Limiting Individual User Upload w/ PF+ALTQ
I am trying to setup traffic shaping on our network. I was wondering if it was possible to limit a users download bandwidth and upload bandwidth within the same state connection. For example, say a user connects to an external FTP site and does some uploading and downloading. Can I allow him to download at 1Mb but limit his upload to 500Kb? As I understand the packet filtering of PF, the first packet creates a state and the rest are then ignored by the filtering software. If this is true, the users first packet will be inbound on the internal interface which will be queued for download speed. This makes sense to me when you want to queue the entire connection but how do I then do a separate queue on the traffic coming back? I am using 7.0 STABLE. Thanks in advance, Joe ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Limiting Individual User Upload w/ PF+ALTQ
I am trying to setup traffic shaping on our network. I was wondering if it was possible to limit a users download bandwidth and upload bandwidth within the same state connection. For example, say a user connects to an external FTP site and does some uploading and downloading. Can I allow him to download at 1Mb but limit his upload to 500Kb? As I understand the packet filtering of PF, the first packet creates a state and the rest are then ignored by the filtering software. If this is true, the users first packet will be inbound on the internal interface which will be queued for download speed. This makes sense to me when you want to queue the entire connection but how do I then do a separate queue on the traffic coming back? I am using 7.0 STABLE. Thanks in advance, Joe ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Limiting Individual User Upload w/ PF+ALTQ
On 18:18:09 Mar 27, Joe Ryan wrote: I am trying to setup traffic shaping on our network. I was wondering if it was possible to limit a users download bandwidth and upload bandwidth within the same state connection. For example, say a user connects to an external FTP site and does some uploading and downloading. Can I allow him to download at 1Mb but limit his upload to 500Kb? Easy with pf. As I understand the packet filtering of PF, the first packet creates a state and the rest are then ignored by the filtering software. Then your understanding is wrong. If this is true, the users first packet will be inbound on the internal interface which will be queued for download speed. This makes sense to me when you want to queue the entire connection but how do I then do a separate queue on the traffic coming back? What happens is that maintaining state enhances security and does not reduce it as people often think. Matching states is several orders of magnitude faster, more efficient and secure than matching every packet with the thousand firewall rules. Anyway that is a digression. You want to limit speeds? Only upload speeds? Use the HFSC queue or CBQ queue of pf. You can specify the direction as in or out. So pf gives you enough granularity for restricting either inbound or outbound traffic (downloads and uploads). The only caveat is that you will need to invest some time and effort in figuring out how queuing disciplines work. No big deal if you can read thro' the documentation. Here is a site that can help you. http://www.calomel.org/pf_hfsc.html Thanks. -Girish ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
