thr3ads.net - freebsd stable

If this information is useful, please help other people find it:
Share via:

Angel Todorov

2003-Jul-18 08:19 UTC

pf

ei tuka imam edin pf conf obache pravi mnogo nomera, kato se pusne parvoto koeto
e dropva paketi, timeoutva po serverite i t.n.. i speed-a e mnogo baven, vijte
ako nqkoi moje da otkrie generalna greshka da reply :) vapreki che ne e
freebsd-specific :P ne sym go pisal az a i ne sam mnogo mnogo zapoznat s pf
zatova ako nqkoi moje da pomogne e dobre doshyl :) btw moje i neshto ot tia
opcii kato set timeout i optimization da e :]


 Macros: define common values, so they can be referenced and changed easily.
extif="fxp1"    # replace with actual external interface name i.e.,
dc0
intif="fxp0"    # replace with actual internal interface name i.e.,
dc1
internal_net="172.16.0.0/16"
external_addr="192.168.173.34"

loif="lo0"

set timeout { interval 30, frag 10 }
set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 }
set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
set timeout { udp.first 60, udp.single 30, udp.multiple 60 }
set timeout { icmp.first 20, icmp.error 10 }
set timeout { other.first 60, other.single 30, other.multiple 60 }
set limit { states 10000, frags 5000 }
set optimization normal
#set block-policy drop
#set require-order yes


############ SHAPING goes here ###############################

altq on $intif cbq bandwidth 100Mb queue {etherdown, downstream}


queue etherdown bandwidth 96% cbq(default)
queue downstream bandwidth 4% cbq

altq on $extif cbq bandwidth 100Mb queue { etherup, upstream}

queue etherup bandwidth 99Mb cbq(default)
queue upstream bandwidth 386Kb  cbq


pass in quick on $intif from 172.16.0.0/16 to 172.16.0.0/16 queue etherdown
pass out quick on $intif from 172.16.0.0/16 to 172.16.0.0/16 queue etherup
pass in on $intif proto tcp from 172.16.0.0/16 to any port 80 keep state queue
downstream
pass in on $intif proto tcp from 172.16.0.0/16 to any port 53 keep state queue
downstream
pass in on $intif proto tcp from 172.16.0.0/16 to any port 8080 keep state queue
downstream
pass in on $intif proto tcp from 172.16.0.0/16 to any port 5190 queue downstream
pass in on $intif proto tcp from 172.16.0.0/16 to any port 443 queue downstream
pass in on $intif proto tcp from 172.16.0.0/16 to any port 4000 queue downstream
pass in on $intif proto tcp from 172.16.0.0/16 to any port 25 queue downstream
pass in on $intif proto icmp from 172.16.0.0/16 to any queue downstream
pass in on $intif proto udp from 172.16.0.0/16 to any port 80 queue downstream
pass in on $intif proto udp from 172.16.0.0/16 to any port 53 queue downstream


### manage upstream here

pass out quick on $extif from 172.16.0.0/16 to 172.17.0.0/16 queue etherup
pass out quick on $extif from 172.16.0.0/16 to 172.20.0.0/16 queue etherup
pass out on $extif proto tcp from 172.16.0.0/16 to any port 80 keep state queue
upstream
pass out on $extif proto tcp from 172.16.0.0/16 to any port 53 keep state queue
upstream
pass out on $extif proto tcp from 172.16.0.0/16 to any port 8080 keep state
queue upstream
pass out on $extif proto tcp from 172.16.0.0/16 to any port 443 queue upstream
pass out on $extif proto tcp from 172.16.0.0/16 to any port 4000 queue upstream
pass out on $extif proto tcp from 172.16.0.0/16 to any port 25 queue upstream

pass out on $extif proto udp from 172.16.0.0/16 to any port 53 queue upstream
pass out on $extif proto udp from 172.16.0.0/16 to any port 80 queue upstream
pass out on $extif proto icmp from 172.16.0.0/16 to any queue upstream

Angel Todorov

2003-Jul-18 10:39 UTC

head link

pf

Sorry guys this was for the bulgarian FreeBSD stable list

i am very sorry for this *spam* again :)

regards,
Angel


----- Original Message -----
From: "Bosko Milekic" <bmilekic@technokratis.com>
To: "Angel Todorov" <atodorov@acm.org>
Cc: <stable@freebsd.org>
Sent: Friday, July 18, 2003 3:39 PM
Subject: Re: pf

>
> Sheesh.  This is an English forum, but here's my feeble attempt to
> translate (I don't know what language this is, but it appears to have
> some slavic-rooted words):
>
> On Fri, Jul 18, 2003 at 05:19:01PM +0200, Angel Todorov wrote:
> > ei tuka imam edin pf conf obache pravi mnogo nomera, kato se pusneparvoto koeto e dropva paketi, timeoutva po serverite i t.n.. i speed-a e
mnogo baven, vijte ako nqkoi moje da otkrie generalna greshka da reply :)
vapreki che ne e freebsd-specific :P ne sym go pisal az a i ne sam mnogo
mnogo zapoznat s pf zatova ako nqkoi moje da pomogne e dobre doshyl :) btw
moje i neshto ot tia opcii kato set timeout i optimization da e
:]>
>  "I have a pf configuration file, something something drops packets,
>  times out servers and so on.... and the speed is very something.  See
>  if you can find where the general mistake is and reply.  I [think] this
>  may not be totally freebsd-specific, but if someone knows the answer,
>  you're welcome to help me out.  By the way, if you also know [I think]
>  something about the set timeout options or optimisations, let me
know."
>
>  Now that we know roughly what he wants... anyone? :-)
>
>
>
> >  Macros: define common values, so they can be referenced and changed
easily.> > extif="fxp1"    # replace with actual external interface
name i.e., dc0
> > intif="fxp0"    # replace with actual internal interface
name i.e., dc1
> > internal_net="172.16.0.0/16"
> > external_addr="192.168.173.34"
> >
> > loif="lo0"
> >
> > set timeout { interval 30, frag 10 }
> > set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 }
> > set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
> > set timeout { udp.first 60, udp.single 30, udp.multiple 60 }
> > set timeout { icmp.first 20, icmp.error 10 }
> > set timeout { other.first 60, other.single 30, other.multiple 60 }
> > set limit { states 10000, frags 5000 }
> > set optimization normal
> > #set block-policy drop
> > #set require-order yes
> >
> >
> > ############ SHAPING goes here ###############################
> >
> > altq on $intif cbq bandwidth 100Mb queue {etherdown, downstream}
> >
> >
> > queue etherdown bandwidth 96% cbq(default)
> > queue downstream bandwidth 4% cbq
> >
> > altq on $extif cbq bandwidth 100Mb queue { etherup, upstream}
> >
> > queue etherup bandwidth 99Mb cbq(default)
> > queue upstream bandwidth 386Kb  cbq
> >
> >
> > pass in quick on $intif from 172.16.0.0/16 to 172.16.0.0/16 queue
etherdown> > pass out quick on $intif from 172.16.0.0/16 to 172.16.0.0/16 queue
etherup> > pass in on $intif proto tcp from 172.16.0.0/16 to any port 80 keep
state
queue downstream> > pass in on $intif proto tcp from 172.16.0.0/16 to any port 53 keep
state
queue downstream> > pass in on $intif proto tcp from 172.16.0.0/16 to any port 8080 keep
state queue downstream> > pass in on $intif proto tcp from 172.16.0.0/16 to any port 5190 queue
downstream> > pass in on $intif proto tcp from 172.16.0.0/16 to any port 443 queue
downstream> > pass in on $intif proto tcp from 172.16.0.0/16 to any port 4000 queue
downstream> > pass in on $intif proto tcp from 172.16.0.0/16 to any port 25 queue
downstream> > pass in on $intif proto icmp from 172.16.0.0/16 to any queue
downstream
> > pass in on $intif proto udp from 172.16.0.0/16 to any port 80 queue
downstream> > pass in on $intif proto udp from 172.16.0.0/16 to any port 53 queue
downstream> >
> >
> > ### manage upstream here
> >
> > pass out quick on $extif from 172.16.0.0/16 to 172.17.0.0/16 queue
etherup> > pass out quick on $extif from 172.16.0.0/16 to 172.20.0.0/16 queue
etherup> > pass out on $extif proto tcp from 172.16.0.0/16 to any port 80 keep
state queue upstream> > pass out on $extif proto tcp from 172.16.0.0/16 to any port 53 keep
state queue upstream> > pass out on $extif proto tcp from 172.16.0.0/16 to any port 8080 keep
state queue upstream> > pass out on $extif proto tcp from 172.16.0.0/16 to any port 443 queue
upstream> > pass out on $extif proto tcp from 172.16.0.0/16 to any port 4000 queue
upstream> > pass out on $extif proto tcp from 172.16.0.0/16 to any port 25 queue
upstream> >
> > pass out on $extif proto udp from 172.16.0.0/16 to any port 53 queue
upstream> > pass out on $extif proto udp from 172.16.0.0/16 to any port 80 queue
upstream> > pass out on $extif proto icmp from 172.16.0.0/16 to any queue upstream
>
> --
> Bosko Milekic  *  bmilekic@technokratis.com  *  bmilekic@FreeBSD.org
> TECHNOkRATIS Consulting Services  *  http://www.technokratis.com/
>

Bosko Milekic

2003-Jul-31 14:28 UTC

head link

pf

Sheesh.  This is an English forum, but here's my feeble attempt to
translate (I don't know what language this is, but it appears to have
some slavic-rooted words):

On Fri, Jul 18, 2003 at 05:19:01PM +0200, Angel Todorov
wrote:> ei tuka imam edin pf conf obache pravi mnogo nomera, kato se pusne parvoto
koeto e dropva paketi, timeoutva po serverite i t.n.. i speed-a e mnogo baven,
vijte ako nqkoi moje da otkrie generalna greshka da reply :) vapreki che ne e
freebsd-specific :P ne sym go pisal az a i ne sam mnogo mnogo zapoznat s pf
zatova ako nqkoi moje da pomogne e dobre doshyl :) btw moje i neshto ot tia
opcii kato set timeout i optimization da e :]
 "I have a pf configuration file, something something drops packets,
 times out servers and so on.... and the speed is very something.  See
 if you can find where the general mistake is and reply.  I [think] this
 may not be totally freebsd-specific, but if someone knows the answer,
 you're welcome to help me out.  By the way, if you also know [I think]
 something about the set timeout options or optimisations, let me know."

 Now that we know roughly what he wants... anyone? :-)


 >  Macros: define common values, so they can be referenced and changed
easily.
> extif="fxp1"    # replace with actual external interface name
i.e., dc0
> intif="fxp0"    # replace with actual internal interface name
i.e., dc1
> internal_net="172.16.0.0/16"
> external_addr="192.168.173.34"
> 
> loif="lo0"
> 
> set timeout { interval 30, frag 10 }
> set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 }
> set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
> set timeout { udp.first 60, udp.single 30, udp.multiple 60 }
> set timeout { icmp.first 20, icmp.error 10 }
> set timeout { other.first 60, other.single 30, other.multiple 60 }
> set limit { states 10000, frags 5000 }
> set optimization normal
> #set block-policy drop
> #set require-order yes
> 
> 
> ############ SHAPING goes here ###############################
> 
> altq on $intif cbq bandwidth 100Mb queue {etherdown, downstream}
> 
> 
> queue etherdown bandwidth 96% cbq(default)
> queue downstream bandwidth 4% cbq
> 
> altq on $extif cbq bandwidth 100Mb queue { etherup, upstream}
> 
> queue etherup bandwidth 99Mb cbq(default)
> queue upstream bandwidth 386Kb  cbq
> 
> 
> pass in quick on $intif from 172.16.0.0/16 to 172.16.0.0/16 queue etherdown
> pass out quick on $intif from 172.16.0.0/16 to 172.16.0.0/16 queue etherup
> pass in on $intif proto tcp from 172.16.0.0/16 to any port 80 keep state
queue downstream
> pass in on $intif proto tcp from 172.16.0.0/16 to any port 53 keep state
queue downstream
> pass in on $intif proto tcp from 172.16.0.0/16 to any port 8080 keep state
queue downstream
> pass in on $intif proto tcp from 172.16.0.0/16 to any port 5190 queue
downstream
> pass in on $intif proto tcp from 172.16.0.0/16 to any port 443 queue
downstream
> pass in on $intif proto tcp from 172.16.0.0/16 to any port 4000 queue
downstream
> pass in on $intif proto tcp from 172.16.0.0/16 to any port 25 queue
downstream
> pass in on $intif proto icmp from 172.16.0.0/16 to any queue downstream
> pass in on $intif proto udp from 172.16.0.0/16 to any port 80 queue
downstream
> pass in on $intif proto udp from 172.16.0.0/16 to any port 53 queue
downstream
> 
> 
> ### manage upstream here
> 
> pass out quick on $extif from 172.16.0.0/16 to 172.17.0.0/16 queue etherup
> pass out quick on $extif from 172.16.0.0/16 to 172.20.0.0/16 queue etherup
> pass out on $extif proto tcp from 172.16.0.0/16 to any port 80 keep state
queue upstream
> pass out on $extif proto tcp from 172.16.0.0/16 to any port 53 keep state
queue upstream
> pass out on $extif proto tcp from 172.16.0.0/16 to any port 8080 keep state
queue upstream
> pass out on $extif proto tcp from 172.16.0.0/16 to any port 443 queue
upstream
> pass out on $extif proto tcp from 172.16.0.0/16 to any port 4000 queue
upstream
> pass out on $extif proto tcp from 172.16.0.0/16 to any port 25 queue
upstream
> 
> pass out on $extif proto udp from 172.16.0.0/16 to any port 53 queue
upstream
> pass out on $extif proto udp from 172.16.0.0/16 to any port 80 queue
upstream
> pass out on $extif proto icmp from 172.16.0.0/16 to any queue upstream
-- 
Bosko Milekic  *  bmilekic@technokratis.com  *  bmilekic@FreeBSD.org
TECHNOkRATIS Consulting Services  *  http://www.technokratis.com/

Apparently Analagous Threads

Search for more seemingly similar threads

freebsd stable - Jul 2003 - pf

pf

pf

pf

Apparently Analagous Threads