[FUG-BR] PF com falha ICMP
Aline Freitas
aline em bsd.com.br
Sexta Março 19 16:34:51 BRT 2010
Renata,
Eu já fiquei com minha rede assim devido a otimizações mal feitas no
sysctl.conf. O que você tem nele?
[]'s
Aline
On Mar 19, 2010, at 10:37 AM, Renata Dias wrote:
> Caros,
>
> Encontrei varias discussões a respeito da minha dúvida, porém
> nenhuma
> com solução!
>
> Eu ativo o pf e a rede passa a responder com "No buffer space
> available".
> Testei algumas opções que encontrei na internet, como: set limit
> { states
> 1000000000, src-nodes 1000000000, frags 50000000 } , porém sem
> sucesso.
>
> Segue meu pf.conf
>
> if_wan_upload="em0"
> if_lan_download="em1"
>
> table <rede_interna> { 192.168.0.0/24, 10.0.10.0/24 }
>
> altq on $if_wan_upload hfsc bandwidth 100% queue total_out
> queue total_out bandwidth 34Mb hfsc(upperlimit 34Mb) { ping_out
> voip_out
> dns_out http-https_out pop_out smtp_out ssh_out outros_out p2p_out }
> queue ping_out bandwidth 6% priority 9 hfsc(upperlimit 100%
> realtime 6%
> ecn red)
> queue voip_out bandwidth 5% priority 8 hfsc(upperlimit 100%
> realtime 5%
> ecn red)
> queue dns_out bandwidth 2% priority 7 hfsc(upperlimit 100% realtime
> 2% ecn
> red)
> queue http-https_out bandwidth 60% priority 6 hfsc(upperlimit 100%
> realtime 60% ecn red)
> queue ssh_out bandwidth 2% priority 5 hfsc(upperlimit 100% realtime
> 2% ecn
> red)
> queue smtp_out bandwidth 5% priority 4 hfsc(upperlimit 100%
> realtime 5%
> ecn red)
> queue pop_out bandwidth 5% priority 3 hfsc(upperlimit 100% realtime
> 5% ecn
> red)
> queue outros_out bandwidth 10% priority 2 hfsc(upperlimit 95%
> realtime 10%
> ecn red default)
> queue p2p_out bandwidth 5% priority 1 hfsc(upperlimit 80% realtime
> 5% ecn
> red)
>
> altq on $if_lan_download hfsc bandwidth 100Mb queue total
> queue total bandwidth 34Mb hfsc(upperlimit 34Mb) { ping voip dns
> http-https
> ssh smtp pop outros p2p }
> queue ping bandwidth 6% priority 9 hfsc(upperlimit 100% realtime 6%
> ecn
> red)
> queue voip bandwidth 5% priority 8 hfsc(upperlimit 100% realtime 5%
> ecn
> red)
> queue dns bandwidth 2% priority 7 hfsc(upperlimit 100% realtime 2%
> ecn
> red)
> queue http-https bandwidth 60% priority 6 hfsc(upperlimit 100%
> realtime
> 60% ecn red)
> queue ssh bandwidth 2% priority 5 hfsc(upperlimit 100% realtime 2%
> ecn
> red)
> queue smtp bandwidth 5% priority 4 hfsc(upperlimit 100% realtime 5%
> ecn
> red)
> queue pop bandwidth 5% priority 3 hfsc(upperlimit 100% realtime 5%
> ecn
> red)
> queue outros bandwidth 10% priority 2 hfsc(upperlimit 95% realtime
> 10% ecn
> red default)
> queue p2p bandwidth 5% priority 1 hfsc(upperlimit 80% realtime 5%
> ecn red)
>
> pass in quick on $if_wan_upload proto icmp from <rede_interna> to
> any keep
> state queue ping_out
> pass in quick on $if_lan_download proto icmp from <rede_interna> to
> any keep
> state queue ping
>
> pass in quick on $if_wan_upload proto { tcp, udp } from
> <rede_interna> to
> any port 53 keep state queue dns_out
> pass in quick on $if_lan_download proto { tcp, udp } from
> <rede_interna> to
> any port 53 keep state queue dns
>
> pass in quick on $if_wan_upload proto tcp from <rede_interna> to any
> port {
> 80, 443 } keep state queue http-https_out
> pass in quick on $if_lan_download proto tcp from <rede_interna> to
> any port
> { 80, 443 } keep state queue http-https
>
> pass in quick on $if_wan_upload proto tcp from <rede_interna> to any
> port
> 110 keep state queue pop_out
> pass in quick on $if_lan_download proto tcp from <rede_interna> to
> any port
> 110 keep state queue pop
>
> pass in quick on $if_wan_upload proto tcp from <rede_interna> to any
> port 25
> keep state queue smtp_out
> pass in quick on $if_lan_download proto tcp from <rede_interna> to
> any port
> 25 keep state queue smtp
>
> pass in quick on $if_wan_upload proto tcp from <rede_interna> to any
> port 22
> keep state queue ssh_out
> pass in quick on $if_lan_download proto tcp from <rede_interna> to
> any port
> 22 keep state queue ssh
>
>
>
> --
> Renata Dias
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Mais detalhes sobre a lista de discussão freebsd