OpenBSD, pf, rdr, altq - BSD

This is a discussion on OpenBSD, pf, rdr, altq - BSD ; Dear OpenBSD group, I've lately installed OpenBSD 3.8, on a gateway machine. The gateway machine connects three local networks, 192.168.10.0/24, 192.168.11.0/24 and 192.168.12.0/24. It has two NIC, fxp0 (external interface) and fxp1 (internal interface) - all networks are plugged into ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: OpenBSD, pf, rdr, altq

  1. OpenBSD, pf, rdr, altq

    Dear OpenBSD group,

    I've lately installed OpenBSD 3.8, on a gateway machine. The gateway
    machine connects three local networks, 192.168.10.0/24, 192.168.11.0/24
    and 192.168.12.0/24. It has two NIC, fxp0 (external interface) and fxp1
    (internal interface) - all networks are plugged into CISCO Catalyst,
    but I do not what to configure bandwidth and all this stuff on CISCO,
    but on gateway. As I read on manual and FAQ pages, I can create basics
    of routing on my machine using PF. My problem is directly connected
    with queues and priorities of packages passing through my gateway. One
    of my networks, 11.0 needs to be limited. I've created rules in my PF
    config, but something is going wrong.

    One of servers in 11.0 network has been connected with external IP,
    with rule 'rdr'.
    Is it possible, that because of previous rule regarding IP redirect and
    next rules about limiting bandwidth, the bandwidth is not limited? Let
    me show you an example:

    # Some macro-definitions

    # ALTQ rules

    # Redirect from external IP to internal IP in 192.168.11.0/24 network

    # pass in/out rules for networks with altq usage

    Is it possible that because of redirect rule is before pass in/out
    rules for limited network, there are no limits on defined network?

    Thank you for all answers or links with suggestions.
    Przemek M. Zawada


  2. Re: OpenBSD, pf, rdr, altq

    I advice u to use pplicy base tagging of pakets.

    http://www.openbsd.org/faq/pf/tagging.html

    so u may difffer the in and out traffic.


+ Reply to Thread