[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pf altq on bge
Thank's
i tryed for rebuild now.. :)
On 1/30/06, husnu demir <hdemir@xxxxxxxxxxx> wrote:
> Also NOTES says that for altq;
>
> options ALTQ_NOPCC # Required for SMP build
>
>
>
> Just in case you want to use that.
>
> Husnu Demir.
>
> On Mon, Jan 30, 2006 at 04:32:36PM +0300, Roman Gorohov. wrote:
> > Çäğàâñòâóéòå, Admin.
> >
> > Âû ïèñàëè 30 ?????? 2006 ?., 16:02:30:
> >
> > > Hi I have some problems with FreeBSD 5.4 Stable using pf and altq
> >
> > > This my kernconf
> > > ============
> > > machine i386
> > > cpu I686_CPU
> > > ident JOSS
> > > maxusers 512
> >
> > > # To statically compile in device wiring instead of /boot/device.hints
> > > #hints "GENERIC.hints" # Default places to look for devices.
> >
> > > options SCHED_4BSD # 4BSD scheduler
> > > options INET # InterNETworking
> > > ##options INET6 # IPv6 communications protocols
> > > options FFS # Berkeley Fast Filesystem
> > > options SOFTUPDATES # Enable FFS soft updates support
> > > options UFS_ACL # Support for access control lists
> > > options UFS_DIRHASH # Improve performance on big directories
> > > options MD_ROOT # MD is a potential root device
> > > options CD9660 # ISO 9660 Filesystem
> > > options PROCFS # Process filesystem (requires PSEUDOFS)
> > > options PSEUDOFS # Pseudo-filesystem framework
> > > options GEOM_GPT # GUID Partition Tables.
> > > options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!]
> > > options COMPAT_FREEBSD4 # Compatible with FreeBSD4
> > > options KTRACE # ktrace(1) support
> > > options SYSVSHM # SYSV-style shared memory
> > > options SYSVMSG # SYSV-style message queues
> > > options SYSVSEM # SYSV-style semaphores
> > > options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time
> > > extensions
> > > options KBD_INSTALL_CDEV # install a CDEV entry in /dev
> > > options AHC_REG_PRETTY_PRINT # Print register bitfields in debug
> > > # output. Adds ~128k to driver.
> > > options AHD_REG_PRETTY_PRINT # Print register bitfields in debug
> > > # output. Adds ~215k to driver.
> > > options ADAPTIVE_GIANT # Giant mutex is adaptive.
> >
> > > device apic # I/O APIC
> >
> > > # Bus support. Do not remove isa, even if you have no isa slots
> > > device isa
> > > device eisa
> > > device pci
> >
> > > # ATA and ATAPI devices
> > > device ata
> > > device atadisk # ATA disk drives
> > > device atapicd # ATAPI CDROM drives
> > > options ATA_STATIC_ID # Static device numbering
> >
> > > # atkbdc0 controls both the keyboard and the PS/2 mouse
> > > device atkbdc # AT keyboard controller
> > > device atkbd # AT keyboard
> >
> > > device vga # VGA video card driver
> >
> > > device splash # Splash screen and screen saver support
> >
> > > # syscons is the default console driver, resembling an SCO console
> > > device sc
> >
> > > device agp # support several AGP chipsets
> >
> > > # Floating point support - do not disable.
> > > device npx
> >
> > > # Add suspend/resume support for the i8254.
> > > device pmtimer
> >
> >
> > > # Serial (COM) ports
> > > device sio # 8250, 16[45]50 based serial ports
> >
> > > # PCI Ethernet NICs that use the common MII bus controller code.
> > > # NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
> > > device miibus # MII bus support
> > > device bge # Broadcom BCM570xx Gigabit Ethernet
> >
> > > # Pseudo devices.
> > > device loop # Network loopback
> > > device mem # Memory and kernel memory devices
> > > device io # I/O device
> > > device random # Entropy device
> > > device ether # Ethernet support
> > > device tun # Packet tunnel.
> > > device pty # Pseudo-ttys (telnet etc)
> > > device md # Memory "disks"
> > > ##device gif # IPv6 and IPv4 tunneling
> > > ##device faith # IPv6-to-IPv4 relaying (translation)
> >
> > > # The `bpf' device enables the Berkeley Packet Filter.
> > > # Be aware of the administrative consequences of enabling this!
> > > # Note that 'bpf' is required for DHCP.
> > > device bpf # Berkeley packet filter
> >
> > > # SMP
> > > options SMP
> >
> > > # snooop
> > > device snp
> >
> > > ## PF
> > > device pf
> > > device pflog
> > > device pfsync
> >
> > > options ALTQ
> > > options ALTQ_CBQ
> > > options ALTQ_RED
> > > options ALTQ_RIO
> > > options ALTQ_HFSC
> > > options ALTQ_PRIQ
> >
> > > options QUOTA
> >
> > > pf.conf + altq config
> > > ==============
> > > ## set macros
> > > ext_if="bge0"
> > > main_ip="xx.xx.xx" < i remove :)
> > > http_ports="{ 43, 80 }"
> > > sec_ports="{ 22 }"
> > > tcp_serv="{ 20, 21, 25, 53 }"
> > > dns_ports="{ 43, 53, 123 }"
> > > irc_ports="{ 113, 2000 >< 8005, 8300 >< 9000, 30000 >< 40000 }"
> > > icmp_t="echoreq"
> > tracert="33434 >>< 33450"
> >
> > > ## main set options
> > > set timeout { frag 30, interval 10 }
> > > set limit { frags 5000, states 3000 }
> > > set loginterface $ext_if
> > > set block-policy drop
> > > set optimization normal
> > > scrub in all
> >
> > > ## QUEUES - ALTQ rules
> > > altq on bge0 cbq bandwidth 100Mb queue { q_all }
> > > queue q_all bandwidth 100% cbq { q_def, q_pri, q_misc, q_web, q_dns, q_irc }
> > > queue q_def bandwidth 25% priority 1 cbq(borrow default red ecn)
> > > queue q_misc bandwidth 10% priority 0 cbq(red)
> > > queue q_web bandwidth 15% priority 4 cbq(borrow)
> > > queue q_dns bandwidth 25% priority 5 cbq(borrow)
> > > queue q_irc bandwidth 25% priority 6 cbq(borrow)
> > > queue q_pri priority 7
> >
> > > ## Default Block
> > > block in all
> > > block out all
> >
> > > #=- Table
> > > table <spoof> persist file "/etc/pftable/spoof.conf"
> > > table <ddos> persist file "/etc/pftable/ddos.conf"
> > > table <sindo> persist file "/etc/pftable/servindo.conf"
> > > table <bfd> persist file "/etc/pftable/bfd.conf"
> > > table <int> persist file "/etc/pftable/int.conf"
> > > table <igh> persist file "/etc/pftable/joss.conf"
> >
> >
> > > block in quick on $ext_if from { <spoof>, <ddos>, <sindo>, <bfd>, <int> } to any
> >
> > > pass quick on lo0 all
> > > pass inet proto icmp from <joss> to any icmp-type $icmp_t keep state
> > > queue q_misc
> > > pass out quick proto udp from any to any port $tracert keep state queue q_def
> > > pass quick proto tcp from any to any port $tcp_serv keep state queue q_def
> >
> > > pass in quick proto tcp from <igh> to any port 22 keep state
> > > pass quick proto tcp from any to any port $sec_ports keep state queue q_pri
> >
> > > pass quick proto udp from any to any port $dns_ports keep state queue q_dns
> > > pass out quick proto { tcp, udp } from <igh> to any port { 161, 162 }
> > > keep state queue q_dns
> >
> > > pass in quick proto tcp from any to $main_ip port $http_ports flags
> > > S/SA synproxy state queue q_web
> > > pass out quick proto tcp from $main_ip to any port $http_ports keep
> > > state queue q_web
> >
> > > pass quick proto tcp from any to any port $irc_ports keep state queue q_irc
> >
> > > ============================
> >
> > > i try to load the configuration conf,
> >
> > > # pfctl -f /etc/pf.conf.altq
> > > pfctl: bge0: driver does not support altq
> >
> > > any one can help me to resolv this problem.
> >
> > > Nb: no error messege if the altq disabled.
> >
> > > Thank's
> > > _______________________________________________
> > > freebsd-pf@xxxxxxxxxxx mailing list
> > > http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> > > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@xxxxxxxxxxx"
> >
> > ALTQ doen not support device bge on 5.4. It does on 6.0.
> >
> > --
> > Roman Gorohov.
> >
> > _______________________________________________
> > freebsd-pf@xxxxxxxxxxx mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@xxxxxxxxxxx"
>