|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: altq+pf, nat, and quick produce unexpected behavior in -current
Date: Mon Dec 16 2002 - 10:14:41 EST
On Mon, Dec 16, 2002 at 08:32:17AM -0600, Brandon Williams wrote:
> Hmm, after the 834753487th reboot, it went away, as did my other problem
I'm not crazy, it's just a bit harder to reproduce than I originally thought. Here are the steps:
load this ruleset:
ext_if="fxp0"
int_if="fxp1"
internal_net="10.x.x.x/24"
external_addr="1.2.3.4"
scrub in all
scrub out all
altq on $ext_if cbq bandwidth 100Kb queue { std }
queue std bandwidth 100% cbq(default)
nat on $ext_if from $internal_net to any -> $external_addr
Note that altq is on the external interface here. At this point, the firewall will get 370KB/s, and, oddly, nat'd hosts will get 550KB/s. Without altq I can get the full speed of the interface.
Now switch the altq lines to the internal interface and reload the rules:
altq on $int_if cbq bandwidth 100Kb queue { std } queue std bandwidth 100% cbq(default)
Once this is done, you can unload all rules or load different ones, nat'd hosts get at most 12KB/s, openbsd can't get over 370KB/s, even if pf is disabled. It seems that pfctl isn't flushing the altq rules for our previous declaration on the external interface properly, though its output says otherwise.
You can resolve this without rebooting by using something like:
altq on $ext_if cbq bandwidth 100% queue { std } queue std bandwidth 100% cbq(default)
Though that's not quite the same as not using altq at all.
-- --( Brandon Williams PGP: 1024D/6F63C58D 2048g/36270C1D )-- --( Children are a perpetual, self-renewing underclass, helpless to )-- --( escape from the decisions of adults until they become adults )-- --( themselves. --Orson Scott Card )--Received on Mon Dec 16 10:16:30 2002
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:48:27 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |