On Fri, 8 Jan 2016 11:13:08 -0500
sven falempin <[email protected]> wrote:
> You will need to forward the all rule set i think, maybe the set prio
> 0 is erased by a further rules, try to pass in quick those p2p
> traffic before maybe ?
I had the luxury of ditching the complete ruleset for very simple one:
---pf.conf-start---
# RUNTIME OPTIONS
set skip on lo0
# INTERFACES
if_int = "re2"
if_ext = "pppoe0"
# HOSTS & NETWORKS
localnet = "{ 192.168.33.0/24 }"
# PORTS
both_p2p = "{ 1000:65535 }"
# NAT
match in all scrub ( no-df random-id max-mss 1440 )
match out on $if_ext inet from $localnet to any nat-to ($if_ext:0)
# RULES
block drop log all
pass inet from ($if_ext:0) to any
pass inet from $localnet to any
pass inet proto tcp from ($if_ext:0) to any port $both_p2p \
set ( prio 0 )
pass inet proto tcp from $localnet to any port $both_p2p \
set ( prio 0 )
pass inet proto udp from ($if_ext:0) to any port $both_p2p \
set ( prio 0 )
pass inet proto udp from $localnet to any port $both_p2p \
set ( prio 0 )
---pf.conf-end---
Actual ruleset (as seen by pfctl -sr output) is as follows:
---pfctl-sr-start---
match in all scrub (no-df random-id max-mss 1440)
match out on pppoe0 inet from 192.168.33.0/24 to any nat-to (pppoe0:0)
block drop log all
pass inet from (pppoe0:0) to any flags S/SA
pass inet from 192.168.33.0/24 to any flags S/SA
pass inet proto tcp from (pppoe0:0) to any port 1000:65535 \
flags S/SA set ( prio 0 )
pass inet proto tcp from 192.168.33.0/24 to any port 1000:65535 \
flags S/SA set ( prio 0 )
pass inet proto udp from (pppoe0:0) to any port 1000:65535 \
set ( prio 0 )
pass inet proto udp from 192.168.33.0/24 to any port 1000:65535 \
set ( prio 0 )
---pfctl-sr-end---
Situation is still the same: torrents being downloaded at full speed
(~8Mbit/s), simultaneous download of install59.fs from ftp.openbsd.org
averages at ~6Kbit/s.
Can anyone reproduce this?
--
Before enlightenment - chop wood, draw water.
After enlightenment - chop wood, draw water.
Marko Cupać
https://www.mimar.rs/
