[PF] PF + Altq + MPD5

Manoxela · #1 August 10th, 2012, 14:14

I have MPD + Radius running as PPPoE server, and I want to control the bandwidth for each connected user. When a user connect to MPD server, the MPD should run a script that add a new rule to limit the user bandwidth.
I want to do it using Altq + PF, dynamically. I'm searching about it for a while, but nobody knows how to do it, most people recommends use IPFW or authpf but I don't want to "translate" my firewall to IPFW or use both (PF + IPFW).

Would have any way to add new queues using pftcl(8)? Because I need add 2 new queues for each user that connects on server to limit the bandwidth.

One of this queues need to be inside an altq and the other should be created. Ex:

ng0 = Internet conection interface.

This altq is static and only the new queues should be added when a new client connect and removed when he disconnect from server.

Code:

altq on ng0 bandwidth 5Mb cbq queue { up_m1 up_m2 }
queue up_m1 bandwitdh 512Kb cbq(default)
queue up_m2 bandwidth 256Kb cbq

To control download I should add a new altq for each new connection. Ex:

Code:

altq on ng1 bandwidth 1Mb cbq queue down_m1
queue down_m1 bandwidth 1Mb cbq(default)

altq on ng2 bandwitdh 512Kb cbq queue down_m2
queue down_m2 bandwidth 512Kb cbq(default)

pass out on ng0 from 1.2.3.4 to any queue up_m1
pass out on ng1 from any to 1.2.3.4 queue down_m1

pass out on ng0 from 5.6.7.8 to any queue up_m2
pass out on ng2 form any to 5.6.7.8 queue down_m2

**SirDice** · #2 August 10th, 2012, 14:20

Quote:

Originally Posted by Manoxela

Would have any way to add new queues using pftcl(8)? Because I need add 2 new queues for each user that connects on server to limit the bandwidth.

Read pf.conf(4), specifically look for anchor and how to use them.

Manoxela · #3 August 10th, 2012, 14:53

My anchor look like this:

Code:

altq on ng0 bandwidth 100Mb cbq queue ark_up (line 11)

anchor test {
queue ark_up bandwidth 512Kb cbq(default)

altq on rl1 bandwidth 100Mb cbq queue ark_down
queue ark_down bandwidth 1Mb cbq(default)

pass out on $lan_if from any to <free> queue ark_down
pass out on $net_if from <free> to any queue ark_up
} (line 18)

And i get an error:

Code:

/etc/pf.conf:11: syntax error
/etc/pf.conf:18: syntax error
pfctl: Syntax error in config file: pf rules not loaded

CoTones · #4 August 10th, 2012, 17:06

You need define macrosses in anchor too.

Manoxela · #5 August 13th, 2012, 14:51

Hmmm, no errors but, pfctl do not load any queue inside the anchor, only the rules.

Code:

[root@### /home/######]# pfctl -a 'test' -sq
No queue in use
[root@### /home/######]# pfctl -a 'test' -sr
pass out on rl0 from any to <free> flags S/SA keep state queue ark_down
pass out on ng0 from <free> to any flags S/SA keep state queue ark_up

CoTones · #6 August 17th, 2012, 07:27

Standard output from my FreeBSD 9:

No ALTQ support in kernel
ALTQ related functions disabled

Is yours too?

ecazamir · #7 August 17th, 2012, 19:24

This "standard" output is displayed because the GENERIC kernel configuration file does not include

Code:

options 	ALTQ

and some of the following

Code:

options 	ALTQ_CBQ
options 	ALTQ_RED
options 	ALTQ_RIO
options 	ALTQ_HFSC
options 	ALTQ_CDNR
options 	ALTQ_PRIQ
options 	ALTQ_NOPCC
options 	ALTQ_DEBUG

Mohsen_Moradgholi · #8 August 23rd, 2012, 19:32

I have MPD + PF on FreeBSD 8.2,and i want to limit bandwidth per user IP address,Has anyone any idea on how to limit traffic per IP address on PF Firewall?

ecazamir · #9 August 24th, 2012, 06:29

I can tell that IPFW can do that job, using pipes or queues. I don't know how complicate it may be to use pf for this task.

Mohsen_Moradgholi · #10 August 25th, 2012, 18:10

hello,thank you very much for your answer...
i have one question:
can i use dummynet and ALTQ together
?

ecazamir · #11 August 26th, 2012, 07:54

I can confirm that using dummynet (and IPFW) and pf at a time works, I haven't tried ALTQ. But on high traffic networks it is advisable to use only one firewall/traffic conditioner.

Mohsen_Moradgholi · #12 August 26th, 2012, 15:51

hello,
ok,thank you very much...

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
[Solved] mpd5 VPN + routing help	Andy22	Networking	2	February 27th, 2012 13:03
need help with mpd5 and Ipredator VPN	Dre	Networking	1	November 21st, 2010 13:06
Can i use mpd5 in jail?	riku	Networking	7	May 18th, 2010 15:07
MPD5.4 fsm timeout...	gorec2005	Networking	0	February 12th, 2010 12:13
MPD5 problem!	kurugda	Networking	1	February 7th, 2010 07:24