ALTQ with igb not working

A

aturriff

I am trying to get ALTQ traffic shaping to work using an igb interface. The queues show up fine in pfctl -s queue but checking on usage, nothing is ever placed into them.

According to the thread starting here, this should work.

Unfortunately, I have no reference for when this broke, as this is a recent installation (starting at 8.0, and I only had time to look at traffic shaping after upgrading to 8.1).
 
Problem solved - it was user error. Warning to the unwary (like me): ALTQ queues do not seem to work when using (interface) syntax as source or destination IP address in pass rules. That is to say,
Code: 
pass in on $ext_if proto tcp from any to ($ext_if) port ssh queue( ssh_bulk, ssh_login ) modulate state
does not work,
Code: 
pass in on $ext_if proto tcp from any to any port ssh queue( ssh_bulk, ssh_login ) modulate state
does. And here I thought queueing was processed after network address translation, redirection, etc.
 
I don't know about (interface} not working, but interface does. In other words,

Code: 
pass in on $ext_if proto tcp from any to $ext_if port ssh queue( ssh_bulk, ssh_login ) keep state

should work. (Note that 'modulate state' is really only for outbound tcp connections.)

I have numerous rules like these with working queues

Code: 
pass in on $ext_if from any to $ext_if ....
pass out on $ext_if from $ext_if to any ....

This is not on an igb(4) NIC, mind you, but I don't see why that would matter for basic pf.conf syntax.
 
Yeah, I have a few rough edges like that in that file. Not enough time to mess with my personal setup, and too many projects. That said, I am reluctant to use the straight interface without parentheses, as this is a NAT router sitting on a Comcast cable link. I don't like the thought of reloading PF every time the address changes (and my wife yelling at me about the broken internet connection).
 
On a side note, when I say "does not work," I mean that the syntax parses fine - but nothing shows up in the queues.
 
You must log in or register to reply here.
Back
Top