PF+ALTQ

A

Almanah

Hello I'm a newcomer on this forum and FreeBSD. I have a question about my PF+ALTQ configuration.

I have FreeBSD 9.1-RELEASE with my own GENERIC kernel including ALTQ and PF section in it, and more than 200 computers on plant. I have a problem with my traffic shaper. For some reason when I complete my configuration and start it, my int network interface after five or more connections prints the following message
Code: 
no buffer size available
I try to do my best on another forum and attempt to find some answer, but my attempt was not successful. Please can you help me find the answer to my question about my PF configuration. All what I do, I do after reading the handbook and examples. I tried adding the following lines to my sysctl.conf but that was not effective.

sysctl.conf
Code: 
# $FreeBSD: release/9.1.0/etc/sysctl.conf 112200 2003-03-13 18:43:50Z mux $
net.inet.tcp.recvbuf_auto=0
net.inet.tcp.recvspace=65536
net.inet.tcp.sendbuf_auto=0
net.inet.tcp.sendspace=123072

My pf.conf rules:
Code: 
ext_if="fxp0" #external
int_if="xl0"  #internal
myip="172.16.7.1" #my gateway

table <admin> {
	172.16.0.31\ #my local IP
}
table <it>    {
	172.16.0.39,\	#IT local IP
	172.16.1.30\
}
table <zavod> {
	172.16.0.5\		#office local IP
		}
table <dir>   {
	172.16.0.55,\	#direction local IP
	172.16.3.206\
		}

set block-policy drop
set skip on {lo}
scrub in all

#ALTQ section
altq on $int_if cbq bandwidth 80Mb queue { std, arenda, http }

queue std bandwidth 18Kb cbq(default)
queue arenda bandwidth 15.5Mb { rpk, mels, express, suer, integrator, technopark, qtechnopark, santa }
queue rpk bandwidth 5%
queue mels bandwidth 10%
queue express  bandwidth 5%
queue suer bandwidth 5%
queue integrator bandwidth 10%
queue technopark bandwidth 5%
queue qtechnopark bandwidth 10%
queue santa bandwidth 50%

queue http bandwidth 60Mb cbq(borrow red) { admin, it, dir, zavod }
queue admin bandwidth 5Mb cbq(borrow red)
queue it bandwidth 10Mb cbq(red)
queue dir bandwidth 20Mb cbq(red)
queue zavod bandwidth 25Mb

#NAT for all that how I think.
nat on $ext_if from $int_if:network to any -> ($ext_if)

#SQUID RDR
no rdr on $int_if proto {tcp udp} from { <admin>, <dir> } to any
rdr on $int_if proto tcp from $int_if:network to any port www -> 172.16.7.18 port 8080

antispoof for { lo $ext_if }
block drop in on $ext_if os NMAP
block drop in
pass out on $ext_if keep state
pass in proto icmp


#ICMP
pass in on $int_if proto icmp from <admin> to any keep state
pass in on $int_if proto icmp from <it> to any keep state

#SSH
pass on $ext_if proto tcp to port 22 keep state
pass in on $int_if proto tcp from any to ($int_if) port 22 keep state

#TELNET
pass in on $int_if proto tcp from any to <admin> port 23 keep state
pass in on $int_if proto tcp from any to ($ext_if) port 23 keep state

#DNS
pass in on $ext_if proto udp from 172.16.7.252 to ($ext_if) port 53 keep state
pass in on $ext_if proto udp from 172.16.7.253 to ($ext_if) port 53 keep state
pass in on $int_if proto udp from <admin> to ($int_if) port 53 keep state
pass in on $int_if proto udp from <it> to ($int_if) port 53 keep state
pass in on $int_if proto udp from <zavod> to ($int_if) port 53 keep state
pass in on $int_if proto udp from <dir> to ($int_if) port 53 keep state

#WEB
pass in on $int_if proto tcp from <it> to ($int_if) port 80 keep state
pass in on $int_if proto tcp from <admin> to (int_if) port 80 keep state 

#MAIL
pass in on $int_if proto tcp from any to ($int_if) port {25, 110, 993, 143} keep state
pass in on $int_if proto tcp from <it> to ($int_if) port 25 keep state
pass in on $int_if proto tcp from <admin> to (int_if) port 25 keep state
pass in on $int_if proto tcp from <it> to ($int_if) port 110 keep state
pass in on $int_if proto tcp from <admin> to (int_if) port 110 keep state
pass in on $int_if proto tcp from <it> to ($int_if) port 993 keep state
pass in on $int_if proto tcp from <admin> to (int_if) port 993 keep state
pass in on $int_if proto tcp from <it> to ($int_if) port 143 keep state
pass in on $int_if proto tcp from <admin> to (int_if) port 143 keep state

#SQUID
pass in on $int_if proto tcp from <it> to ($int_if) port 8080 queue it
pass in on $int_if proto tcp from <zavod> to ($int_if) port 8080 queue zavod
pass in on $int_if proto tcp from <admin> to any queue admin
pass in on $int_if proto tcp from <dir> to any queue dir

I tried to find some answers on this forum, but I haven't.

With best regards, Almanah!
 
You must log in or register to reply here.
Back
Top