PF + Altq + MPD5

M

Manoxela

I have MPD + Radius running as PPPoE server, and I want to control the bandwidth for each connected user. When a user connect to MPD server, the MPD should run a script that add a new rule to limit the user bandwidth.
I want to do it using Altq + PF, dynamically. I'm searching about it for a while, but nobody knows how to do it, most people recommends use IPFW or authpf but I don't want to "translate" my firewall to IPFW or use both (PF + IPFW).

Would have any way to add new queues using pftcl(8)? Because I need add 2 new queues for each user that connects on server to limit the bandwidth.

One of this queues need to be inside an altq and the other should be created. Ex:

ng0 = Internet conection interface.

This altq is static and only the new queues should be added when a new client connect and removed when he disconnect from server.
Code: 
altq on ng0 bandwidth 5Mb cbq queue { up_m1 up_m2 }
queue up_m1 bandwitdh 512Kb cbq(default)
queue up_m2 bandwidth 256Kb cbq
To control download I should add a new altq for each new connection. Ex:
Code: 
altq on ng1 bandwidth 1Mb cbq queue down_m1
queue down_m1 bandwidth 1Mb cbq(default)

altq on ng2 bandwitdh 512Kb cbq queue down_m2
queue down_m2 bandwidth 512Kb cbq(default)

pass out on ng0 from 1.2.3.4 to any queue up_m1
pass out on ng1 from any to 1.2.3.4 queue down_m1

pass out on ng0 from 5.6.7.8 to any queue up_m2
pass out on ng2 form any to 5.6.7.8 queue down_m2
 
Manoxela said:
Would have any way to add new queues using pftcl(8)? Because I need add 2 new queues for each user that connects on server to limit the bandwidth.
Click to expand...
Read pf.conf(4), specifically look for anchor and how to use them.
 
My anchor look like this:
Code: 
altq on ng0 bandwidth 100Mb cbq queue ark_up (line 11)

anchor test {
queue ark_up bandwidth 512Kb cbq(default)

altq on rl1 bandwidth 100Mb cbq queue ark_down
queue ark_down bandwidth 1Mb cbq(default)

pass out on $lan_if from any to <free> queue ark_down
pass out on $net_if from <free> to any queue ark_up
} (line 18)

And i get an error:
Code: 
/etc/pf.conf:11: syntax error
/etc/pf.conf:18: syntax error
pfctl: Syntax error in config file: pf rules not loaded
 
Hmmm, no errors but, pfctl do not load any queue inside the anchor, only the rules.

Code: 
[root@### /home/######]# pfctl -a 'test' -sq
No queue in use
[root@### /home/######]# pfctl -a 'test' -sr
pass out on rl0 from any to <free> flags S/SA keep state queue ark_down
pass out on ng0 from <free> to any flags S/SA keep state queue ark_up
 
This "standard" output is displayed because the GENERIC kernel configuration file does not include
Code: 
options 	ALTQ
and some of the following
Code: 
options 	ALTQ_CBQ
options 	ALTQ_RED
options 	ALTQ_RIO
options 	ALTQ_HFSC
options 	ALTQ_CDNR
options 	ALTQ_PRIQ
options 	ALTQ_NOPCC
options 	ALTQ_DEBUG
 
I have MPD + PF on FreeBSD 8.2,and i want to limit bandwidth per user IP address,Has anyone any idea on how to limit traffic per IP address on PF Firewall?
 
I can tell that IPFW can do that job, using pipes or queues. I don't know how complicate it may be to use pf for this task.
 
I can confirm that using dummynet (and IPFW) and pf at a time works, I haven't tried ALTQ. But on high traffic networks it is advisable to use only one firewall/traffic conditioner.
 
You must log in or register to reply here.
Back
Top