_if proto tcp to port $aim_ports synproxy state queue (std_ext,
tcp_ack_ext)
# Speed up NTP.
pass out on $ext_if inet proto udp to port ntp keep state queue (ntp_ext)
pass out on $int_if inet proto udp from port ntp keep state queue (ntp_int)
# Prioritize ACKs.
pass out on $ext_if synproxy state queue (std_ext, tcp_ack_ext)
# Speed up DNS.
pass out on $ext_if inet proto tcp to port domain synproxy state queue (dns_ext)
pass out on $ext_if inet proto udp to port domain keep state queue (dns_ext)
pass out on $int_if inet proto tcp from port domain synproxy state queue (dns_int)
pass out on $int_if inet proto udp from port domain keep state queue (dns_int)
# Speed up AIM.
pass out on $ext_if proto tcp to port 5190 synproxy state queue (ssh_aim_ext,
tcp_ack_ext)
pass out on $int_if proto tcp from port 5190 synproxy state queue (ssh_aim_int)
# Speed up SSH.
pass out on $ext_if proto tcp to port ssh synproxy state queue (web_ext, ssh_aim_ext)
pass out on $int_if proto tcp from port ssh synproxy state queue (web_int, ssh_aim_int)
# Speed up web traffic.
pass out on $ext_if proto tcp to port {www ftp ftp-data https} synproxy state queue
(web_ext, tcp_ack_ext)
pass out on $int_if proto tcp from port {www ftp ftp-data https} synproxy state queue
(web_int)
# Speed up Counter-Strike.
#pass out on $ext_if proto tcp to port 27015 synproxy state queue (cs_ext, tcp_ack_ext)
#pass out on $int_if proto tcp from port 27015 synproxy state queue (cs_int)
# Unlimited access to firewall.
pass out on $int_if from {$int_if $ext_if} to $int_if:network keep state queue
(local_int)
# Certain people are not cooperating willingly. We shall try force now.
pass out on $ext_if proto tcp to port {6879><6890 8879><8890} synproxy state queue
(bt_ext)
pass out on $int_if proto tcp from port {6879><6890 8879><8890} synproxy state queue
(bt_int)
# Allow certain connections to cyth.net.
pass in on $ext_if proto tcp to $cyth synproxy state queue (web_ext)
pass in on $ext_if proto tcp to $cyth port ssh synproxy state queue (web_ext,
ssh_aim_ext)
# Don't allow SMTP connections from any servers other than cyth.net.
block in log on $int_if proto tcp from !$cyth to port smtp
