Herkese merhaba, freebsd kullaniyorum, packet filter & altq'u denemek
icin openbsd kurdum, ilk olarak openbsd uzerinde kurmak ve denemek istedim,
sorunum su;
Hat kapasitesi 1Mbit olan bi kafede bu yeni server'i test etmek
istedim fakat hic tatmin edici olmadi. (Bu kafe ortaminda test ediyorum)
Galiba queue ve quick'ler de ufak bi kac sorunum var, normal hat
kullaniminda kurallar gayet guzel isliyo fakat mesela 2 tane sesli goruntulu
iletisim kurup 1 download baslatsam web sayfasi acimi 10 saniyeyi buluyor.
Benim amacým oncelik olarak 1. sirada web, 2. sirada on-line oyunlar, 3.
sirada msn ve benzeri 4. sirada v.s. protokollerde iletisimi saglamak.
Simdiden yardimlariniz icin tesekkur ederim...
(Kullandigim pf.conf dosyasi ektedir.)
Saygilarimla...
Mehmet CELIK
_________________________________________________________________
On the road to retirement? Check out MSN Life Events for advice on how to
get there! http://lifeevents.msn.com/category.aspx?cid=Retirement
ext_if="tun0"
int_if="rl0"
table <lan> {192.168.0.0/24, 127.0.0.1}
table <knight_serv> {207.38.0.0/0}
dnswwwport="{53,80,333}"
knightport="{21,15001,15002,15003,15004}"
yasakport="{25,587}"
set timeout {tcp.first 15, tcp.opening 10, tcp.closing 15, tcp.finwait 15,
tcp.closed 15}
scrub in all
altq on $ext_if cbq bandwidth 512Kb queue {dns_www, knight, genel, cikis}
queue dns_www bandwidth 60% priority 7 cbq(default)
queue knight bandwidth 10% priority 5
queue genel bandwidth 20% priority 3
queue cikis bandwidth 10% priority 2
nat on $ext_if inet from <lan> to !<lan> -> ($ext_if)
rdr pass on $int_if inet proto tcp from <lan> to !<lan> port 80 -> 127.0.0.1
port 333
pass out on $int_if inet proto {udp,tcp} from any to any keep state
pass in on $int_if inet proto {udp,tcp} from any to any keep state
pass in on $int_if inet proto tcp from any to 127.0.0.1 port 333 keep state
pass out quick on $ext_if proto icmp from <lan> to !<lan> queue dns_www
pass in quick on $ext_if proto icmp from !<lan> to <lan> queue dns_www
pass out quick on $ext_if proto {udp,tcp} from <lan> to !<lan> port
$dnswwwport keep state queue dns_www
pass in quick on $ext_if proto {udp,tcp} from !<lan> to <lan> port
$dnswwwport keep state queue dns_www
block return-icmp in quick on $ext_if inet from 127.0.0.0/8 to any
block return-icmp in quick on $ext_if inet from 192.168.0.0/16 to any
block return-icmp in quick on $ext_if inet from 172.16.0.0/12 to any
block return-icmp in quick on $ext_if inet from 10.0.0.0/8 to any
block return-icmp out quick on $ext_if inet from any to 127.0.0.0/8
block return-icmp out quick on $ext_if inet from any to 192.168.0.0/16
block return-icmp out quick on $ext_if inet from any to 172.16.0.0/12
block return-icmp out quick on $ext_if inet from any to 10.0.0.0/8
# Knight online filtre
pass out quick on $ext_if proto tcp from <lan> to <knight_serv> port
$knightport queue kinght
pass in quick on $ext_if proto tcp from <knight_serv> port $knightport to
<lan> queue knight
# Msn kamera ve download filtre
pass out quick on $ext_if proto tcp from <lan> to any port 1863 queue genel
pass in quick on $ext_if proto tcp from any port 1863 to <lan> queue genel
antispoof quick for ($int_if)
antispoof quick for ($ext_if)
pass out all queue cikis
---------------------------------------------------------------------
Cikmak icin, e-mail: [EMAIL PROTECTED]
Liste arsivi: http://lists.enderunix.org
Turkiye'nin ilk FreeBSD kitabi: http://www.acikakademi.com/freebsd.php
