RudiK
07-23-2008, 09:57 AM
Hello,
I am running a FBSD 7 firewall @ home connected to a DSL line which I share with my wife.
One of the main problems that I have encountered is that when my wife surfs the internet my online gaming screeches to a halt untill the page has loaded and by that time I've been pwned :(
I was thinking about using ALTQ to prioritize the traffic and after checking out Daniel Hartmeier's page on "Prioritizing empty TCP ACKs" (http://www.benzedrine.cx/ackpri.html) I came up with the variation of his rule set.
ext_if="tun0"
cod_ports = "{28960:29000}"
altq on $ext_if priq bandwidth 400Kb queue { q_pri, q_def, q_cod, q_domain, q_ssh }
queue q_pri priority 10
queue q_cod priority 9
queue q_domain priority 8
queue q_ssh priority 7
queue q_def priority 1 priq(default)
pass out on $ext_if proto tcp from $ext_if to any flags S/SA keep state queue (q_def, q_pri)
pass in on $ext_if proto tcp from any to $ext_if flags S/SA keep state queue (q_def, q_pri)
pass out on $ext_if proto udp from $ext_if to any port $cod_ports modulate state queue q_cod
pass in on $ext_if proto udp from any to $ext_if port $cod_ports modulate state queue q_cod
pass out on $ext_if proto tcp from $ext_if to any port domain flags S/SA keep state queue q_domain
pass in on $ext_if proto tcp from any to $ext_if port domain flags S/SA keep state queue q_domain
pass out on $ext_if proto udp from $ext_if to any port domain modulate state queue q_domain
pass in on $ext_if proto udp from any to $ext_if port domain modulate state queue q_domain
pass out on $ext_if proto tcp from $ext_if to any port ssh flags S/SA keep state queue q_ssh
pass in on $ext_if proto tcp from any to $ext_if port ssh flags S/SA keep state queue q_ss
I have two questions:
1) Can you specify a range of ports in a macro e.g. cod_ports = "{28960:29000}"?
2) Will the rest of the priority queues even come in to play or will the first priority queue override the rest?
Thanks
I am running a FBSD 7 firewall @ home connected to a DSL line which I share with my wife.
One of the main problems that I have encountered is that when my wife surfs the internet my online gaming screeches to a halt untill the page has loaded and by that time I've been pwned :(
I was thinking about using ALTQ to prioritize the traffic and after checking out Daniel Hartmeier's page on "Prioritizing empty TCP ACKs" (http://www.benzedrine.cx/ackpri.html) I came up with the variation of his rule set.
ext_if="tun0"
cod_ports = "{28960:29000}"
altq on $ext_if priq bandwidth 400Kb queue { q_pri, q_def, q_cod, q_domain, q_ssh }
queue q_pri priority 10
queue q_cod priority 9
queue q_domain priority 8
queue q_ssh priority 7
queue q_def priority 1 priq(default)
pass out on $ext_if proto tcp from $ext_if to any flags S/SA keep state queue (q_def, q_pri)
pass in on $ext_if proto tcp from any to $ext_if flags S/SA keep state queue (q_def, q_pri)
pass out on $ext_if proto udp from $ext_if to any port $cod_ports modulate state queue q_cod
pass in on $ext_if proto udp from any to $ext_if port $cod_ports modulate state queue q_cod
pass out on $ext_if proto tcp from $ext_if to any port domain flags S/SA keep state queue q_domain
pass in on $ext_if proto tcp from any to $ext_if port domain flags S/SA keep state queue q_domain
pass out on $ext_if proto udp from $ext_if to any port domain modulate state queue q_domain
pass in on $ext_if proto udp from any to $ext_if port domain modulate state queue q_domain
pass out on $ext_if proto tcp from $ext_if to any port ssh flags S/SA keep state queue q_ssh
pass in on $ext_if proto tcp from any to $ext_if port ssh flags S/SA keep state queue q_ss
I have two questions:
1) Can you specify a range of ports in a macro e.g. cod_ports = "{28960:29000}"?
2) Will the rest of the priority queues even come in to play or will the first priority queue override the rest?
Thanks