PF strange problem
From: KrzychK2 (krzychk2_at_o2.pl)
Date: 06/14/05
- Previous message: Julian H. Stacey: "Re: vlan - pls help"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 14 Jun 2005 23:34:06 +0200 To: freebsd-isp@freebsd.org, freebsd-devel@freebsd.org
Hello freebsd-isp!
I have a strange problem with pf on freebsd.
Here it is my config:
ext_if="xl0"
int_if="xl1"
internal_net="192.168.3.0/24"
external_addr="217.153.198.65"
icmp_types = "echoreq"
set optimization normal
set block-policy drop
set fingerprints "/etc/pf.os"
scrub in all
altq on $ext_if bandwidth 6218Kb cbq queue { OUT_to_net, external }
altq on $int_if bandwidth 11957Kb cbq queue { IN_from_net, internal }
queue external bandwidth 10% cbq(default)
queue internal bandwidth 10% cbq(default)
queue OUT_to_net bandwidth 6218Kb cbq{326_out, 3216_out, 349_out,
320_out, 321_o... }
queue 326_out bandwidth 128Kb cbq(red)
queue 3216_out bandwidth 128Kb cbq(red)
queue 349_out bandwidth 128Kb cbq(red)
queue 320_out bandwidth 384Kb cbq(red)
queue 321_out bandwidth 50Kb cbq(red)
queue 322_out bandwidth 128Kb cbq(red)
queue 323_out bandwidth 128Kb cbq(red)
queue 19866_out bandwidth 256Kb cbq(red)
.
.
.
queue IN_from_net bandwidth 11957Kb cbq{326_in, 3216_in, 349_in,
320_in, 321_in...}
queue 326_in bandwidth 256Kb cbq(red)
queue 3216_in bandwidth 256Kb cbq(red)
queue 349_in bandwidth 256Kb cbq(red)
queue 320_in bandwidth 384Kb cbq(red)
queue 321_in bandwidth 256Kb cbq(red)
queue 322_in bandwidth 265Kb cbq(red)
queue 323_in bandwidth 256Kb cbq(red)
queue 19866_in bandwidth 220Kb cbq(red)
.
.
.
and so on with queues
nat on $ext_if from $internal_net to any -> $external_addr
block on {$int_if, $ext_if} all
pass quick on lo0 all
pass in quick on $ext_if proto tcp from any to $ext_if port 22 keep state
pass in quick on $int_if proto tcp from any to $int_if port 22 keep state
pass out on $ext_if proto tcp all modulate state flags S/SA
pass out on $ext_if proto { udp, icmp } all keep state
pass in inet proto icmp all icmp-type $icmp_types keep state
pass in quick on $int_if from 192.168.3.26 to any queue 326_in
pass out quick on $int_if from any to 192.168.3.26 queue 326_out
pass in quick on $int_if from 192.168.3.216 to any queue 3216_in
pass out quick on $int_if from any to 192.168.3.216 queue 3216_out
pass in quick on $int_if from 192.168.3.49 to any queue 349_in
pass out quick on $int_if from any to 192.168.3.49 queue 349_out
pass in quick on $int_if from 192.168.3.20 to any queue 320_in
pass out quick on $int_if from any to 192.168.3.20 queue 320_out
pass in quick on $int_if from 192.168.3.21 to any queue 321_in
pass out quick on $int_if from any to 192.168.3.21 queue 321_out
pass in quick on $int_if from 192.168.3.22 to any queue 322_in
pass out quick on $int_if from any to 192.168.3.22 queue 322_out
pass in quick on $int_if from 192.168.3.23 to any queue 323_in
pass out quick on $int_if from any to 192.168.3.23 queue 323_out
pass in quick on $int_if from 217.153.198.66 to any queue 19866_in
pass out quick on $int_if from any to 217.153.198.66 queue 19866_out
and so on.
The problem is that pfctl -vsr shows that net traffic is correctly
captured by rules. But (this is good) pfctl -vsq shows something
diffrent, the only queue that have antything inside is the default
queue!!
This config is almost similar to default config and I really don't
know what is going on, or where I've made a mistake.
-- Greetings, KrzychK2 _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
- Previous message: Julian H. Stacey: "Re: vlan - pls help"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
