[FUG-BR] IPFW+DUMYNET+Squid

Alessandro de Souza Rocha etherlinkii em gmail.com
Sábado Julho 19 13:58:27 BRT 2008


controle de banda uso assim
ipfw pipe 1 config mask dst-ip 0×000000ff bw 128Kbit/s
ipfw pipe 2 config mask src-ip 0×000000ff bw 128Kbit/s
ipfw add pipe 1 all from any to 192.168.1.0/24 in
ipfw add pipe 2 all from 192.168.1.0/24 to any ou

2008/7/19 sky priest <skypriest em gmail.com>:
> OK, alterei meu e-mail para o gmail.
>
> Segue de novo minha duvida
>
>
> Senhores estou perdendo os cabelos com este problema, mas quando ativo o
> squid meu controle de banda UPLOAD nao funciona, desativo e tudo fica
> controlado.
>
> Vou passar um descritivo:
>
> Kernel :
>
> options         MROUTING
> options         IPFIREWALL
> options         IPFIREWALL_VERBOSE
> options         IPFIREWALL_FORWARD
> options         IPSTEALTH
> options         DUMMYNET
> options         HZ=1000
> options         BRIDGE
> options         ZERO_COPY_SOCKETS
> options         TCPDEBUG
> options         IPDIVERT
> options         IPFILTER
> options         IPFILTER_LOG
> options         IPFIREWALL_DEFAULT_TO_ACCEPT
> options         SC_DISABLE_REBOOT
>
> rc.conf
> #REGRAS DE FIREWALL
> firewall_enable='YES'
> firewall_type='OPEN'
> #REGRAS DE NAT
> natd_enable='YES'
> natd_interface='bge0'
> natd_flags='-f /etc/natd.conf'
>
> Natd.conf
>
> interface bge0
> dynamic yes
> use_sockets yes
> same_ports yes
> unregistered_only yes
>
>
> SYSCTL
>
> net.inet.ip.fw.one_pass=0
>
>
> ipfw.rules
>
> /sbin/ipfw add 7000 divert natd all from any to any via bge0
> /sbin/ipfw 9810 add pipe 9810 all from any to 192.168.7.2 out via any
> /sbin/ipfw 9820 add pipe 9820 all from 192.168.7.2 to any in via any
> /sbin/ipfw pipe 9810 config bw 256Kbit/s queue 32Kbytes
> /sbin/ipfw pipe 9820 config bw 128Kbit/s queue 32Kbytes
> /sbin/ipfw add allow all from any to 192.168.7.2
> /sbin/ipfw add allow all from 192.168.7.2 to any
> /sbin/ipfw add 17500 fwd 127.0.0.1,3128 tcp from 172.16.0.0:255.255.0.0 to
> any www
>
> O que pode estar de errado :::
>
> Alguem me ajuda
>
> Sds
>
>
>
> 2008/7/19, Alessandro de Souza Rocha <etherlinkii em gmail.com>:
>>
>> edita tudo e manda organizado.
>>
>> 2008/7/19 Welkson Renny de Medeiros <welkson em focusautomacao.com.br>:
>> > Sky,
>> >
>> > Chegou tudo misturado... culpa desse tal hotmail.
>> >
>> > Welkson
>> >
>> > ----- Original Message -----
>> > From: "sky priest" <sky-priest em hotmail.com>
>> > To: <freebsd em fug.com.br>; <sky-priest em hotmail.com>
>> > Sent: Saturday, July 19, 2008 2:16 AM
>> > Subject: [FUG-BR] IPFW+DUMYNET+Squid
>> >
>> >
>> > Senhores estou perdendo os cabelos com este problema, mas quando ativo o
>> > squid meu controle de banda UPLOAD nao funciona, desativo e tudo fica
>> > controlado. Vou passar um descritivo: Kernel : options
>> > MROUTINGoptions         IPFIREWALLoptions
>> IPFIREWALL_VERBOSEoptions
>> > IPFIREWALL_FORWARDoptions         IPSTEALTHoptions
>> DUMMYNEToptions
>> > HZ=1000options         BRIDGEoptions         ZERO_COPY_SOCKETSoptions
>> > TCPDEBUGoptions         IPDIVERToptions         IPFILTERoptions
>> > IPFILTER_LOGoptions         IPFIREWALL_DEFAULT_TO_ACCEPToptions
>> > SC_DISABLE_REBOOTrc.conf #REGRAS DE
>> > FIREWALLfirewall_enable='YES'firewall_type='OPEN'#REGRAS DE
>> > NATnatd_enable='YES'natd_interface='bge0'natd_flags='-f /etc/natd.conf'
>> > Natd.conf interface bge0dynamic yesuse_sockets yessame_ports
>> > yesunregistered_only yes SYSCTL net.inet.ip.fw.one_pass=0 ipfw.rules
>> > /sbin/ipfw add 7000 divert natd all from any to any via bge0/sbin/ipfw
>> 9810
>> > add pipe 9810 all from any to 192.168.7.2 out via any/sbin/ipfw 9820 add
>> > pipe 9820 all from 192.168.7.2 to any in via any/sbin/ipfw pipe 9810
>> config
>> > bw 256Kbit/s queue 32Kbytes/sbin/ipfw pipe 9820 config bw 128Kbit/s queue
>> > 32Kbytes/sbin/ipfw add allow all from any to 192.168.7.2/sbin/ipfw add
>> allow
>> > all from 192.168.7.2 to any/sbin/ipfw add 17500 fwd 127.0.0.1,3128 tcp
>> from
>> > 172.16.0.0:255.255.0.0 to any www O que pode estar de errado ::: Alguem
>> me
>> > ajuda  Sds
>> > _________________________________________________________________
>> > Confira vídeos com notícias do NY Times, gols direto do Lance,
>> > videocassetadas e muito mais no MSN Video!
>> > http://video.msn.com/?mkt=pt-br
>> > -------------------------
>> > Histórico: http://www.fug.com.br/historico/html/freebsd/
>> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>> >
>> > -------------------------
>> > Histórico: http://www.fug.com.br/historico/html/freebsd/
>> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>> >
>>
>>
>>
>> --
>> Alessandro de Souza Rocha
>> Administrador de Redes e Sistemas
>> FreeBSD-BR User #117
>> Long live FreeBSD
>>
>> Powered by ....
>>
>> (__)
>> \\\'',)
>> \/ \ ^
>> .\._/_)
>>
>> www.FreeBSD.org
>> -------------------------
>> Histórico: http://www.fug.com.br/historico/html/freebsd/
>> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>>
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>



-- 
Alessandro de Souza Rocha
Administrador de Redes e Sistemas
FreeBSD-BR User #117
 Long live FreeBSD

 Powered by ....

 (__)
 \\\'',)
 \/ \ ^
 .\._/_)

 www.FreeBSD.org


Mais detalhes sobre a lista de discussão freebsd