altq not work ?

[mas_raka]

after follow solarfluz tutorial i get altq and pf installed on my freebsd 5.1

bejita# strings /boot/kernel/kernel | grep -c altq_lookup
1

bejita# kldstat | grep pf
3 1 0xc2844000 23000 pf.ko
4 2 0xc1343000 2000 pflog.ko
5 2 0xc260d000 3000 pfsync.ko
6 1 0xc26e0000 c000 pfaltq.ko

then i try some example on solarflux repository:

pf.conf ::
=========
# pf.conf from insomnia.benzedrine.cx
#
# Default gateway doing NAT for my home network, IPv6 tunnel endpoint, using
# queues for extended ackpri (so I can work while being /., for instance).
#
# The external interface is kue0, with a single routable address 62.65.145.30.
# The internal interface is gem0, address 10.1.1.1 in network 10.0.0.0/8.
#
# The IPv6 tunnel is explained in more detail on
# http://www.benzedrine.cx/gif.txt
#
# ACK prioritizing is explained on
# http://www.benzedrine.cx/ackpri.html

# macros
#
ext_if = "fxp0"
int_if = "fxp1"
kami = "192.168.0.0/16"
dotcom = "192.168.1.0/24"
unfiltered = "{ lo0, fxp1 }"
unroutable = "{ 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, \
192.168.0.0/16, 255.255.255.255/32 }"
services_tcp = "{ ssh, smtp, ftp, submission, domain, auth, www, pop3, > 1024 }"

# options
#
set loginterface $ext_if
set loginterface $int_if
set limit states 10000
set limit frags 500

# normalization
#
scrub in on $ext_if all fragment reassemble
scrub out on $ext_if all random-id fragment reassemble


# queues
#
#altq on fxp0 priq bandwidth 100Kb queue { q_max, q_hig, q_def, q_low }
#queue q_max priority 7
#queue q_hig priority 5
#queue q_def priority 3
#queue q_low priority 1 priq(default)

altq on $ext_if cbq bandwidth 128Kb queue { q_std }
queue q_std bandwidth 100% cbq \
{ q_def, q_pri, q_web, q_msc, q_dat, q_gms }
queue q_def bandwidth 25% priority 1 cbq(borrow default red ecn)
queue q_dat bandwidth 10% priority 0 cbq(red)
queue q_web bandwidth 25% priority 5 cbq(borrow)
queue q_msc bandwidth 15% priority 4 cbq(borrow)
queue q_gms bandwidth 25% priority 6 cbq(borrow)
queue q_pri priority 7

# translations
#

no nat on $unfiltered from any to any
no rdr on $unfiltered from any to any
#rdr on $unfiltered from any to any -> $int_if


# nat private network to single routable address
#
nat on $ext_if inet from $kami to any -> $ext_if


# ================================================== ===========================
# filter rules (default block/pass)
# ================================================== ===========================

#melok oi palcom neh
#pass in on $int_if inet proto tcp from 192.168.1.0/24 to any


# pass on unfiltered interfaces
#
pass quick on $unfiltered

# silently drop TCP non-SYN packets, the remaining ruleset only deals with
# TCP SYNs, which always create state when passed. the ruleset basically
# deals with 'connections', not packets, beyond this point.
#
block return-rst quick proto tcp all flags /S
block return-rst quick proto tcp all flags A/A

# block and log everything by default
#
block log
block return-rst log inet proto tcp
block return-icmp log inet proto udp

# ================================================== ===========================
# external interface (all external IPv4 traffic)
# ================================================== ===========================

# silently drop broadcasts (ADSL noise)
#
block in quick on $ext_if inet from any to { 255.255.255.255, 62.65.145.31 }

# block unwanted peers
#
block in quick on $ext_if inet from <quickblock> to any

# block some known-bad ports without logging
#
block return-rst in quick on $ext_if proto tcp from any to any \
port { 111, 443, 445, 1080, 6000, 6667 }
block return-icmp in quick on $ext_if proto udp from any to any \
port { 137, 138, 139, 1434 }

#
block in log quick on $ext_if inet from $unroutable to any

# block and log outgoing packets that don't have my address as source, they are
# either spoofed or something is misconfigured (NAT disabled, for instance),
# we want to be nice and not send out garbage.
#
block out log quick on $ext_if inet from !$ext_if to any

# ICMP
#

#gue komenkan dulu neh


pass out on $ext_if inet proto icmp from $ext_if to any \
icmp-type 8 code 0 keep state queue (q_max)

pass in on $ext_if inet proto icmp from any to $ext_if \
icmp-type 8 code 0 keep state (max 32) queue (q_low)


# UDP
#
pass out on $ext_if inet proto udp from any to any \
keep state queue (q_def)
pass out on $ext_if inet proto udp from any to any port domain \
keep state queue (q_hig)

pass in on $ext_if inet proto udp from any to $ext_if \
port domain keep state (max 512) queue (q_hig)
pass in on $ext_if inet proto udp from 62.65.145.29 to $ext_if \
port syslog keep state (max 2)

# TCP
#
pass out on $ext_if inet proto tcp from $ext_if to any \
flags S/SA keep state queue (q_def, q_max)
pass out on $ext_if inet proto tcp from $ext_if to any port www \
flags S/SA keep state queue (q_hig, q_max)

pass in on $ext_if inet proto tcp from any to $ext_if port $services_tcp \
flags S/SA keep state (max 1024, tcp.first 10, tcp.opening 10) \
queue (q_low, q_max)
pass in on $ext_if inet proto tcp from any to 127.0.0.1 port 8025 \
keep state queue (q_low, q_def)

# Allow DNS lokal
pass in quick on $int_if proto udp from any to any port = 53 keep state


==================
my rc.conf

kern_securelevel_enable="YES"
quota_enable="YES"
check_quotas="YES"

gateway_enable="YES"
portmap_enable="NO"
sshd_enable="YES"
usbd_enable="NO"
log_in_vain="YES"

pf_enable="YES"
pf_logd="YES"
pf_conf="/etc/pf.conf"

ifconfig_fxp1="inet 192.168.2.1 netmask 255.255.0.0"
ifconfig_fxp0="inet 202.159.31.198 netmask 255.255.255.128"
defaultrouter="202.159.31.129"
hostname="bejita.pct.com"

===========================>


then i try to flush :

bejita# pfctl -Fr
rules cleared

then try to load :

bejita# pfctl -e -f /etc/pf.conf
pfctl: fopen(/etc/pf.os): No such file or directory
altq not defined on fxp0
altq not defined on fxp0
/etc/pf.conf:49: errors in queue definition
altq not defined on fxp0
/etc/pf.conf:50: errors in queue definition
altq not defined on fxp0
/etc/pf.conf:51: errors in queue definition
altq not defined on fxp0
/etc/pf.conf:52: errors in queue definition
altq not defined on fxp0
/etc/pf.conf:53: errors in queue definition
altq not defined on fxp0
/etc/pf.conf:54: errors in queue definition
altq not defined on fxp0
/etc/pf.conf:55: errors in queue definition
pfctl: Syntax error in config file: pf rules not loaded


i have read openbsd faq on queueing section but then i got confused , any suggestion on fixing that error?

[bsdjunkie]

Is your network card recognized as fxp0? if you just grabbed that from the site without changing a few things it most likely will give you errors..

[mas_raka]

here's my ifconfig ::


bejita# ifconfig
xl0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
ether 00:a0:24:e5:7a:b0
media: Ethernet autoselect (none)
status: no carrier
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICA ST> mtu 1500
options=3<RXCSUM,TXCSUM>
inet 202.159.31.198 netmask 0xffffff80 broadcast 202.159.31.255
inet6 fe80::207:e9ff:fee6:dc48%fxp0 prefixlen 64 scopeid 0x2
ether 00:07:e9:e6:dc:48
media: Ethernet autoselect (100baseTX <full-duplex&gt
status: active
fxp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICA ST> mtu 1500
options=3<RXCSUM,TXCSUM>
inet 192.168.2.1 netmask 0xffff0000 broadcast 192.168.255.255
inet6 fe80::207:e9ff:fee6:dc49%fxp1 prefixlen 64 scopeid 0x3
ether 00:07:e9:e6:dc:49
media: Ethernet autoselect (100baseTX <full-duplex&gt
status: active
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
inet 127.0.0.1 netmask 0xff000000
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33208
pfsync0: flags=41<UP,RUNNING> mtu 1896

so whereis the problem ???

[SolarfluX]

This is just a guess, but try replacing $ext_if with fxp0... Every example I've ever seen uses the actual interface and not a macro. Sorry I can't be more helpful, but I'm kind of on hiatus right now.

[mas_raka]

it's work now, by replace $Ext_if with fxp0 like solarFlux suggest :-)

now i have a question :

is that possible to limit bandwith for two lan ( i have see solarflux repository , about two lan ) but i just doubt is it possible to limit bandwith for two lan (limit bandwith connection to internet only).

in my imagine :

lan1 = "192.168.1.0/24"
lan2= "192.168.2.0/24"

altq on fxp0 cbq bandwith 128Kb queue { q_std }
queue q_std bandwith 100% cbq { $lan1, $lan2 }
queue $lan1 bandwith 35% priority 1 cbq(borrow default red ecn)
queue $lan2 bandwith 65% priority 0 cbq(borrow )

i have to try it first :-)