[FUG-BR] Duvida com controle de banda Squid + upload
Leonardo Meissner
leonardo.meissner em bsd.com.br
Quinta Julho 10 15:38:25 BRT 2008
Oi tiago segue !!!
Entao preciso de ajuda pois minha banda esta sobrecarregada devido eu nao
estar conseguindo controlar o upload com squid, se puder me dar uma ajuda eu
te agradeço.
ipfw show
00100 5718 20567968 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
01000 0 0 deny tcp from any 137 to any
01000 0 0 deny tcp from any to any dst-port 137
01001 0 0 deny tcp from any 138 to any
01001 0 0 deny tcp from any to any dst-port 138
01002 287 11696 deny tcp from any 139 to any
01002 3512 168576 deny tcp from any to any dst-port 139
01003 2373407 190899769 deny udp from any 137 to any
01003 25044 1973213 deny udp from any to any dst-port 137
01004 1069239 235077306 deny udp from any 138 to any
01004 188 38540 deny udp from any to any dst-port 138
01005 0 0 deny udp from any 139 to any
01005 2 217 deny udp from any to any dst-port 139
02020 0 0 allow tcp from 172.16.0.0/16 to
172.16.0.1dst-port 3128
02020 0 0 allow tcp from 172.16.0.1 3128 to 172.16.0.0/16
03002 7 585 pipe 3002 ip from 172.16.14.2 to any out
03003 0 0 pipe 3003 ip from 172.16.14.3 to any out
03004 0 0 pipe 3004 ip from 172.16.14.4 to any out
03005 0 0 pipe 3005 ip from 172.16.14.5 to any out
03006 124 69552 pipe 3006 ip from 172.16.14.6 to any out
03007 633 77285 pipe 3007 ip from 172.16.14.7 to any out
03502 0 0 pipe 3502 ip from 172.16.15.2 to any out
03503 0 0 pipe 3503 ip from 172.16.15.3 to any out
03504 0 0 pipe 3504 ip from 172.16.15.4 to any out
03505 0 0 pipe 3505 ip from 172.16.15.5 to any out
03506 2224 649311 pipe 3506 ip from 172.16.15.6 to any out
03507 13693 1998862 pipe 3507 ip from 172.16.15.7 to any out
07000 248522008 138460512235 divert 8668 ip from any to any via vr0
13001 215849 18631256 allow ip from any to 172.16.14.1
13002 105743893 45301647639 allow ip from any to 172.16.14.2
13003 4 192 allow ip from any to 172.16.14.3
13004 3148 422844 allow ip from any to 172.16.14.4
13005 0 0 allow ip from any to 172.16.14.5
13006 562172 633017825 allow ip from any to 172.16.14.6
13007 739626 555238845 allow ip from any to 172.16.14.7
17500 24674896 3599762525 fwd 127.0.0.1,3128 tcp from 172.16.0.0/16 to
any dst-port 80
18000 3180351 138951403 allow icmp from any to any
IFCONFIG
vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
inet 200.220.198.1 netmask 0xffffff00 broadcast 200.220.198.255
ether 00:20:ed:34:04:f3
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=9<RXCSUM,VLAN_MTU>
inet 172.16.14.1 netmask 0xffffff00 broadcast 172.16.14.255
ether 00:01:03:26:4b:bf
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
ipfw.rules
# SQUID
${fwcmd} add 2020 pass tcp from 172.16.0.0:255.255.0.0 to 172.16.0.1 3128
${fwcmd} add 2020 pass tcp from 172.16.0.1 3128 to 172.16.0.0:255.255.0.0
#########################################
# REGRAS DE UPLOAD # 3000 ~ 3900 = 6900 #
#########################################
#S1
#3000 + 500 = 3499
/bin/sh /etc/rc.upload.s1
###############################
# DIVERT # 7000 ~ 7900 = 900 #
###############################
${fwcmd} add 7000 divert natd all from any to any via vr0
############################################
# REGRAS DE DOWNLOAD # 9000 ~ 12900 = 3900 #
############################################
#S1
#9000 + 500 = 9499
/bin/sh /etc/rc.download.s1
################################################
# REGRA DE LIBERACAO DE ACESSO # 13000 ~ 16900 #
################################################
#S1
#13000 + 500 = 13499
/bin/sh /etc/rc.liberados.s1
###############################################################
# BLOQUEIO DE CLIENTE NAO CADASTRADO # 17000 ~17400 = 400 #
###############################################################
# Rede 172.16.0.0/16
${fwcmd} add 17000 deny ip from any to 172.16.0.0/16
#############################################################
# PROXY TRANSPARENTE PARA CLIENTES # 17500 ~ 17900 = 400 #
#############################################################
${fwcmd} add 17500 fwd 127.0.0.1,3128 tcp from 172.16.0.0:255.255.0.0 to any
www
########################################################
# LIBERACAO DE ALGUNS SERVICOS # 17500 ~ 17900 = 400 #
########################################################
# LIBERA PING #18000
${fwcmd} add 18000 pass icmp from any to any
2008/7/10 Tiago N. Furbeta <tfurbeta em cangere.com.br>:
> > Senhores venho a pedir uma ajuda
> >
> > estou usando o squid com ipfw, porem antes do squid o controle de banda
> > funciona que e uma beleza.
> >
> > Depois do squid o controle de banda para upload nao funcionas.
> >
> > Pesquisei e achei a opcao ssctl -w net.inet.ip.fw.one_pass=0
> >
> > porem nao esta funcionando
> >
> > alguem pode me ajudar ???
>
>
> Amigo, poste ai a saida dos seguintes comandos:
>
> # ipfw show
>
> # ifconfig
>
> Se possível, de um cat no seu script de firewall também.
>
> Att.
>
> --------------------------------------------------------------
> Tiago N. Furbeta
> tfurbeta em cangere.com.br
> Cangere Online Provedor de Internet Ltda.
> Provedor associado à Global Info
> Provedor associado à ABRAPI
> Campos Gerais - Sul de Minas
>
> "100% dos clientes gerenciados pelo WifiAuth"
> http://www.wifiauth.com.br/beta/
>
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>
Mais detalhes sobre a lista de discussão freebsd