[FUG-BR] IPFW+DUMYNET+Squid

Wanderson Tinti wanderson em bsd.com.br
Sábado Julho 19 19:53:37 BRT 2008


Boa noite a todos.
Se voce desabilitar a regra de fwd que vai pro squid e configurar o
proxy manualmente no navegador o controle funciona?

De uma olhada nessa discurção:
http://www.fug.com.br/historico/html/freebsd/2006-03/msg00658.html

Poste ai os resultados.

2008/7/19 sky priest <skypriest em gmail.com>:
> ok, ja pesquisei sobre essa solucao , porem tenho que configurar banda
> diferentes por cliente. Nessa aplicacao estou abrindo sinal dentro de um
> condominio e preciso configuras perfis de 128 - 256 - 512 e 1 m por
> determinada estacao dentro da rede 192.168.7.0/24
>
> So que quand ativo o squid para o controle de upload
>
> Sera que podem ajudar
>
> 2008/7/19 Alessandro de Souza Rocha <etherlinkii em gmail.com>:
>
>> controle de banda uso assim
>> ipfw pipe 1 config mask dst-ip 0×000000ff bw 128Kbit/s
>> ipfw pipe 2 config mask src-ip 0×000000ff bw 128Kbit/s
>> ipfw add pipe 1 all from any to 192.168.1.0/24 in
>> ipfw add pipe 2 all from 192.168.1.0/24 to any ou
>>
>> 2008/7/19 sky priest <skypriest em gmail.com>:
>> > OK, alterei meu e-mail para o gmail.
>> >
>> > Segue de novo minha duvida
>> >
>> >
>> > Senhores estou perdendo os cabelos com este problema, mas quando ativo o
>> > squid meu controle de banda UPLOAD nao funciona, desativo e tudo fica
>> > controlado.
>> >
>> > Vou passar um descritivo:
>> >
>> > Kernel :
>> >
>> > options         MROUTING
>> > options         IPFIREWALL
>> > options         IPFIREWALL_VERBOSE
>> > options         IPFIREWALL_FORWARD
>> > options         IPSTEALTH
>> > options         DUMMYNET
>> > options         HZ=1000
>> > options         BRIDGE
>> > options         ZERO_COPY_SOCKETS
>> > options         TCPDEBUG
>> > options         IPDIVERT
>> > options         IPFILTER
>> > options         IPFILTER_LOG
>> > options         IPFIREWALL_DEFAULT_TO_ACCEPT
>> > options         SC_DISABLE_REBOOT
>> >
>> > rc.conf
>> > #REGRAS DE FIREWALL
>> > firewall_enable='YES'
>> > firewall_type='OPEN'
>> > #REGRAS DE NAT
>> > natd_enable='YES'
>> > natd_interface='bge0'
>> > natd_flags='-f /etc/natd.conf'
>> >
>> > Natd.conf
>> >
>> > interface bge0
>> > dynamic yes
>> > use_sockets yes
>> > same_ports yes
>> > unregistered_only yes
>> >
>> >
>> > SYSCTL
>> >
>> > net.inet.ip.fw.one_pass=0
>> >
>> >
>> > ipfw.rules
>> >
>> > /sbin/ipfw add 7000 divert natd all from any to any via bge0
>> > /sbin/ipfw 9810 add pipe 9810 all from any to 192.168.7.2 out via any
>> > /sbin/ipfw 9820 add pipe 9820 all from 192.168.7.2 to any in via any
>> > /sbin/ipfw pipe 9810 config bw 256Kbit/s queue 32Kbytes
>> > /sbin/ipfw pipe 9820 config bw 128Kbit/s queue 32Kbytes
>> > /sbin/ipfw add allow all from any to 192.168.7.2
>> > /sbin/ipfw add allow all from 192.168.7.2 to any
>> > /sbin/ipfw add 17500 fwd 127.0.0.1,3128 tcp from 172.16.0.0:255.255.0.0
>> to
>> > any www
>> >
>> > O que pode estar de errado :::
>> >
>> > Alguem me ajuda
>> >
>> > Sds
>> >
>> >
>> >
>> > 2008/7/19, Alessandro de Souza Rocha <etherlinkii em gmail.com>:
>> >>
>> >> edita tudo e manda organizado.
>> >>
>> >> 2008/7/19 Welkson Renny de Medeiros <welkson em focusautomacao.com.br>:
>> >> > Sky,
>> >> >
>> >> > Chegou tudo misturado... culpa desse tal hotmail.
>> >> >
>> >> > Welkson
>> >> >
>> >> > ----- Original Message -----
>> >> > From: "sky priest" <sky-priest em hotmail.com>
>> >> > To: <freebsd em fug.com.br>; <sky-priest em hotmail.com>
>> >> > Sent: Saturday, July 19, 2008 2:16 AM
>> >> > Subject: [FUG-BR] IPFW+DUMYNET+Squid
>> >> >
>> >> >
>> >> > Senhores estou perdendo os cabelos com este problema, mas quando ativo
>> o
>> >> > squid meu controle de banda UPLOAD nao funciona, desativo e tudo fica
>> >> > controlado. Vou passar um descritivo: Kernel : options
>> >> > MROUTINGoptions         IPFIREWALLoptions
>> >> IPFIREWALL_VERBOSEoptions
>> >> > IPFIREWALL_FORWARDoptions         IPSTEALTHoptions
>> >> DUMMYNEToptions
>> >> > HZ=1000options         BRIDGEoptions         ZERO_COPY_SOCKETSoptions
>> >> > TCPDEBUGoptions         IPDIVERToptions         IPFILTERoptions
>> >> > IPFILTER_LOGoptions         IPFIREWALL_DEFAULT_TO_ACCEPToptions
>> >> > SC_DISABLE_REBOOTrc.conf #REGRAS DE
>> >> > FIREWALLfirewall_enable='YES'firewall_type='OPEN'#REGRAS DE
>> >> > NATnatd_enable='YES'natd_interface='bge0'natd_flags='-f
>> /etc/natd.conf'
>> >> > Natd.conf interface bge0dynamic yesuse_sockets yessame_ports
>> >> > yesunregistered_only yes SYSCTL net.inet.ip.fw.one_pass=0 ipfw.rules
>> >> > /sbin/ipfw add 7000 divert natd all from any to any via bge0/sbin/ipfw
>> >> 9810
>> >> > add pipe 9810 all from any to 192.168.7.2 out via any/sbin/ipfw 9820
>> add
>> >> > pipe 9820 all from 192.168.7.2 to any in via any/sbin/ipfw pipe 9810
>> >> config
>> >> > bw 256Kbit/s queue 32Kbytes/sbin/ipfw pipe 9820 config bw 128Kbit/s
>> queue
>> >> > 32Kbytes/sbin/ipfw add allow all from any to 192.168.7.2/sbin/ipfwadd
>> >> allow
>> >> > all from 192.168.7.2 to any/sbin/ipfw add 17500 fwd 127.0.0.1,3128
>> tcp
>> >> from
>> >> > 172.16.0.0:255.255.0.0 to any www O que pode estar de errado :::
>> Alguem
>> >> me
>> >> > ajuda  Sds
>> >> > _________________________________________________________________
>> >> > Confira vídeos com notícias do NY Times, gols direto do Lance,
>> >> > videocassetadas e muito mais no MSN Video!
>> >> > http://video.msn.com/?mkt=pt-br
>> >> > -------------------------
>> >> > Histórico: http://www.fug.com.br/historico/html/freebsd/
>> >> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>> >> >
>> >> > -------------------------
>> >> > Histórico: http://www.fug.com.br/historico/html/freebsd/
>> >> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>> >> >
>> >>
>> >>
>> >>
>> >> --
>> >> Alessandro de Souza Rocha
>> >> Administrador de Redes e Sistemas
>> >> FreeBSD-BR User #117
>> >> Long live FreeBSD
>> >>
>> >> Powered by ....
>> >>
>> >> (__)
>> >> \\\'',)
>> >> \/ \ ^
>> >> .\._/_)
>> >>
>> >> www.FreeBSD.org
>> >> -------------------------
>> >> Histórico: http://www.fug.com.br/historico/html/freebsd/
>> >> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>> >>
>> > -------------------------
>> > Histórico: http://www.fug.com.br/historico/html/freebsd/
>> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>> >
>>
>>
>>
>> --
>> Alessandro de Souza Rocha
>> Administrador de Redes e Sistemas
>> FreeBSD-BR User #117
>>  Long live FreeBSD
>>
>>  Powered by ....
>>
>>  (__)
>>  \\\'',)
>>  \/ \ ^
>>  .\._/_)
>>
>>  www.FreeBSD.org
>> -------------------------
>> Histórico: http://www.fug.com.br/historico/html/freebsd/
>> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>>
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>


Mais detalhes sobre a lista de discussão freebsd