Caros estou mandando em anexo minhas conf's de firewall e qos (HTB), e estarei lendo as dicas dos amigos.
Grato 2006/9/13, Reinaldo Carvalho <[EMAIL PROTECTED]>:
Você não pode fazer controle de upload caso esteja fazendo Nat no Netfilter. http://www.nautilus.com.br/~rei/artigo-tcc.pdf Os pings podem estar subindo por causa da suas proprias regras, mande-as para dar uma olhada. On 9/13/06, Diogo Borsoi <[EMAIL PROTECTED]> wrote: > Caros estou com um problemao, é o seguinte qdo eu ativo o htb a rede > fica lenta inclusive o server, os pings sobem demais, eu desativo o > htb os pings voltam ao normal e td fica bem, e digo mais, qdo eu > desativo a classe DEFAULT de "upload" (eth0 -- WAN) os pings ficam > bons tbm, notei q nao estou conseguindo controlar upload :( , alg > saberia me dizer o q pode ser? > > -- > Att. > Diogo Borsoi > > -- Reinaldo Carvalho Debian Sarge 3.1 - Linux User: #238310 Prodepa - [EMAIL PROTECTED]
-- Att. Diogo Borsoi
#!/bin/sh # # by Diogo Borsoi - www.deepinformatica.com.br # IPTABLES=/usr/local/sbin/iptables INT_IF=eth1 EXT_IF=eth0 LOCAL_NETWORK=10.201.201.0/24 WAN=200.x.x.x.x # É assumido um sistema usando kmod para carga automática dos módulos usados por # esta configuração do firewall: # ipt_filter # ipt_nat # ipt_conntrack # ipt_mangle # ipt_TOS # ipt_MASQUERADE # ipt_LOG # Se você tem um kernel modularizado que não utiliza o kmod, será necessário # carregar estes módulos via modprobe, insmod ou iptables --modprobe=modulo # Limpa regras $IPTABLES -F $IPTABLES -X $IPTABLES -Z $IPTABLES -t nat -F $IPTABLES -t nat -X $IPTABLES -t nat -Z $IPTABLES -t mangle -F $IPTABLES -t mangle -X $IPTABLES -t mangle -Z ##### Definição de Policiamento ##### echo 'Loading chains...' # Tabela filter $IPTABLES -t filter -P INPUT DROP $IPTABLES -t filter -P OUTPUT ACCEPT $IPTABLES -t filter -P FORWARD DROP # Tabela nat $IPTABLES -t nat -P PREROUTING ACCEPT $IPTABLES -t nat -P OUTPUT ACCEPT $IPTABLES -t nat -P POSTROUTING DROP # Tabela mangle $IPTABLES -t mangle -P PREROUTING ACCEPT $IPTABLES -t mangle -P OUTPUT ACCEPT ##### Proteção contra IP Spoofing ##### for i in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 >$i done ##### Proteção contra Syncookies ##### if [ -e /proc/sys/net/ipv4/tcp_syncookies ] then echo 1 > /proc/sys/net/ipv4/tcp_syncookies fi ##### Ativamos o redirecionamento de pacotes (requerido para NAT) ##### echo "1" > /proc/sys/net/ipv4/ip_forward #echo "8192" > /proc/sys/net/ipv4/ip_conntrack_max ############################################################### # Tabela filter # ############################################################### ##### Chain INPUT ##### # Criamos um chain que será usado para tratar o tráfego vindo da Rede Interna e outra Internet $IPTABLES -N local-input $IPTABLES -N eth0-input # Aceita todo o tráfego vindo do loopback e indo pro loopback $IPTABLES -A INPUT -i lo -j ACCEPT # Todo tráfego vindo da rede interna também é aceito #$IPTABLES -A INPUT -i $INT_IF -j ACCEPT # Conexões vindas da interface $INT_IF são tratadas pelo chain local-input $IPTABLES -A INPUT -s $LOCAL_NETWORK -i $INT_IF -j local-input # Conexões vindas da interface $EXT_IF são tratadas pelo chain eth0-input $IPTABLES -A INPUT -i $EXT_IF -j eth0-input # Permite conexão com o DHCPD vindo somente da $INT_IF $IPTABLES -A INPUT -p tcp -i $INT_IF --dport 67:68 -j ACCEPT $IPTABLES -A INPUT -p udp -i $INT_IF --dport 67:68 -j ACCEPT # Qualquer outra conexão desconhecida é imediatamente registrada e derrubada $IPTABLES -A INPUT -j LOG --log-prefix "FIREWALL: INPUT " $IPTABLES -A INPUT -j DROP ##### Chain FORWARD #### # Permite redirecionamento de conexões entre as interfaces locais # especificadas abaixo. Qualquer tráfego vindo/indo para outras # interfaces será bloqueado neste passo ### Controle de ip por lista #for i in $(cat /etc/rc.d/clientes.fw);do $IPTABLES -A FORWARD -d $i -i $EXT_IF -o $INT_IF -j ACCEPT;done #for i in $(cat /etc/rc.d/clientes.fw);do $IPTABLES -A FORWARD -s $i -i $INT_IF -o $EXT_IF -j ACCEPT;done ### Regra de bloqueio de portas ### $IPTABLES -A FORWARD -p tcp -s 10.201.201.128 --dport 3662:6672 -i $INT_IF -o $EXT_IF -j DROP $IPTABLES -A FORWARD -p udp -s 10.201.201.128 --dport 3662:6672 -i $INT_IF -o $EXT_IF -j DROP ### Script que atrela IP ao MAC Address ### /etc/rc.d/clientes.fw $IPTABLES -A FORWARD -d $LOCAL_NETWORK -i $EXT_IF -o $INT_IF -j ACCEPT #$IPTABLES -A FORWARD -s $LOCAL_NETWORK -i $INT_IF -o $EXT_IF -j ACCEPT $IPTABLES -A FORWARD -j LOG --log-prefix "FIREWALL: FORWARD " $IPTABLES -A FORWARD -j DROP ##### Chain local-input #### # Aceitamos todas as mensagens icmp vindas de $INT_IF com certa limitação # O tráfego de pacotes icmp que superar este limite será bloqueado # pela regra "...! ESTABLISHED,RELATED -j DROP" no final do # chain local-input # Trata todo o tráfego vindo da $LOCAL_NETWORK na $INT_IF e bloqueia o que não estiver # expressamente descrito. $IPTABLES -A local-input -p icmp -m limit --limit 2/s -j ACCEPT # Primeiro aceitamos o tráfego vindo da Rede Interna com destino aos serviços abaixo # www $IPTABLES -A local-input -p tcp --dport 80 -j ACCEPT # ssh $IPTABLES -A local-input -p tcp --dport 2222 -j ACCEPT # Permite conexão com o DNS (Bind) somente a rede interna $IPTABLES -A local-input -p tcp --dport 53 -j ACCEPT $IPTABLES -A local-input -p udp --dport 53 -j ACCEPT # Bloqueia qualquer tentativa de nova conexão da rede interna para esta máquina $IPTABLES -A local-input -m state --state ! ESTABLISHED,RELATED -j LOG --log-prefix "FIREWALL: local-in " $IPTABLES -A local-input -m state --state ! ESTABLISHED,RELATED -j DROP #$IPTABLES -A local-input -j DROP $IPTABLES -A local-input -j ACCEPT ##### Chain eth0-input #### # Aceitamos todas as mensagens icmp vindas de $EXT_IF com certa limitação # O tráfego de pacotes icmp que superar este limite será bloqueado # pela regra "...! ESTABLISHED,RELATED -j DROP" no final do # chain eth0-input # $IPTABLES -A eth0-input -p icmp -m limit --limit 2/s -j ACCEPT # Primeiro aceitamos o tráfego vindo da Internet com destino aos serviços abaixo # www #$IPTABLES -A eth0-input -p tcp --dport 8888 -j ACCEPT # ssh $IPTABLES -A eth0-input -p tcp --dport 2222 -j ACCEPT # ftp #$IPTABLES -A eth0-input -p tcp --dport 21 -j ACCEPT # A tentativa de acesso externo a estes serviços serão registrados no syslog # do sistema e serão bloqueados pela última regra abaixo. $IPTABLES -A eth0-input -p tcp --dport 21 -j LOG --log-prefix "FIREWALL: ftp " $IPTABLES -A eth0-input -p tcp --dport 25 -j LOG --log-prefix "FIREWALL: smtp " $IPTABLES -A eth0-input -p udp --dport 53 -j LOG --log-prefix "FIREWALL: dns " $IPTABLES -A eth0-input -p tcp --dport 110 -j LOG --log-prefix "FIREWALL: pop3 " $IPTABLES -A eth0-input -p tcp --dport 113 -j LOG --log-prefix "FIREWALL: identd " $IPTABLES -A eth0-input -p udp --dport 111 -j LOG --log-prefix "FIREWALL: rpc" $IPTABLES -A eth0-input -p tcp --dport 111 -j LOG --log-prefix "FIREWALL: rpc" $IPTABLES -A eth0-input -p tcp --dport 137:139 -j LOG --log-prefix "FIREWALL: samba " $IPTABLES -A eth0-input -p udp --dport 137:139 -j LOG --log-prefix "FIREWALL: samba " # Bloqueia qualquer tentativa de nova conexão de fora para esta máquina $IPTABLES -A eth0-input -m state --state ! ESTABLISHED,RELATED -j LOG --log-prefix "FIREWALL: eth0-in " $IPTABLES -A eth0-input -m state --state ! ESTABLISHED,RELATED -j DROP $IPTABLES -A eth0-input -j ACCEPT ####################################################### # Tabela nat # ####################################################### ##### Chain PREROUTING ##### #$IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 2121 -j DNAT --to 10.201.201.2:2121 #$IPTABLES -A FORWARD -p tcp -d 10.201.201.2 --dport 2121 -j ACCEPT $IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 8181 -i $EXT_IF -j DNAT --to 10.201.201.194:80 $IPTABLES -A FORWARD -p tcp -d 10.201.201.194 --dport 80 -i $EXT_IF -o $INT_IF -j ACCEPT $IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 9180 -i $EXT_IF -j DNAT --to 10.201.201.5:9180 $IPTABLES -A FORWARD -p tcp -d 10.201.201.5 --dport 9180 -i $EXT_IF -o $INT_IF -j ACCEPT $IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 9080 -i $EXT_IF -j DNAT --to 10.201.201.5:9080 $IPTABLES -A FORWARD -p tcp -d 10.201.201.5 --dport 80 -i $EXT_IF -o $INT_IF -j ACCEPT $IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 5900 -i $EXT_IF -j DNAT --to 10.201.201.2:5900 $IPTABLES -A FORWARD -p tcp -d 10.201.201.2 --dport 5900 -i $EXT_IF -j ACCEPT $IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 2121 -i $EXT_IF -j DNAT --to 10.201.201.2:2121 $IPTABLES -A FORWARD -p tcp -d 10.201.201.2 --dport 2121 -i $EXT_IF -o $INT_IF -j ACCEPT $IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 8080 -i $EXT_IF -j DNAT --to 10.201.201.106:8080 $IPTABLES -A FORWARD -p tcp -d 10.201.201.106 --dport 8080 -i $EXT_IF -o $INT_IF -j ACCEPT $IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 22 -i $EXT_IF -j DNAT --to 10.201.201.106:22 $IPTABLES -A FORWARD -p tcp -d 10.201.201.106 --dport 22 -i $EXT_IF -o $INT_IF -j ACCEPT $IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 4044 -i $EXT_IF -j DNAT --to 10.201.201.106:4044 $IPTABLES -A FORWARD -p tcp -d 10.201.201.106 --dport 4044 -i $EXT_IF -o $INT_IF -j ACCEPT $IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 5800 -i $EXT_IF -j DNAT --to 10.201.201.131:5800 $IPTABLES -A FORWARD -p tcp -d 10.201.201.131 --dport 5800 -i $EXT_IF -o $INT_IF -j ACCEPT $IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 5901 -i $EXT_IF -j DNAT --to 10.201.201.131:5901 $IPTABLES -A FORWARD -p tcp -d 10.201.201.131 --dport 5901 -i $EXT_IF -o $INT_IF -j ACCEPT $IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 80 -i $EXT_IF -j DNAT --to 10.201.201.132:80 $IPTABLES -A FORWARD -p tcp -d 10.201.201.132 --dport 80 -i $EXT_IF -o $INT_IF -j ACCEPT $IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 9090 -i $EXT_IF -j DNAT --to 10.201.201.132:9090 $IPTABLES -A FORWARD -p tcp -d 10.201.201.132 --dport 9090 -i $EXT_IF -o $INT_IF -j ACCEPT $IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 1433 -i $EXT_IF -j DNAT --to 10.201.201.132:1433 $IPTABLES -A FORWARD -p tcp -d 10.201.201.132 --dport 1433 -i $EXT_IF -o $INT_IF -j ACCEPT $IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 3389 -i $EXT_IF -j DNAT --to 10.201.201.132:3389 $IPTABLES -A FORWARD -p tcp -d 10.201.201.132 --dport 3389 -i $EXT_IF -o $INT_IF -j ACCEPT $IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 2000 -i $EXT_IF -j DNAT --to 10.201.201.132:2000 $IPTABLES -A FORWARD -p tcp -d 10.201.201.132 --dport 2000 -i $EXT_IF -o $INT_IF -j ACCEPT $IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 1422 -i $EXT_IF -j DNAT --to 10.201.201.132:1422 $IPTABLES -A FORWARD -p tcp -d 10.201.201.132 --dport 1422 -i $EXT_IF -o $INT_IF -j ACCEPT $IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 5900 -i $EXT_IF -j DNAT --to 10.201.201.132:5900 $IPTABLES -A FORWARD -p tcp -d 10.201.201.132 --dport 5900 -i $EXT_IF -o $INT_IF -j ACCEPT $IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 4672 -i $EXT_IF -j DNAT --to 10.201.201.145:4672 $IPTABLES -A FORWARD -p tcp -d 10.201.201.145 --dport 4672 -i $EXT_IF -o $INT_IF -j ACCEPT $IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 4662 -i $EXT_IF -j DNAT --to 10.201.201.145:4662 $IPTABLES -A FORWARD -p tcp -d 10.201.201.145 --dport 4662 -i $EXT_IF -o $INT_IF -j ACCEPT ##### Chain POSTROUTING ##### # Permite qualquer conexão vinda com destino a lo e rede local para eth1 $IPTABLES -t nat -A POSTROUTING -o lo -j ACCEPT $IPTABLES -t nat -A POSTROUTING -s $LOCAL_NETWORK -o $INT_IF -j ACCEPT # É feito masquerading dos outros serviços da rede interna indo para a interface $EXT_IF # todas as portas #$IPTABLES -t nat -A POSTROUTING -s $LOCAL_NETWORK -j MASQUERADE #$IPTABLES -t nat -A POSTROUTING -s $LOCAL_NETWORK -o $EXT_IF -j MASQUERADE $IPTABLES -t nat -A POSTROUTING -s $LOCAL_NETWORK -o $EXT_IF -j SNAT --to $WAN # Qualquer outra origem de tráfego desconhecida indo para $INT_IF (conexões vindas # de $EXT_IF) são bloqueadas aqui $IPTABLES -t nat -A POSTROUTING -o $EXT_IF -d $LOCAL_NETWORK -j LOG --log-prefix "FIREWALL: SNAT unknown" #$IPTABLES -t nat -A POSTROUTING -o $EXT_IF -d $LOCAL_NETWORK -j ACCEPT $IPTABLES -t nat -A POSTROUTING -o $EXT_IF -d $LOCAL_NETWORK -j DROP # Libera o MASQUERADE E PREROUTING $IPTABLES -t nat -A POSTROUTING -o $EXT_IF -j ACCEPT $IPTABLES -t nat -A POSTROUTING -d $LOCAL_NETWORK -o $INT_IF -j ACCEPT # Registra e bloqueia qualquer outro tipo de tráfego desconhecido $IPTABLES -t nat -A POSTROUTING -j LOG --log-prefix "FIREWALL: SNAT " $IPTABLES -t nat -A POSTROUTING -j DROP ############################################### # Tabela mangle # ############################################### ##### Chain OUTPUT ##### # Define mínimo de espera para os serviços ftp, telnet, irc e DNS, isto # dará uma melhor sensação de conexão em tempo real e diminuirá o tempo # de espera para conexões que requerem resolução de nomes. $IPTABLES -t mangle -A OUTPUT -o $EXT_IF -p tcp --dport 21 -j TOS --set-tos 0x10 $IPTABLES -t mangle -A OUTPUT -o $EXT_IF -p tcp --dport 23 -j TOS --set-tos 0x10 $IPTABLES -t mangle -A OUTPUT -o $EXT_IF -p tcp --dport 6665:6668 -j TOS --set-tos 0x10 $IPTABLES -t mangle -A OUTPUT -o $EXT_IF -p udp --dport 53 -j TOS --set-tos 0x10 echo 'Firewall started!!'
# Arquivo de configuracao do sistema de controle de Banda via HTB # # Diogo Borsoi - 26/06/2006 (DEEP INFORMATICA) # ########################################################################### # # o default 30 significa q todo trafego nao especificado vai para a classe 1:30 # # Upload (WAN) tc qdisc del dev eth0 root handle 1: htb default 30 r2q 1 tc qdisc add dev eth0 root handle 1: htb default 30 r2q 1 # Download (LAN) tc qdisc del dev eth1 root handle 2: htb default 30 r2q 1 tc qdisc add dev eth1 root handle 2: htb default 30 r2q 1 # # # Alocar 2000 kbit / ceil= 3000Kbit para banda garantida = BG # 1000 kbit / ceil= 3000Kbit para banda compartilhada = BC # cria a classe raiz 1:1 com taxa de 500Kbit tc class add dev eth0 parent 1: classid 1:1 htb rate 504kbit ceil 504kbit tc class add dev eth1 parent 2: classid 2:1 htb rate 504kbit ceil 504kbit #tc class add dev eth0 parent 1: classid 1:1 htb rate 1024kbit ceil 1024kbit #tc class add dev eth1 parent 2: classid 2:1 htb rate 1024kbit ceil 1024kbit # cria a classe BG = 1:10 filha de 1:1 com taxa de 490Kbit ceil 500Kbit tc class add dev eth0 parent 1:1 classid 1:10 htb rate 480kbit ceil 504kbit tc class add dev eth1 parent 2:1 classid 2:10 htb rate 480kbit ceil 504kbit #tc class add dev eth0 parent 1:1 classid 1:10 htb rate 480kbit ceil 1024kbit #tc class add dev eth1 parent 2:1 classid 2:10 htb rate 480kbit ceil 1024kbit # cria a classe BC = 1:20 filha de 1:1 com taxa de 200Kbit ceil 3000Kbit ##tc class add dev eth0 parent 1:1 classid 1:20 htb rate 200kbit ceil 2000kbit ##tc class add dev eth1 parent 2:1 classid 2:20 htb rate 200kbit ceil 2000kbit # cria a classe DEFAULT = 1:30 filha de 1:1 com taxa de 100Kbit ceil 100Kbit tc class add dev eth0 parent 1:1 classid 1:30 htb rate 128kbit ceil 480kbit tc class add dev eth1 parent 2:1 classid 2:30 htb rate 16kbit ceil 64kbit echo "criadas classes fundamentais" ################################################################################# # # * * * BANDA G A R A N T I D A * * * # # Aqui estao todas as classes de banda garantida filhas de # # BGU = 1:10 <--- Banda Garantida Upload : vai pra internet # BGD = 2:10 <--- Banda Garantida Download: vem da internet # #----------------------------------------------------------------------------- # Nota : # Para a classe BANDA GARANTIDA - BGU e BGD : # Criar uma classe filha para cada cliente com a velocidade contratada # BGU somente usar "src, sport" # BGD somente usar "dst, dport" ################################################################################ # definicao de macros : # CLU="tc class add dev eth0 parent 1:10 classid" CLD="tc class add dev eth1 parent 2:10 classid" BGU="tc filter add dev eth0 protocol ip prio 1 parent 1:0 u32 match ip src" BGD="tc filter add dev eth1 protocol ip prio 1 parent 2:0 u32 match ip dst" BWG8="htb rate 8kbit ceil 8kbit" BWG8_32="htb rate 8kbit ceil 32kbit" BWG8_64="htb rate 8kbit ceil 64kbit" BWG8_96="htb rate 8kbit ceil 96kbit" BWG16="htb rate 16kbit ceil 16kbit" BWG16_96="htb rate 16kbit ceil 96kbit" BWG16_128="htb rate 16kbit ceil 128kbit" BWG16_256="htb rate 16kbit ceil 256kbit" BWG32="htb rate 32kbit ceil 32kbit" BWG32_64="htb rate 32kbit ceil 64kbit" BWG32_96="htb rate 32kbit ceil 96kbit" BWG32_128="htb rate 32kbit ceil 128kbit" BWG32_200="htb rate 32kbit ceil 200kbit" BWG64="htb rate 64kbit ceil 64kbit" BWG64_128="htb rate 64kbit ceil 128kbit" BWG64_200="htb rate 64kbit ceil 200kbit" BWG96="htb rate 96kbit ceil 96kbit" BWG96_200="htb rate 96kbit ceil 200kbit" BWG96_304="htb rate 96kbit ceil 304kbit" BWG96_512="htb rate 96kbit ceil 512kbit" BWG128="htb rate 128kbit ceil 128kbit" BWG128_200="htb rate 128kbit ceil 200kbit" BWG128_256="htb rate 128kbit ceil 256kbit" BWG128_384="htb rate 128kbit ceil 384kbit" BWG128_512="htb rate 128kbit ceil 512kbit" BWG192="htb rate 192kbit ceil 192kbit" BWG192_512="htb rate 192kbit ceil 512kbit" BWG200="htb rate 200kbit ceil 200kbit" BWG256="htb rate 256kbit ceil 256kbit" BWG256_304="htb rate 256kbit ceil 304kbit" BWG256_512="htb rate 256kbit ceil 512kbit" BWG304="htb rate 304kbit ceil 304kbit" BWG384="htb rate 384kbit ceil 384kbit" BWG384_512="htb rate 384kbit ceil 512kbit" BWG512="htb rate 512kbit ceil 512kbit" BWG512_640="htb rate 512kbit ceil 640kbit" BWG512_768="htb rate 512kbit ceil 768kbit" BWG512_1024="htb rate 512kbit ceil 1024kbit" BWG768="htb rate 768kbit ceil 768kbit" BWG768_1024="htb rate 768kbit ceil 1024kbit" BWG1024="htb rate 1000kbit ceil 1000kbit" BWG1250="htb rate 1250kbit ceil 1250kbit" BWG3000="htb rate 3096kbit ceil 3096kbit" EQUAL_UP="tc qdisc add dev eth0 parent" EQUAL_DOWN="tc qdisc add dev eth1 parent" #------------------------------------------------------------------------------ # ARTE GRILL = 200Kbit #------------------------------------------------------------------------------ $CLU 1:101 $BWG16_96 $CLD 2:101 $BWG16_128 $BGU 10.201.201.105 flowid 1:101 $BGD 10.201.201.105 flowid 2:101 $EQUAL_UP 1:101 handle 101: sfq perturb 10 $EQUAL_DOWN 2:101 handle 101: sfq perturb 10 #------------------------------------------------------------------------------ # BEBELO = 200Kbit #------------------------------------------------------------------------------ $CLU 1:102 $BWG16_96 $CLD 2:102 $BWG16_128 $BGU 10.201.201.108 flowid 1:102 $BGD 10.201.201.108 flowid 2:102 $EQUAL_UP 1:102 handle 102: sfq perturb 10 $EQUAL_DOWN 2:102 handle 102: sfq perturb 10 #------------------------------------------------------------------------------ # EMAX 002 = 200Kbit #------------------------------------------------------------------------------ $CLU 1:103 $BWG16_96 $CLD 2:103 $BWG16_128 $BGU 10.201.201.109 flowid 1:103 $BGD 10.201.201.109 flowid 2:103 $EQUAL_UP 1:103 handle 103: sfq perturb 10 $EQUAL_DOWN 2:103 handle 103: sfq perturb 10 #------------------------------------------------------------------------------ # EMAX 003 = 200Kbit #------------------------------------------------------------------------------ $CLU 1:104 $BWG16_96 $CLD 2:104 $BWG16_128 $BGU 10.201.201.111 flowid 1:104 $BGD 10.201.201.111 flowid 2:104 $EQUAL_UP 1:104 handle 104: sfq perturb 10 $EQUAL_DOWN 2:104 handle 104: sfq perturb 10 #------------------------------------------------------------------------------ #CPC MARCATO = 300Kbit #------------------------------------------------------------------------------ $CLU 1:105 $BWG16_96 $CLD 2:105 $BWG16_128 $BGU 10.201.201.104 flowid 1:105 $BGD 10.201.201.104 flowid 2:105 $EQUAL_UP 1:105 handle 105: sfq perturb 10 $EQUAL_DOWN 2:105 handle 105: sfq perturb 10 #------------------------------------------------------------------------------ # ADM FERNANDO COSTA = 200Kbit #------------------------------------------------------------------------------ $CLU 1:108 $BWG16_96 $CLD 2:108 $BWG16_128 $BGU 10.201.201.120 flowid 1:108 $BGD 10.201.201.120 flowid 2:108 $EQUAL_UP 1:108 handle 108: sfq perturb 10 $EQUAL_DOWN 2:108 handle 108: sfq perturb 10 #------------------------------------------------------------------------------ # FLOR DE IP = 200Kbit #------------------------------------------------------------------------------ $CLU 1:110 $BWG16_96 $CLD 2:110 $BWG16_128 $BGU 10.201.201.131 flowid 1:110 $BGD 10.201.201.131 flowid 2:110 $EQUAL_UP 1:110 handle 110: sfq perturb 10 $EQUAL_DOWN 2:110 handle 110: sfq perturb 10 #------------------------------------------------------------------------------ # TOYO = 200Kbit #------------------------------------------------------------------------------ $CLU 1:111 $BWG16_96 $CLD 2:111 $BWG16_128 $BGU 10.201.201.132 flowid 1:111 $BGD 10.201.201.132 flowid 2:111 $EQUAL_UP 1:111 handle 111: sfq perturb 10 $EQUAL_DOWN 2:111 handle 111: sfq perturb 10 #------------------------------------------------------------------------------ # IVD1 CURSOS = 200Kbit #------------------------------------------------------------------------------ $CLU 1:112 $BWG16_96 $CLD 2:112 $BWG16_128 $BGU 10.201.201.134 flowid 1:112 $BGD 10.201.201.134 flowid 2:112 $EQUAL_UP 1:112 handle 112: sfq perturb 10 $EQUAL_DOWN 2:112 handle 112: sfq perturb 10 #------------------------------------------------------------------------------ # VICENTE = 200Kbit #------------------------------------------------------------------------------ $CLU 1:113 $BWG16_96 $CLD 2:113 $BWG16_128 $BGU 10.201.201.135 flowid 1:113 $BGD 10.201.201.135 flowid 2:113 $EQUAL_UP 1:113 handle 113: sfq perturb 10 $EQUAL_DOWN 2:113 handle 113: sfq perturb 10 #------------------------------------------------------------------------------ # IVD2 CURSOS = 200Kbit #------------------------------------------------------------------------------ $CLU 1:114 $BWG16_96 $CLD 2:114 $BWG16_96 $BGU 10.201.201.136 flowid 1:114 $BGD 10.201.201.136 flowid 2:114 $EQUAL_UP 1:114 handle 114: sfq perturb 10 $EQUAL_DOWN 2:114 handle 114: sfq perturb 10 #------------------------------------------------------------------------------ # IVD3 CURSOS = 200Kbit #------------------------------------------------------------------------------ $CLU 1:115 $BWG16_96 $CLD 2:115 $BWG16_96 $BGU 10.201.201.137 flowid 1:115 $BGD 10.201.201.137 flowid 2:115 $EQUAL_UP 1:115 handle 115: sfq perturb 10 $EQUAL_DOWN 2:115 handle 115: sfq perturb 10 #------------------------------------------------------------------------------ # IVD4 CURSOS = 200Kbit #------------------------------------------------------------------------------ $CLU 1:116 $BWG16_96 $CLD 2:116 $BWG16_96 $BGU 10.201.201.139 flowid 1:116 $BGD 10.201.201.139 flowid 2:116 $EQUAL_UP 1:116 handle 116: sfq perturb 10 $EQUAL_DOWN 2:116 handle 116: sfq perturb 10 #------------------------------------------------------------------------------ # EMAX 001 = 200Kbit #------------------------------------------------------------------------------ $CLU 1:117 $BWG16_96 $CLD 2:117 $BWG16_128 $BGU 10.201.201.145 flowid 1:117 $BGD 10.201.201.145 flowid 2:117 $EQUAL_UP 1:117 handle 117: sfq perturb 10 $EQUAL_DOWN 2:117 handle 117: sfq perturb 10 #------------------------------------------------------------------------------ # SANTO AVENTUREIRO = 200Kbit #------------------------------------------------------------------------------ $CLU 1:118 $BWG16_96 $CLD 2:118 $BWG16_128 $BGU 10.201.201.140 flowid 1:118 $BGD 10.201.201.140 flowid 2:118 $EQUAL_UP 1:118 handle 118: sfq perturb 10 $EQUAL_DOWN 2:118 handle 118: sfq perturb 10 #------------------------------------------------------------------------------ # IVD CURSOS IGOR = 200Kbit #------------------------------------------------------------------------------ $CLU 1:119 $BWG16_96 $CLD 2:119 $BWG16_128 $BGU 10.201.201.141 flowid 1:119 $BGD 10.201.201.141 flowid 2:119 $EQUAL_UP 1:119 handle 119: sfq perturb 10 $EQUAL_DOWN 2:119 handle 119: sfq perturb 10 #------------------------------------------------------------------------------ # LAN HOUSE = 500Kbit #------------------------------------------------------------------------------ $CLU 1:120 $BWG32_200 $CLD 2:120 $BWG96_304 $BGU 10.201.201.142 flowid 1:120 $BGD 10.201.201.142 flowid 2:120 $EQUAL_UP 1:120 handle 120: sfq perturb 10 $EQUAL_DOWN 2:120 handle 120: sfq perturb 10 #------------------------------------------------------------------------------ # IEDA COTRIM = 200Kbit #------------------------------------------------------------------------------ $CLU 1:121 $BWG16_96 $CLD 2:121 $BWG16_128 $BGU 10.201.201.106 flowid 1:121 $BGD 10.201.201.106 flowid 2:121 $EQUAL_UP 1:121 handle 121: sfq perturb 10 $EQUAL_DOWN 2:121 handle 121: sfq perturb 10 #------------------------------------------------------------------------------ # PROI = 200Kbit #------------------------------------------------------------------------------ $CLU 1:122 $BWG16_96 $CLD 2:122 $BWG16_128 $BGU 10.201.201.125 flowid 1:122 $BGD 10.201.201.125 flowid 2:122 $EQUAL_UP 1:122 handle 122: sfq perturb 10 $EQUAL_DOWN 2:122 handle 122: sfq perturb 10 #------------------------------------------------------------------------------ # ACADEMIA MULHER = 200Kbit #------------------------------------------------------------------------------ $CLU 1:124 $BWG16_96 $CLD 2:124 $BWG16_128 $BGU 10.201.201.128 flowid 1:124 $BGD 10.201.201.128 flowid 2:124 $EQUAL_UP 1:124 handle 124: sfq perturb 10 $EQUAL_DOWN 2:124 handle 124: sfq perturb 10 #------------------------------------------------------------------------------ # LINKSTONE = 200Kbit #------------------------------------------------------------------------------ $CLU 1:125 $BWG16_96 $CLD 2:125 $BWG16_128 $BGU 10.201.201.146 flowid 1:125 $BGD 10.201.201.146 flowid 2:125 $EQUAL_UP 1:125 handle 125: sfq perturb 10 $EQUAL_DOWN 2:125 handle 125: sfq perturb 10 #------------------------------------------------------------------------------ # VERA PARODI = 200Kbit #------------------------------------------------------------------------------ $CLU 1:126 $BWG16_96 $CLD 2:126 $BWG16_128 $BGU 10.201.201.148 flowid 1:126 $BGD 10.201.201.148 flowid 2:126 $EQUAL_UP 1:126 handle 126: sfq perturb 10 $EQUAL_DOWN 2:126 handle 126: sfq perturb 10 #------------------------------------------------------------------------------ # BOUTIQUE CANINA = 200Kbit #------------------------------------------------------------------------------ $CLU 1:130 $BWG16_96 $CLD 2:130 $BWG16_128 $BGU 10.201.201.153 flowid 1:130 $BGD 10.201.201.153 flowid 2:130 $EQUAL_UP 1:130 handle 130: sfq perturb 10 $EQUAL_DOWN 2:130 handle 130: sfq perturb 10 #------------------------------------------------------------------------------ # HIP 1263 = 200Kbit #------------------------------------------------------------------------------ $CLU 1:131 $BWG16_96 $CLD 2:131 $BWG16_128 $BGU 10.201.201.152 flowid 1:131 $BGD 10.201.201.152 flowid 2:131 $EQUAL_UP 1:131 handle 131: sfq perturb 10 $EQUAL_DOWN 2:131 handle 131: sfq perturb 10 #------------------------------------------------------------------------------ # IMOBILIARIA = 200Kbit #------------------------------------------------------------------------------ $CLU 1:132 $BWG16_96 $CLD 2:132 $BWG16_128 $BGU 10.201.201.154 flowid 1:132 $BGD 10.201.201.154 flowid 2:132 $EQUAL_UP 1:132 handle 132: sfq perturb 10 $EQUAL_DOWN 2:132 handle 132: sfq perturb 10 #------------------------------------------------------------------------------ # CAFE AROMA = 200Kbit #------------------------------------------------------------------------------ $CLU 1:133 $BWG16_96 $CLD 2:133 $BWG16_128 $BGU 10.201.201.155 flowid 1:133 $BGD 10.201.201.155 flowid 2:133 $EQUAL_UP 1:133 handle 133: sfq perturb 10 $EQUAL_DOWN 2:133 handle 133: sfq perturb 10 #------------------------------------------------------------------------------ # STOMPFIT = 200Kbit #------------------------------------------------------------------------------ $CLU 1:134 $BWG16_96 $CLD 2:134 $BWG16_128 $BGU 10.201.201.156 flowid 1:134 $BGD 10.201.201.156 flowid 2:134 $EQUAL_UP 1:134 handle 134: sfq perturb 10 $EQUAL_DOWN 2:134 handle 134: sfq perturb 10 #------------------------------------------------------------------------------ #CPC MARCATO2 = 300Kbit #------------------------------------------------------------------------------ $CLU 1:135 $BWG16_96 $CLD 2:135 $BWG16_128 $BGU 10.201.201.121 flowid 1:135 $BGD 10.201.201.121 flowid 2:135 $EQUAL_UP 1:136 handle 136: sfq perturb 10 $EQUAL_DOWN 2:136 handle 136: sfq perturb 10
