Hi,
I have run into an interesting problem with setup.
I run Azureus on a FreeBSD box to handle downloading stuff for my
household.
We have only 128/512 DSL so it generally is saturated while torrents are
downloaded. I want to setup Azureus to be low priority and try to limit
the effect of this problem.
I have setup outgoing ALTQ to give priority to ACKs, general traffic,
and then bittorrent last. This is working fine.
internal_net="10.17.10.0/24"
altq on $ext_if priq bandwidth 120Kb queue { std_out , low_out ,
high_out , tcp_ack_out , ef_out }
queue low_out priority 1 priq(red)
queue std_out priority 2 priq(default)
queue high_out priority 4
queue tcp_ack_out priority 5
queue ef_out priority 6
pass out on $ext_if proto tcp from ($ext_if) to any modulate state flags
S/SA queue ( std_out , tcp_ack_out )
pass out quick on $ext_if proto udp from ($ext_if) to any port 53 keep
state queue ( high_out )
pass out on $ext_if proto { udp, icmp } from ($ext_if) queue ( std_out )
# Outgoing connections from Azureus always originate from port 51002
pass out on $ext_if proto {udp,tcp} from any to 10.17.10.254 port 51002
queue ( low_out ) keep state
# Incoming connections to Azureus is set to port 50002
pass in on $ext_if proto {udp,tcp} from any to 10.17.10.254 port 50002
queue ( low_out ) keep state
Inbound is a different story. Given I can only set queues on for
outgoing traffic, I bound azureus to the internal IP of the FreeBSD box
(10.17.10.254).
Traffic is passing perfectly fine, azurues is working.
I have defined my queus as follows:
altq on $int_if cbq bandwidth 100Mb queue { internal , internet }
queue internal bandwidth 99.5Mb cbq(default)
queue internet bandwidth 500Kb { general , bittorrent }
queue general bandwidth 80% cbq(ecn)
queue bittorrent bandwidth 20% cbq(borrow red)
Basically, all but 500Kb is for internal traffic, then divide the 500Kb
queue into general and bittorrent, with bittorrent borrowing if
available.
pass in on $int_if from $internal_net to any
pass in on $int_if proto udp from any to any port $dhcpd_port
pass out on $int_if
pass out quick on $int_if from $internal_net to $internal_net queue
internal
pass out on $int_if from any to $internal_net queue general
pass out on $int_if proto { tcp, udp } from any to 10.17.10.254 port {
50002 , 51002 } queue bittorrent
I was watching pfctl -s queue -v, and the bittorrent queue was not being
utilized, so I changed my:
pass out on $int_if
to
pass log-all out quick on $int_if
traffic going to hosts behing the box were showing in on pflog0, but
no traffic to 10.17.10.254 shows. If I put a log-all on a line that
matches the traffic on the $ext_if interface it shows that in deed
traffic is heading towards 10.17.10.254. Which means that even though
the internal IP address is bound to the internal interface, the internal
interface never sees traffic for 10.17.10.254 that can be filtered.
Tcpdump does not show this either
Is this true or is there a way perform what I need to do in another way?
Adam Clark
Network Administrator
National Gallery of Victoria
PO Box 7259 St Kilda Road Vic 8004
Telephone: +61 3 8620 2369
Fax: +61 3 8620 2565
www.ngv.vic.gov.au
Keep informed of the latest NGV exhibitions, special events and programs at The
Ian Potter Centre: NGV Australia and NGV International by subscribing to [EMAIL
PROTECTED], the NGV's free e-newsletter.
DISCLAIMER: This email and any files transmitted with it are confidential and
intended solely for [EMAIL PROTECTED] If you are not the named addressee you
should not disseminate, copy or alter this email. WARNING: Although National
Gallery of Victoria has taken reasonable precautions to ensure no viruses are
present in this email, the organisation cannot accept responsibility for any
loss or damage arising from the use of this email or attachment.
