[FUG-BR] Erro no pf.conf - queue root_dc0 already exists on interface dc0
Alessandro de Souza Rocha
etherlinkii em gmail.com
Quinta Janeiro 25 21:25:59 BRST 2007
2007/1/25, Alessandro de Souza Rocha <etherlinkii em gmail.com>:
> 2007/1/25, Alessandro de Souza Rocha <etherlinkii em gmail.com>:
> > 2007/1/25, Cristina Fernandes Silva <cristina.fsilva em yahoo.com.br>:
> > > O restante é esse.
> > >
> > >
> > > # Fazendo o NAT
> > > nat on $int_ext from $rede to any -> $int_ext
> > > nat on $int_ext from <baixa> to any -> $int_ext
> > > nat on $int_ext from <bmedia> to any -> $int_ext
> > > nat on $int_ext from <media> to any -> $int_ext
> > > nat on $int_ext from <alta> to any -> $int_ext
> > > nat on $int_ext from <center> to any -> $int_int
> > >
> > >
> > > # Redicrecionamento
> > > #--------------------------------
> > > rdr on $int_int proto tcp from any to any port 80 -> $server1 port 3128
> > >
> > > # ... sessão de filtragem
> > >
> > > # blockeando tudo por default
> > > block in log on $int_ext from any to any
> > >
> > > # bloqueando spoof
> > > antispoof for { $int_ext } inet
> > >
> > > # bloqueando scanners
> > > block drop in quick on { $int_ext } from any os { NMAP }
> > >
> > > # bloqueando trafego ipv6
> > > block log quick inet6
> > >
> > > #Liberando loopback
> > > pass quick on lo0 all
> > >
> > > # liberando ping/traceroute
> > > pass out log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state
> > > pass in log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state
> > >
> > > # Liberando portas
> > > #INCOMING
> > > #TCP
> > > pass in quick on $int_ext inet proto tcp from any to $int_ext port $TCP_IN flags S/SA keep state
> > > #UDP
> > > #pass in quick on $int_ext inet proto udp from any to $int_ext port $UDP_IN keep state
> > > #PING
> > > pass in quick on $int_ext inet proto icmp from any to $int_ext icmp-type $PING keep state
> > >
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 22
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 21
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 20
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 25
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 53
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 80
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 443
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 110
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 8080
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 6667
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 6891
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 6893
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 6900
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 1213
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 1214
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 1832
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 3094
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 3622
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 2216
> > > pass in on $int_ext inet proto tcp from port 20 to ($int_ext) user proxy flags S/SA keep state
> > >
> > > #OUTGOING
> > > #EXTERNAL INTERFACE
> > >
> > > #TCP
> > > pass out quick on $int_ext inet proto tcp from $int_ext to any port $TCP_OUT flags S/SA keep
> > > state
> > >
> > > #UDP
> > > pass out quick on $int_ext inet proto udp from $int_ext to any port $UDP_OUT keep state
> > >
> > > #ICMP
> > > pass out quick on $int_ext inet proto icmp from $int_ext to any icmp-type $PING keep state
> > >
> > > # Liberando acesso
> > > pass in log on $int_ext from <baixa> to any queue baixa_in
> > > pass in log on $int_ext from <bmedia> to any queue bmedia_in
> > > pass in log on $int_ext from <media> to any queue media_in
> > > pass in log on $int_ext from <alta> to any queue alta_in
> > > pass in log on $int_ext from <center> to any queue center_in
> > >
> > > pass in log on $int_ext from <baixa> to any
> > > pass in log on $int_ext from <bmedia> to any
> > > pass in log on $int_ext from <media> to any
> > > pass in log on $int_ext from <alta> to any
> > > pass in log on $int_ext from <center> to any
> > >
> > >
> > > Obrigada
> > >
> > >
> > > Cristina
> > >
> > >
> > > __________________________________________________
> > > Fale com seus amigos de graça com o novo Yahoo! Messenger
> > > http://br.messenger.yahoo.com/
> > > -------------------------
> > > Histórico: http://www.fug.com.br/historico/html/freebsd/
> > > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
> > >
> > Cristina um exemplo para vc.
> >
> > altq on $ext_if bandwidth 1Mb cbq queue { dflt_out, local,wireless }
> > queue dflt_out bandwidth 5% cbq(default)
> > queue local bandwidth 50%
> > queue wireless bandwidth 40%
> >
> > altq on $int_if bandwidth 1Mb cbq queue { dflt_in, cpd, radio }
> > queue dflt_in bandwidth 10% cbq(default)
> > queue cpd 50%
> > queue radio bandwidth 40%
> >
> > pass out on $int_if from 192.168.0.0/24 to any keep state queue cpd
> > pass out on $int_if from 100.100.100.0/24 to any keep state queue radio
> > pass out on $ext_if from 192.168.0.0/24 to any keep state queue cpd
> > pass out on $ext_if from 100.100.100.0/24 to any keep state queue radio
> >
> >
> > --
> > Alessandro de Souza Rocha
> > Administrador de Redes e Sistemas
> > Freebsd-BR User #117
> >
>
> --
> Alessandro de Souza Rocha
> Administrador de Redes e Sistemas
> Freebsd-BR User #117
>
Descula-me pelo erro acima.
segui as configuracoes minha abaixo.
# Queueing: rule-based bandwidth control.
altq on $ext_if bandwidth 1Mb cbq queue { dflt_out, local,wireless }
queue dflt_out bandwidth 5% cbq(default)
queue local bandwidth 50%
queue wireless bandwidth 40%
altq on $int_if bandwidth 1Mb cbq queue { dflt_in, cpd, radio }
queue dflt_in bandwidth 5% cbq(default)
queue cpd bandwidth 50%
queue radio bandwidth 40%
pass out on $int_if from 192.168.0.0/24 to any keep state queue cpd
pass out on $int_if from 100.100.100.0/24 to any keep state queue radio
pass out on $ext_if from 192.168.0.0/24 to any keep state queue local
pass out on $ext_if from 100.100.100.0/24 to any keep state queue wireless
firewall# pfctl -s queue
queue root_sis0 bandwidth 1Mb priority 0 cbq( wrr root ) {dflt_out,
local, wireless}
queue dflt_out bandwidth 50Kb cbq( default )
queue local bandwidth 500Kb
queue wireless bandwidth 400Kb
queue root_rl0 bandwidth 1Mb priority 0 cbq( wrr root ) {dflt_in, cpd, radio}
queue dflt_in bandwidth 50Kb cbq( default )
queue cpd bandwidth 500Kb
queue radio bandwidth 400Kb
--
Alessandro de Souza Rocha
Administrador de Redes e Sistemas
Freebsd-BR User #117
Mais detalhes sobre a lista de discussão freebsd