Re: PF+ALTQ+HFSC

2006-05-09 Thread jared r r spiegel 
On Sun, May 07, 2006 at 03:31:22PM +0700, sugeng riadi wrote:
 i want shaping trafik to client by port or aplication, but my config
 not runing properly,
 
 the ftp package canot over from gw
 
 any one help me please..!!??
 
 this my config

  does the config load correctly?

  'pfctl -nvf /etc/pf.conf' has no complaints?

 block in on $int_if all
...
 block out on $int_if all

  change those to:

block in log on $int_if all

  and

block out log on $int_if all

  then tcpdump on 'pflog0' interface.  pflogd will be running
  by default unless you turned it of with rc.conf/rc.conf.local,
  as long as pf=YES also during startup.

  after you start the tcpdump, attempt FTP again.

  if your ruleset is blocking you, it will show up in pflog.

  it should give you an idea of what kind of rule you would
  need to add.

  also, is there a chance that this is all you need? :

http://openbsd.rt.fm/faq/pf/ftp.html

-- 

  jared

[ openbsd 3.9-current GENERIC ( mar 15 ) // i386 ]

Re: PF+ALTQ+HFSC

2006-05-07 Thread sugeng riadi 

i want shaping trafik to client by port or aplication, but my config
not runing properly,

the ftp package canot over from gw

any one help me please..!!??

this my config
=
ext_if=rl0
int_if=rl1

altq on $int_if bandwidth 100Mb cbq queue { def, c1, c2, c3 }
queue def bandwidth 10Mb cbq(default)
queue c1 bandwidth 64Kb {ssh1, www1, ftp1, lain1}
   queue ssh1 bandwidth 15% priority 5 cbq(borrow)
   queue www1 bandwidth 50% priority 4 cbq(borrow)
   queue ftp1 bandwidth 15% priority 2 cbq(borrow)

pass in on $ext_if all
pass out on $ext_if all

block in on $int_if all

pass in on $int_if proto udp from any to any

pass in on {$int_if, $ext_if} inet proto icmp from any to any
icmp-type 8 code 0 keep state

pass in on $int_if proto tcp from 172.16.10.2/32 to any port ssh \
   flags S/SA keep state queue ssh1
pass in on $int_if proto tcp from 172.16.10.2/32 to any port www \
   flags S/SA keep state queue www1
pass in on $int_if proto tcp from 172.16.10.2/32 to any port ftp \
   queue ftp1

block out on $int_if all

#pass out on $int_if proto udp from any to any

pass out on $int_if inet proto icmp from any to any icmp-type 8 code 0
keep state
pass out on $int_if proto udp from any to 172.16.10.2/32  \
   queue lain1
pass out on $int_if proto tcp from any to 172.16.10.2/32 port ssh \
   flags S/SA keep state queue ssh1
pass out on $int_if proto tcp from any to 172.16.10.2/32 port www \
   flags S/SA keep state queue www1
pass out on $int_if proto tcp from any to 172.16.10.2/32 port ftp \
   queue ftp1


On 2/26/06, sugeng riadi [EMAIL PROTECTED] wrote:

i want aplly ALTQ-HFSC on PF, but i haven't rtfm for HFSC, i had
search on google but  the site has down.

any one have rtfm about HFSC, please?