Re: allocation bandwidth with cbq
Hi, I got it done. But for *http *traffic. But, I want to get it done for ftp download also. It does NOT work. These are the rules # enable queueing on the internal interface to control traffic coming in # from the Internet. use the cbq scheduler to control bandwidth. max # bandwidth is 2Mbps. altq on em1 cbq bandwidth 2Mb queue { std_in, ssh_im_in, dns_in, student_in } # define the parameters for the child queues. # std_in - the standard queue. any filter rule below that does not # explicitly specify a queue will have its traffic added # to this queue. # ssh_im_in - interactive SSH and various instant message traffic. # dns_in - DNS replies. # student_in - bandwidth reserved for student's workstation. # queue std_in bandwidth 1.6Mb cbq(default borrow) queue ssh_im_in bandwidth 200Kb priority 4 queue dns_in bandwidth 120Kb priority 5 queue student_in bandwidth 80Kb cbq # FTP Proxy rules ( *This highlighted rule worked in bold DOES NOT work ? any idea ?)* anchor ftp-proxy/* *pass in quick on $int_if proto tcp from $student_pc to any port 21 \ flags S/SA keep state rdr-to 127.0.0.1 port 8021 queue student_in* pass in quick on $int_if proto tcp from $lan_net to any port 21 \ flags S/SA keep state rdr-to 127.0.0.1 port 8021 # Squid Redirect ( *This highlighted rule worked*) *pass in quick on $int_if proto tcp from $student_pc to any port { 80 8080 } \ flags S/SA keep state rdr-to 127.0.0.1 port 3128 queue student_in * pass in quick on $int_if proto tcp from $lan_net to any port { 80 8080 } \ flags S/SA keep state rdr-to 127.0.0.1 port 3128 pass in quick log on $int_if inet proto udp from $lan_net to !$int_if \ port $clientudpports keep state queue dns_in pass in quick log on $int_if inet proto tcp from $student_pc to !$int_if \ port $https flags S/SA keep state queue student_in pass in quick log on $int_if inet proto tcp from $lan_net to !$int_if \ port $https flags S/SA keep state I have got what I want up to certain extent. I am still trying to allocate ftp download for studnet_pc to 80Kbps. I think port 21 for connection to establish. It further needs ports higher than 49151 So i added in this way as well. *pass in quick on $int_if proto tcp from $student_pc to any port ( 21 49151 \ flags S/SA keep state rdr-to 127.0.0.1 port 8021 queue student_in* Still no luck? Any idea? -- Thank you Indunil Jayasooriya
Re: allocation bandwidth with cbq
You need to get your ftp-proxy setup right. *I am doing . Pls see below* . Is it right? AFAICT you just add the anchor, but do not do the pass in to port 21 rdr-to 127.0.0.7 port 8021. ok. removed 2 rules with* pass in to port 21 rdr-to 127.0.0.7 port 8021* Later on you must grant the proxy access to external ftp servers. You can add the traffic to the ftp queue from there Added these rules instead. Now, rule set is like this. ( newly added rules in BOLD ) # FTP Proxy rules anchor ftp-proxy/* *pass in quick on $int_if proto tcp from $student_pc to any port { 21 49151 } \ flags S/SA keep state queue student_in * *pass in quick on $int_if proto tcp from $lan_net to any port { 21 49151 } \ flags S/SA keep state * pass in quick log on $int_if inet proto udp from $lan_net to !$int_if \ port $clientudpports keep state queue dns_in *pass out log on $ext_if inet proto tcp from $ext_if to any \ port { 21 49151 } flags S/SA modulate state* Now, Student gets the download speed of *80Kbps*. Is this way is right? Is there a better way. If so, I would like to hear... -- Thank you Indunil Jayasooriya
Re: allocation bandwidth with cbq
Hi, thanks for your reply. I am still NOT be able to get it done ( i.e - downloading @ 80 Kbps without borrowing for the student . Pls see below. and wrote my rules. But, I still can NOT allocate 80Kbps for the student, while downloading. it goes up whole a lot. here are my rules. ( em0 is ext_if and em1 is int_if ) # enable queueing on the external interface to control traffic going to # the Internet. use the priq scheduler to control only priorities. set # the bandwidth to 485Kbps to get the best performance out of the TCP # ACK queue. altq on em0 priq bandwidth 485Kb queue { std_out, ssh_im_out, dns_out, \ tcp_ack_out } altq on em0 cbq bandwidth 485Kb queue { std_out, ssh_im_out, dns_out, \ tcp_ack_out } it should be like below. ( I added tcp_student_out ) ltq on em0 cbq bandwidth 485Kb queue { std_out, ssh_im_out, dns_out, \ tcp_ack_out, tcp_student_out } queue std_out bandwidth 300Kb cbq(default borrow) queue ssh_im_out bandwidth 50Kb cbq(red) queue dns_out bandwidth 25Kb cbq(borrow) queue tcp_ack_out bandwidth 30Kb priority 6 cbq(borrow red) queue tcp_student_out bandwidth 80Kb cbq(red) # define the parameters for the child queues. # std_out - the standard queue. any filter rule below that does not #explicitly specify a queue will have its traffic added #to this queue. # ssh_im_out - interactive SSH and various instant message traffic. # dns_out - DNS queries. # tcp_ack_out - TCP ACK packets with no data payload. # enable queueing on the internal interface to control traffic coming in # from the Internet. use the cbq scheduler to control bandwidth. max # bandwidth is 2Mbps. altq on em1 cbq bandwidth 2Mb queue { std_in, ssh_im_in, dns_in, student_in } # define the parameters for the child queues. # std_in - the standard queue. any filter rule below that does not # explicitly specify a queue will have its traffic added # to this queue. # ssh_im_in - interactive SSH and various instant message traffic. # dns_in - DNS replies. # student_in - bandwidth reserved for the workstation. # queue std_in bandwidth 1.6Mb cbq(default) queue ssh_im_in bandwidth 200Kb priority 4 queue dns_in bandwidth 120Kb priority 5 queue student_in bandwidth 80Kb cbq queue std_in bandwidth 1.6Mb cbq(default borrow) queue ssh_im_in bandwidth 200Kb priority 4 queue dns_in bandwidth 120Kb priority 5 queue student_in bandwidth 80Kb cbq added as given above. clienttcpports={ 21, 80, 8080, 443 } clientudpports={ 53 } # FTP-Proxy anchor ftp-proxy/* pass in quick on $int_if proto tcp from $lan_net to any port 21 \ flags S/SA keep state rdr-to 127.0.0.1 port 8021 # Squid Redirect pass in quick on $int_if proto tcp from $lan_net to any port { 80 8080 } \ flags S/SA keep state rdr-to 127.0.0.1 port 3128 #-- pass in quick on $int_if proto tcp from $student_pc to any port 21 \ flags S/SA keep state rdr-to 127.0.0.1 port 8021 queue student_in pass in quick on $int_if proto tcp from $student_pc to any port { 80 8080 } \ flags S/SA keep state rdr-to 127.0.0.1 port 3128 queue student_in pass in quick on $int_if proto tcp from $lan_net to any port 21 \ flags S/SA keep state rdr-to 127.0.0.1 port 8021 pass in quick on $int_if proto tcp from $lan_net to any port { 80 8080 } \ flags S/SA keep state rdr-to 127.0.0.1 port 3128 added as given above # filter rules block in log block out log #pass out log keep state antispoof quick for { lo $int_if ext_if } pass in log on $int_if inet proto udp from $lan_net to !$int_if \ port $clientudpports keep state pass in log on $int_if inet proto tcp from $student_pc to !$int_if \ port $https flags S/SA keep state queue student_in pass in log on $int_if inet proto tcp from $lan_net to !$int_if \ port $https flags S/SA keep state pass out log on $ext_if inet proto udp from $ext_if to any \ port $clientudpports keep state queue dns_out pass out log on $ext_if inet proto tcp from $ext_if to any \ port $clienttcpports flags S/SA modulate state queue(std_out, tcp_ack_out) ###pass out on $int_if proto udp from port $clientudpports to $student_pc \ ### queue dns_in --delete ###pass out on $int_if proto tcp from port $clienttcpports to $student_pc \ ### queue student_in -delete I understood the above 2 rules block out on $int_if I think this is NOT needed. since I have default block the above block in log block out log if a rule pass in on $int_if with keep state it will pass back to $student_pc Yeah, I understand. Hope to hear from you. -- Thank you Indunil Jayasooriya
allocation bandwidth with cbq
Hi list, I am trying to allocate bandwidth with cbq. I just want to allocate 80Kbps for a student. I do Not want him to borrow the bandwidth when it is available. I am on a 64 bit openbsd 4.8 stable. **I went to the below URL. I studied *example 1* , Small, Home network http://www.openbsd.org/faq/pf/queueing.html and wrote my rules. But, I still can NOT allocate 80Kbps for the student, while downloading. it goes up whole a lot. here are my rules. ( em0 is ext_if and em1 is int_if ) # enable queueing on the external interface to control traffic going to # the Internet. use the priq scheduler to control only priorities. set # the bandwidth to 485Kbps to get the best performance out of the TCP # ACK queue. altq on em0 priq bandwidth 485Kb queue { std_out, ssh_im_out, dns_out, \ tcp_ack_out } # define the parameters for the child queues. # std_out - the standard queue. any filter rule below that does not #explicitly specify a queue will have its traffic added #to this queue. # ssh_im_out - interactive SSH and various instant message traffic. # dns_out - DNS queries. # tcp_ack_out - TCP ACK packets with no data payload. queue std_out priq(default) queue ssh_im_out priority 4 priq(red) queue dns_out priority 5 queue tcp_ack_out priority 6 # enable queueing on the internal interface to control traffic coming in # from the Internet. use the cbq scheduler to control bandwidth. max # bandwidth is 2Mbps. altq on em1 cbq bandwidth 2Mb queue { std_in, ssh_im_in, dns_in, student_in } # define the parameters for the child queues. # std_in - the standard queue. any filter rule below that does not # explicitly specify a queue will have its traffic added # to this queue. # ssh_im_in - interactive SSH and various instant message traffic. # dns_in - DNS replies. # student_in - bandwidth reserved for the workstation. # queue std_in bandwidth 1.6Mb cbq(default) queue ssh_im_in bandwidth 200Kb priority 4 queue dns_in bandwidth 120Kb priority 5 queue student_in bandwidth 80Kb cbq clienttcpports={ 21, 80, 8080, 443 } clientudpports={ 53 } # FTP-Proxy anchor ftp-proxy/* pass in quick on $int_if proto tcp from $lan_net to any port 21 \ flags S/SA keep state rdr-to 127.0.0.1 port 8021 # Squid Redirect pass in quick on $int_if proto tcp from $lan_net to any port { 80 8080 } \ flags S/SA keep state rdr-to 127.0.0.1 port 3128 # filter rules block in log block out log #pass out log keep state antispoof quick for { lo $int_if ext_if } pass in log on $int_if inet proto udp from $lan_net to !$int_if \ port $clientudpports keep state pass in log on $int_if inet proto tcp from $lan_net to !$int_if \ port $https flags S/SA keep state pass out log on $ext_if inet proto udp from $ext_if to any \ port $clientudpports keep state queue dns_out pass out log on $ext_if inet proto tcp from $ext_if to any \ port $clienttcpports flags S/SA modulate state queue(std_out, tcp_ack_out) pass out on $int_if proto udp from port $clientudpports to $student_pc \ queue dns_in pass out on $int_if proto tcp from port $clienttcpports to $student_pc \ queue student_in there are some more rules. I think the given rules are enough.. any ideas? -- Thank you Indunil Jayasooriya