Re: [FUG-BR] pf e filas

2008-05-05 Por tôpico Gilberto Villani Brito 
Tenta usando quick nas regras.

Abraços
-- 
Gilberto Villani Brito
Support Analyst - IBM
Hortolândia - SP
Brazil
gilbertovb(a)gmail.com


2008/4/26 Nenhum_de_Nos [EMAIL PROTECTED]:
 hail,

  estou apanhando aqui do pf :(

  quero basicamente organizar as filas de subida e descida.

  aqui vai o arquivo:

  altq on $ext_if bandwidth 291Kb hfsc queue { ack_dns, ack_ssh,
  ack_msn, ack_http, ack_bolo, ack_jogos }
  #   queue ackbandwidth 50% priority 7 qlimit 500 hfsc (realtime 35%)
queue ack_dnsbandwidth  7% priority 7 qlimit 500 hfsc (realtime  
 5%)
queue ack_sshbandwidth 10% priority 6 qlimit 500 hfsc
  (realtime 20%) {ssh_bulk, ssh_login}
  #queue ssh_login bandwidth 90% priority 5 qlimit 500 hfsc
  #queue ssh_bulk  bandwidth 10% priority 4 qlimit 500 hfsc
  # Jogos !
queue ack_jogos  bandwidth 20% priority 5 qlimit 500 hfsc (realtime 
 20%)
queue ack_msnbandwidth 10% priority 4 qlimit 500 hfsc (realtime 5%)
queue ack_http   bandwidth 40% priority 3 qlimit 500 hfsc (realtime 
 20%)
queue ack_bolo   bandwidth 13% priority 2 qlimit 500 hfsc (upperlimit
  50% default)

  altq on $int_if bandwidth 980Kb hfsc queue { http, ssh, dns, msn, bolo, 
 jogos }
  # Filas: http, p2p, ssh, dns, msn, bolo
   queue dns bandwidth  7% priority 7 qlimit 500 hfsc (realtime 5%)
   queue ssh bandwidth 10% priority 6 qlimit 500 hfsc (realtime 10%)
   queue msn bandwidth  5% priority 5 qlimit 500 hfsc (realtime 5%)
   queue httpbandwidth 50% priority 4 qlimit 500 hfsc (realtime 35%)
   queue jogos   bandwidth 10% priority 3 qlimit 500 hfsc (realtime 10%)
   queue bolobandwidth 18% priority 2 qlimit 500 hfsc (realtime 5% default)

  block log quick from chatos_ssh

  antispoof log quick for ($ext_if) inet
  block in on $ext_if all
  pass in on $ext_if inet proto { tcp, udp } from any to any port
  $portas keep state
  pass in on $ext_if inet proto tcp from any to any port $portas_ssh keep 
 state \
 (max-src-conn-rate 4/60 overload chatos_ssh flush global)

  #pass out on $ext_iffrom any to any  
keep state queue (ack_bolo, bolo)

  pass out on $ext_if proto { tcp, udp }  from any to any port
  $portas_msn keep state queue (ack_msn, msn)
  pass out log on $ext_if proto { tcp, udp }  from any to any port
  $portas_httpkeep state queue (ack_http, http)
  pass out on $ext_if proto { tcp, udp }  from any to any port
  $portas_jogos   keep state queue (ack_jogos, jogos)
  pass out on $ext_if proto { tcp, udp }  from any to any port 53  
keep
  state queue (ack_dns, dns)
  pass out on $ext_if proto tcp   from any to any port 22  
keep state
  queue (ack_ssh, ssh)

  pass in on $int_if all
  pass out on $int_if all

  coloquei isto tb para ver se resolvia, com ext_if e int_if.:

  pass out on $ext_if proto { tcp, udp }  from any port $portas_msn to
  any keep state queue (msn, ack_msn)
  pass out log on $ext_if proto { tcp, udp }  from any port $portas_http
  to any  keep state queue (http, ack_http)
  pass out on $ext_if proto { tcp, udp }  from any port $portas_jogos to
  any keep state queue (jogos, ack_jogos)
  pass out on $ext_if proto { tcp, udp }  from any port 53 to any  
keep
  state queue (dns, ack_dns)
  pass out on $ext_if proto tcp   from anyport 22 to any   
keep state
  queue (ssh, ack_ssh)

  se alguém puder ajudar :)

  usei logs para ver se estava mesmo passando pela regra, e está:

  20:13:51.465162 IP 18971016029.user.veloxzone.com.br.63270 
  pub2.kernel.org.http: S 2607697054:2607697054(0) win 5840 mss
  1460,sackOK,timestamp[|tcp]

  mas quando baixa o arquivo a fila em uso é a genérica :(

  agradeço antecipadamente :)

  sim, isso é um PII 333MHz com FreeBSD 6.3-p2, se ajuda :)

  matheus

  --
  We will call you cygnus,
  The God of balance you shall be
  -
  Histórico: http://www.fug.com.br/historico/html/freebsd/
  Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd

-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd

[FUG-BR] pf e filas

2008-04-27 Por tôpico Nenhum_de_Nos 
hail,

estou apanhando aqui do pf :(

quero basicamente organizar as filas de subida e descida.

aqui vai o arquivo:

altq on $ext_if bandwidth 291Kb hfsc queue { ack_dns, ack_ssh,
ack_msn, ack_http, ack_bolo, ack_jogos }
#   queue ackbandwidth 50% priority 7 qlimit 500 hfsc (realtime 35%)
   queue ack_dnsbandwidth  7% priority 7 qlimit 500 hfsc (realtime  5%)
   queue ack_sshbandwidth 10% priority 6 qlimit 500 hfsc
(realtime 20%) {ssh_bulk, ssh_login}
#queue ssh_login bandwidth 90% priority 5 qlimit 500 hfsc
#queue ssh_bulk  bandwidth 10% priority 4 qlimit 500 hfsc
# Jogos !
   queue ack_jogos  bandwidth 20% priority 5 qlimit 500 hfsc (realtime 20%)
   queue ack_msnbandwidth 10% priority 4 qlimit 500 hfsc (realtime 5%)
   queue ack_http   bandwidth 40% priority 3 qlimit 500 hfsc (realtime 20%)
   queue ack_bolo   bandwidth 13% priority 2 qlimit 500 hfsc (upperlimit
50% default)

altq on $int_if bandwidth 980Kb hfsc queue { http, ssh, dns, msn, bolo, jogos }
# Filas: http, p2p, ssh, dns, msn, bolo
  queue dns bandwidth  7% priority 7 qlimit 500 hfsc (realtime 5%)
  queue ssh bandwidth 10% priority 6 qlimit 500 hfsc (realtime 10%)
  queue msn bandwidth  5% priority 5 qlimit 500 hfsc (realtime 5%)
  queue httpbandwidth 50% priority 4 qlimit 500 hfsc (realtime 35%)
  queue jogos   bandwidth 10% priority 3 qlimit 500 hfsc (realtime 10%)
  queue bolobandwidth 18% priority 2 qlimit 500 hfsc (realtime 5% default)

block log quick from chatos_ssh

antispoof log quick for ($ext_if) inet
block in on $ext_if all
pass in on $ext_if inet proto { tcp, udp } from any to any port
$portas keep state
pass in on $ext_if inet proto tcp from any to any port $portas_ssh keep state \
(max-src-conn-rate 4/60 overload chatos_ssh flush global)

#pass out on $ext_iffrom any to any 
keep state queue (ack_bolo, bolo)

pass out on $ext_if proto { tcp, udp }  from any to any port
$portas_msn keep state queue (ack_msn, msn)
pass out log on $ext_if proto { tcp, udp }  from any to any port
$portas_httpkeep state queue (ack_http, http)
pass out on $ext_if proto { tcp, udp }  from any to any port
$portas_jogos   keep state queue (ack_jogos, jogos)
pass out on $ext_if proto { tcp, udp }  from any to any port 53 
keep
state queue (ack_dns, dns)
pass out on $ext_if proto tcp   from any to any port 22 
keep state
queue (ack_ssh, ssh)

pass in on $int_if all
pass out on $int_if all

coloquei isto tb para ver se resolvia, com ext_if e int_if.:

pass out on $ext_if proto { tcp, udp }  from any port $portas_msn to
any keep state queue (msn, ack_msn)
pass out log on $ext_if proto { tcp, udp }  from any port $portas_http
to any  keep state queue (http, ack_http)
pass out on $ext_if proto { tcp, udp }  from any port $portas_jogos to
any keep state queue (jogos, ack_jogos)
pass out on $ext_if proto { tcp, udp }  from any port 53 to any 
keep
state queue (dns, ack_dns)
pass out on $ext_if proto tcp   from anyport 22 to any  
keep state
queue (ssh, ack_ssh)

se alguém puder ajudar :)

usei logs para ver se estava mesmo passando pela regra, e está:

20:13:51.465162 IP 18971016029.user.veloxzone.com.br.63270 
pub2.kernel.org.http: S 2607697054:2607697054(0) win 5840 mss
1460,sackOK,timestamp[|tcp]

mas quando baixa o arquivo a fila em uso é a genérica :(

agradeço antecipadamente :)

sim, isso é um PII 333MHz com FreeBSD 6.3-p2, se ajuda :)

matheus

-- 
We will call you cygnus,
The God of balance you shall be
-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd