This tip limits the upload rate of your connection to limit the download rate of users accessing your website. When someone downloads a large file from your website your uplink is saturated and all outgoing packets get delayed, thus slowing the connection for all computers on your LAN.

For example, you have a webserver on your LAN and another person on the LAN is an avid gamer. Every time someone visits your website and requests a large file for download the gamer’s connection gets saturated and his ping times go through the roof slowing gameplay enormously.

This tip was done with a connection of 7Mb down / 768Kb up. This tip assumes you are providing NAT with PF.

With PF and ALTQ this can easily be fixed with the following rules in pf.conf:

ext_if="xl0"

int_if="xl1"



webserver="192.168.0.20"

gamerspc="192.168.0.10"



#OUTBOUND QUEUES [Put these rules before your NAT Startup]

altq on $int_if cbq bandwidth 7Mb queue {gamer_out, webserver_out}

queue gamer_out bandwidth 80% cbq(default, borrow)

queue webserver_out bandwidth 20% priority 2 cbq(borrow)



#INBOUND QUEUES [Put these rules before your NAT Startup]

altq on $ext_if cbq bandwidth 768Kb queue {gamer_in, webserver_in}

queue gamer_in bandwidth 80% cbq(default, borrow)

queue webserver_in bandwidth 20% priority 2 cbq(borrow)





#QUEUING DOWNLOAD TRAFFIC

pass out on $int_if from $gamerspc to any flags S/SA keep state queue gamer_out

pass out on $int_if from $webserver to any flags S/SA keep state queue webserver_out



#QUEUING UPLOAD TRAFFIC

pass in on $int_if from $gamerspc to any keep state queue gamer_in

pass in on $int_if from $webserver to any keep state queue webserver_in

Now when someone accesses a large file from the webserver they will have full access to the upload rate if it’s available, however if the gamer needs the bandwidth ALTQ will only allow the person downloading the large file 20% of the upload bandwidth, and give the gamer the other 80%.

Reference: http://www.openbsd.org/faq/pf/queueing.html