Hello,
I'm using freebsd7 as a gateway with ALTQ + PF for traffic shaping in two directions. Also I'm using ftp-proxy for ftp connections to the local server from outside.
My question is, is it possible to shape ftp traffic in both directions?
ftp-proxy in freebsd7 supports queue for the rules it creates, but doesn't support tags (which would solve the problem). This is what my rc.conf looks like:
When ftp-proxy is working, it creates two rules with the same queue name (FTPPROXY in our case) via anchor "ftp-proxy/*", like these ones:
It seems that the problem is that there is no way to create queues with the same name on different interfaces, so we can queue traffic on only one interface, but not on both. The following:
causes an error: queue dflt already exists on interface fxp1.
(Why this is unallowable, I don't understand. It would be very convenient to have one queue name (e.g. user1) defined on both router interfaces. The shaping parameters for that queue could be different for different interfaces and the number of rules would reduce.)
At the same time, it's possible to use following:
Now we have the same queue names for both interfaces, but only with the same shaping parameters. (Why we can't have a queue with different parameters, but only with the same ones — that's something I don't understand too.) My internet connection has asymmetric bandwidth, so this above is not a solution for me.
Is there any way to solve this problem?
Thanks.
I'm using freebsd7 as a gateway with ALTQ + PF for traffic shaping in two directions. Also I'm using ftp-proxy for ftp connections to the local server from outside.
My question is, is it possible to shape ftp traffic in both directions?
ftp-proxy in freebsd7 supports queue for the rules it creates, but doesn't support tags (which would solve the problem). This is what my rc.conf looks like:
Code:
ftpproxy_enable="YES"
ftpproxy_flags="-q FTPPROXY -R 192.168.0.8"
Code:
pass in quick inet proto tcp from 91.78.191.70 to 192.168.0.8 port = 50001 flags S/SA keep state (max 1) queue FTPPROXY rtable 0
pass out quick inet proto tcp from 192.168.0.1 to 192.168.0.8 port = 50001 flags S/SA keep state (max 1) queue FTPPROXY rtable 0
Code:
altq on $int_if bandwidth 100Mb hfsc queue { dflt, user1, user2 }
...
altq on $ext_if bandwidth 100Mb hfsc queue { dflt, user1, user2 }
...(Why this is unallowable, I don't understand. It would be very convenient to have one queue name (e.g. user1) defined on both router interfaces. The shaping parameters for that queue could be different for different interfaces and the number of rules would reduce.)
At the same time, it's possible to use following:
Code:
altq on {$int_if, $ext_if} bandwidth 100Mb hfsc queue { dflt, user1, user2 }
...Is there any way to solve this problem?
Thanks.