Instalei o shaperd para fazer o controle de banda da rede aqui da
repartição onde trabalho. No mesmo servidor o squid + dansgaurdian faz
bloqueio a extensões e sites proibidos. Preferi controlar a banda pelo
shaperd pelo fato de ele possuir o recurso de liberar a banda excedente
quando houver menor tráfego na rede. Acontece que depois de instalado e
se configurado segundo o tutorial disponível em
http://wiki.consoli.org.br/~wiki/index.php/QOS_no_Debian_Lenny_com_Shaper o
shaper não inicializa após o comando /etc/init.d/shaperd start , pois
não há nenhum daemon ativo com este nome e a banda fica completamente
sem limite na rede.
Não sei qual possa ser o problema, possuo um script firewall que
bloqueia acesso a algumas portas e libera o nat para o mac de apenas uma
máquina que necessita de acesso direto para um dos sistemas da Caixa
Economica Federal. As outras máquinas na rede acessam via proxy já
configurado previamente nos computadores.
Na pasta /etc/shaperd possuo os arquivos:
cbq-0002.-in
DEVICE=eth1,512Kbit,55Kbit
RATE=150Kbit
WEIGHT=15Kbit
PRIO=5
RULE=192.168.1.0/24
BOUNDED=yes
ISOLATED=yes
cbq-0002.-out
DEVICE=eth1,100Mbit,10Mbit
RATE=150Kbit
WEIGHT=15Kbit
PRIO=5
RULE=192.168.1.0/24,
BOUNDED=yes
ISOLATED=yes
shaperd.conf
# example.1.conf: shape echo server's output to measure performance
#
# send a SIGHUP to reload this file with the command killall -HUP
shaperd
# this is an "internal" log level (all logs are sent with facility
daemon,
# priority info; see the syslog manpage for more information).
# valid levels are:
# alert (1)
# error (2)
# warning (3)
# info (4)
# debug1 (5)
# debug2 (6)
# log levels beggining from warning (3) will log unmatched packets
log level = info
# this is a required option. note that shaperd must have been built with
# the correct forwarding mechanism(s) in order for these to work
# see the README for further details.
# packet forwarding = ipq
# packet forwarding = divert # check "divert port" and "divert
reinjection"
packet forwarding = ipq
# for divert sockets, you must also specify a port number:
# this number should be the same value you use in the firewall rules
# divert port = 1111
# this is useful for debugging
# shaperd will run detached if set to "yes"
daemon = yes
# full path to shaperd's pidfile
# it'll be generated in daemon mode only
pidfile = /var/run/shaperd.pid
class local_echo {
# shape every tcp packet from 127.0.0.1, port=7 (echo)
ipv4 classifier proto=tcp saddr=127.0.0.1 sport=7
# valid suffixes: mbyte/s mbit/s kbyte/s kbit/s byte/s bit/s
bandwidth = 100.0 kbyte/s
# maximum queue size
# shaperd will drop packets when the queue is full
# valid suffixes: mbyte, mb, kbyte, kb, byte, bytes
# 0 means "unlimited" (both for bytes and amount of packets)
# - the first limit, bytes, is mainly for divert sockets
(because
# it forwards entire datagrams of arbitraty sizes)
# - the second limit, packets, is intended for use under
kernel 2.4,
# because linux will trigger an error when the number of
# outstanting packets is greater than /proc/net/ip_queue
queue limits = 100 kb 100 packets
# (divert only)
# divert reinjection = inbound|outbound
# as a rule of thumb:
# packets for this host -> inbound
# forwarded packets -> inbound
# packets from this host -> outbound
# these are locally generated packets, so we'll reinject
them in the
# outbound direction
#
# divert reinjection = outbound
}
Alguém pode me ajudar a fazer o shaper funcionar?
