OpenBSD3.8下的流量控制問題

mouseshow

我的pf.conf角本

ext_if="fxp0"
int_if="vr0"
my="192.168.0.1"

#table <spamd> persist
#table <spamd-white> persist

altq on $int_if cbq bandwidth 100Mb queue { std, ftp, ssh }
queue std bandwidth 90Mb cbq(default)
#queue tcp_ack priority 7
queue ftp bandwidth 1Mb priority 3
queue ssh bandwidth 9Mb cbq(borrow)

#set optimization aggressive
#scrub in on $ext_if

binat on $ext_if from $my to any -> 10.101.200.33
nat on $ext_if from !($ext_if) -> ($ext_if:0)
#rdr pass on $int_if proto tcp to port ftp -> 127.0.0.1 port 8021
#rdr pass on $ext_if proto tcp from <spamd> to port smtp \
#       -> 127.0.0.1 port spamd
#rdr pass on $ext_if proto tcp from !<spamd-white> to port smtp \
#       -> 127.0.0.1 port spamd

set skip on lo
pass on $ext_if all keep state

pass out on $int_if keep state
pass in on $int_if from any to any keep state flags S/SA queue std
pass in on $int_if proto tcp from any to any port 21 queue ftp
pass in on $int_if proto tcp from any to any port 22 queue ssh

=====================================================
我從ftp上下載一個5M大小的文件作為測試,但ftp和ssh似乎都未能成功限速
pfctl -v -sa |more

FILTER RULES:
pass on fxp0 all keep state
  [ Evaluations: 163       Packets: 7179      Bytes: 6341386     States: 30    ]
  [ Inserted: uid 0 pid 18702 ]
pass out on vr0 all keep state
  [ Evaluations: 163       Packets: 134       Bytes: 7305        States: 21    ]
  [ Inserted: uid 0 pid 18702 ]
pass in on vr0 all flags S/SA keep state queue std
  [ Evaluations: 77        Packets: 7025      Bytes: 6332705     States: 3     ]
  [ Inserted: uid 0 pid 18702 ]
pass in on vr0 proto tcp from any to any port = ftp queue ftp
  [ Evaluations: 33        Packets: 1         Bytes: 48          States: 0     ]
  [ Inserted: uid 0 pid 18702 ]
pass in on vr0 proto tcp from any to any port = ssh queue ssh
  [ Evaluations: 31        Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: uid 0 pid 18702 ]


ALTQ:
queue root_vr0 bandwidth 100Mb priority 0 cbq( wrr root ) {std, ftp, ssh}
  [ pkts:      34441  bytes:    7897576  dropped pkts:      0 bytes:      0 ]
  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]
queue  std bandwidth 90Mb cbq( default )
  [ pkts:      34441  bytes:    7897576  dropped pkts:      0 bytes:      0 ]
  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]
queue  ftp bandwidth 1Mb priority 3
  [ pkts:          0  bytes:          0  dropped pkts:      0 bytes:      0 ]
  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]
queue  ssh bandwidth 9Mb cbq( borrow )
  [ pkts:          0  bytes:          0  dropped pkts:      0 bytes:      0 ]
  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]
====================================================
請問各位有經(jīng)驗的達(dá)人們,我的pf.conf角本到底有什么錯誤呀

還有,如果我使用scrub in語句,就會在加載角本的時候報出錯信息,我記得3.8以前的版本都不會這樣的
# pfctl -f pf.conf.tes     t                                                                                                               
pf.conf.test:21: Rules must be in order: options, normalization, queueing, translation, filtering
pfctl: Syntax error in config file: pf rules not loaded

劍心通明

Rules must be in order: options, normalization, queueing, translation, filtering

注意順序

mouseshow

啊哈,scrub in的問題解決了,謝謝幫忙,另外那個問題也請多多幫忙,我試了一上午了,還是沒有成功

rainren

使用連接數(shù)進(jìn)行限， max-src-state等, 對bt 等多連接有特效， 對ssh， ftp這種單連接的可能失效。

對std的隊列的端口中去掉ftp, ssh， 因為執(zhí)行了這條規(guī)則后面的ftp, ssh這兩條規(guī)則不會執(zhí)行。

1.   
   
2. pass in on $int_if from any to any port $other-ports keep state flags S/SA queue std
   

復(fù)制代碼

[ 本帖最后由 rainren 于 2006-2-22 19:38 編輯 ]

rainren

這是我們常犯的一個錯誤， 我也是前些時候在使用一個腳本封IP時看出來的！