Home arrow Guides arrow FreeBSD Router with Traffic Shaping with PF and ALTQ CBQ
FreeBSD Router with Traffic Shaping with PF and ALTQ CBQ PDF
Thursday, 14 February 2008

Here is a tutorial about building a FreeBSD router with traffic shaping using OpenBSD's PF and ALTQ CBQ discipline.

Step 1. Compile Kernel with support for PF and ALTQ
-------------------------------------------------------------------------


cd /usr/src/sys/i386/conf/
cp GENERIC ROUTER

edit ROUTER file and add the following lines at the end of file:

# ------------------ add the following lines to ROUTER file ------------------
# pf support
device mem
device pf
device pflog
device pfsync

# altq support
options ALTQ
options ALTQ_CBQ
options ALTQ_RED
options ALTQ_RIO
options ALTQ_HFSC
options ALTQ_PRIQ

# other optimizations
options HZ=1000
options DEVICE_POLLING
# ---------------------------------- eof ----------------------------------------------


Next, compile kernel with configurations from ROUTER file

cd /usr/src
make -j4 buildkernel KERNCONF=ROUTER
make installkernel KERNCONF=ROUTER

Reboot the machine and you have support in kernel for PF and ALTQ


Step 2 Create pf.conf file for your firewall and traffic shaper
---------------------------------------------------------------------------------

Rename your default /etc/pf.conf file and create a new config file. In our example we asume your network cards are fxp0 for WAN and fxp1 for LAN. also your LAN subnet is 192.168.0.0/24, and we setup LAN IP of router with value 192.168.0.1. Our LAN being on a private subnet (we only have one public IP) we will use NAT from PF.

Shaping is for 2 PCs on LAN. We've used a bandwidth of 10Mb/s, we've asigned 45% of bandwidth for every PC, and 10% for default queue.

Next is presented pf.conf file:

# --------------------- pf.conf ---------------------
ext_if="fxp0"
int_if="fxp1"
pc1="192.168.0.2"
pc2="192.168.0.3"

altq on $ext_if cbq bandwidth 10Mb queue {def_up, pc1_up, pc2_up}
altq on $int_if cbq bandwidth 10Mb queue {def_down, pc1_down, pc2_down}

queue def_up bandwidth 10% cbq(default)
queue def_down bandwidth 10% cbq(default)

queue pc1_up bandwidth 45% priority 6 cbq(red)
queue pc1_down bandwidth 45% priority 6 cbq(red)
queue pc2_up bandwidth 45% priority 6 cbq(red)
queue pc2_down bandwidth 45% priority 6 cbq(red)

nat on $ext_if from $int_if:network to any -> ($ext_if)

pass in quick on $ext_if from any to $pc1
pass out quick on $int_if from any to $pc1 queue pc1_down

pass in quick on $int_if from $pc1 to any
pass out quick on $ext_if from $pc1 to any queue pc1_up

pass in quick on $ext_if from any to $pc2
pass out quick on $int_if from any to $pc2 queue pc2_down

pass in quick on $int_if from $pc2 to any
pass out quick on $ext_if from $pc2 to any queue pc2_up

block all
# ----------------------- end pf.conf file ---------------------------


Step 3. Edit your /etc/rc.conf file and enable pf at startup to load config from /etc/pf.conf file
----------------------------------------------------------------------------------------------------------------------------

Your rc.conf file should look like this:

# -------------- rc.conf -----------------
hostname="router.example.com"
gateway_enable="yes"
defaultrouter="80.80.0.1"

ifconfig_fxp0="inet 80.80.0.2 netmask 255.255.255.224"
ifconfig_fxp1="inet 192.168.0.1 netmask 255.255.255.0"

sshd_enable="yes"

pf_enable="YES"
pf_rules="/etc/pf.conf"
# ---------------- end rc.conf ---------



Tips to debug PF rules:
--------------------------------


pfctl -vvsr       (see PF loaded rules)
pfctl -vvsq       (see PF queues in realtime)
pfctl -f /etc/pf.conf      (load pf.conf file)
pfctl -F state               (flush states)


Last Updated ( Thursday, 27 October 2011 )
 
Next >

Other BSD Systems

OpenBSD

Misc

Solaris

Polls

Best BSD firewall?