Re: [FUG-BR] Erro no pf.conf - queue root_dc0 already exists on interface dc0

2007-01-26 Por tôpico Alessandro de Souza Rocha 
2007/1/26, Mauricio Bonani <[EMAIL PROTECTED]>:
> Quando você roda 'pfctl -f pf.conf' não aparece a linha onde se encontra o 
> erro?
>
>
> 2007/1/25, Cristina Fernandes Silva <[EMAIL PROTECTED]>:
> > O restante é esse.
> >
> >
> > # Fazendo o NAT
> > nat on $int_ext from $rede to any -> $int_ext
> > nat on $int_ext from  to any -> $int_ext
> > nat on $int_ext from  to any -> $int_ext
> > nat on $int_ext from  to any -> $int_ext
> > nat on $int_ext from   to any -> $int_ext
> > nat on $int_ext from   to any -> $int_int
> >
> >
> > # Redicrecionamento
> > #
> > rdr on $int_int proto tcp from any to any port 80 -> $server1 port 3128
> >
> > # ... sessão de filtragem
> >
> > # blockeando tudo por default
> > block in log on $int_ext from any to any
> >
> > # bloqueando spoof
> > antispoof for { $int_ext } inet
> >
> > # bloqueando scanners
> > block drop in quick on { $int_ext } from any os { NMAP }
> >
> > # bloqueando trafego ipv6
> > block log quick inet6
> >
> > #Liberando loopback
> > pass quick on lo0 all
> >
> > # liberando ping/traceroute
> > pass out log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state
> > pass in log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state
> >
> > # Liberando portas
> > #INCOMING
> > #TCP
> > pass in quick on $int_ext inet proto tcp from any to $int_ext port $TCP_IN 
> > flags S/SA keep state
> > #UDP
> > #pass in quick on $int_ext inet proto udp from any to $int_ext port $UDP_IN 
> > keep state
> > #PING
> > pass in quick on $int_ext inet proto icmp from any to $int_ext icmp-type 
> > $PING keep state
> >
> > pass in on $int_ext inet proto { tcp udp } from any to any port 22
> > pass in on $int_ext inet proto { tcp udp } from any to any port 21
> > pass in on $int_ext inet proto { tcp udp } from any to any port 20
> > pass in on $int_ext inet proto { tcp udp } from any to any port 25
> > pass in on $int_ext inet proto { tcp udp } from any to any port 53
> > pass in on $int_ext inet proto { tcp udp } from any to any port 80
> > pass in on $int_ext inet proto { tcp udp } from any to any port 443
> > pass in on $int_ext inet proto { tcp udp } from any to any port 110
> > pass in on $int_ext inet proto { tcp udp } from any to any port 8080
> > pass in on $int_ext inet proto { tcp udp } from any to any port 6667
> > pass in on $int_ext inet proto { tcp udp } from any to any port 6891
> > pass in on $int_ext inet proto { tcp udp } from any to any port 6893
> > pass in on $int_ext inet proto { tcp udp } from any to any port 6900
> > pass in on $int_ext inet proto { tcp udp } from any to any port 1213
> > pass in on $int_ext inet proto { tcp udp } from any to any port 1214
> > pass in on $int_ext inet proto { tcp udp } from any to any port 1832
> > pass in on $int_ext inet proto { tcp udp } from any to any port 3094
> > pass in on $int_ext inet proto { tcp udp } from any to any port 3622
> > pass in on $int_ext inet proto { tcp udp } from any to any port 2216
> > pass in on $int_ext inet proto tcp from port 20 to ($int_ext) user proxy 
> > flags S/SA keep state
> >
> > #OUTGOING
> > #EXTERNAL INTERFACE
> >
> > #TCP
> > pass out quick on $int_ext inet proto tcp from $int_ext to any port 
> > $TCP_OUT flags S/SA  keep
> > state
> >
> > #UDP
> > pass out quick on $int_ext inet proto udp from $int_ext to any port 
> > $UDP_OUT keep state
> >
> > #ICMP
> > pass out quick on $int_ext inet proto icmp from $int_ext to any icmp-type 
> > $PING keep state
> >
> > # Liberando acesso
> > pass in log on $int_ext from  to any queue baixa_in
> > pass in log on $int_ext from  to any queue bmedia_in
> > pass in log on $int_ext from  to any queue media_in
> > pass in log on $int_ext from  to any queue alta_in
> > pass in log on $int_ext from  to any queue center_in
> >
> > pass in log on $int_ext from  to any
> > pass in log on $int_ext from  to any
> > pass in log on $int_ext from  to any
> > pass in log on $int_ext from  to any
> > pass in log on $int_ext from  to any
> >
> >
> > Obrigada
> >
> >
> > Cristina
> >
> >
> > __
> > Fale com seus amigos  de graça com o novo Yahoo! Messenger
> > http://br.messenger.yahoo.com/
> > -
> > Histórico: http://www.fug.com.br/historico/html/freebsd/
> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
> >
>
>
> --
> Mauricio Bonani
> LPIC-1
> mailto:[EMAIL PROTECTED]
> -
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>
geralmente eu uso  pfctl -NRf pf.conf

-- 
Alessandro de Souza Rocha
Administrador de Redes e Sistemas
Freebsd-BR User #117
-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd

Re: [FUG-BR] Erro no pf.conf - queue root_dc0 already exists on interface dc0

2007-01-26 Por tôpico Mauricio Bonani 
Quando você roda 'pfctl -f pf.conf' não aparece a linha onde se encontra o erro?


2007/1/25, Cristina Fernandes Silva <[EMAIL PROTECTED]>:
> O restante é esse.
>
>
> # Fazendo o NAT
> nat on $int_ext from $rede to any -> $int_ext
> nat on $int_ext from  to any -> $int_ext
> nat on $int_ext from  to any -> $int_ext
> nat on $int_ext from  to any -> $int_ext
> nat on $int_ext from   to any -> $int_ext
> nat on $int_ext from   to any -> $int_int
>
>
> # Redicrecionamento
> #
> rdr on $int_int proto tcp from any to any port 80 -> $server1 port 3128
>
> # ... sessão de filtragem
>
> # blockeando tudo por default
> block in log on $int_ext from any to any
>
> # bloqueando spoof
> antispoof for { $int_ext } inet
>
> # bloqueando scanners
> block drop in quick on { $int_ext } from any os { NMAP }
>
> # bloqueando trafego ipv6
> block log quick inet6
>
> #Liberando loopback
> pass quick on lo0 all
>
> # liberando ping/traceroute
> pass out log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state
> pass in log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state
>
> # Liberando portas
> #INCOMING
> #TCP
> pass in quick on $int_ext inet proto tcp from any to $int_ext port $TCP_IN 
> flags S/SA keep state
> #UDP
> #pass in quick on $int_ext inet proto udp from any to $int_ext port $UDP_IN 
> keep state
> #PING
> pass in quick on $int_ext inet proto icmp from any to $int_ext icmp-type 
> $PING keep state
>
> pass in on $int_ext inet proto { tcp udp } from any to any port 22
> pass in on $int_ext inet proto { tcp udp } from any to any port 21
> pass in on $int_ext inet proto { tcp udp } from any to any port 20
> pass in on $int_ext inet proto { tcp udp } from any to any port 25
> pass in on $int_ext inet proto { tcp udp } from any to any port 53
> pass in on $int_ext inet proto { tcp udp } from any to any port 80
> pass in on $int_ext inet proto { tcp udp } from any to any port 443
> pass in on $int_ext inet proto { tcp udp } from any to any port 110
> pass in on $int_ext inet proto { tcp udp } from any to any port 8080
> pass in on $int_ext inet proto { tcp udp } from any to any port 6667
> pass in on $int_ext inet proto { tcp udp } from any to any port 6891
> pass in on $int_ext inet proto { tcp udp } from any to any port 6893
> pass in on $int_ext inet proto { tcp udp } from any to any port 6900
> pass in on $int_ext inet proto { tcp udp } from any to any port 1213
> pass in on $int_ext inet proto { tcp udp } from any to any port 1214
> pass in on $int_ext inet proto { tcp udp } from any to any port 1832
> pass in on $int_ext inet proto { tcp udp } from any to any port 3094
> pass in on $int_ext inet proto { tcp udp } from any to any port 3622
> pass in on $int_ext inet proto { tcp udp } from any to any port 2216
> pass in on $int_ext inet proto tcp from port 20 to ($int_ext) user proxy 
> flags S/SA keep state
>
> #OUTGOING
> #EXTERNAL INTERFACE
>
> #TCP
> pass out quick on $int_ext inet proto tcp from $int_ext to any port $TCP_OUT 
> flags S/SA  keep
> state
>
> #UDP
> pass out quick on $int_ext inet proto udp from $int_ext to any port $UDP_OUT 
> keep state
>
> #ICMP
> pass out quick on $int_ext inet proto icmp from $int_ext to any icmp-type 
> $PING keep state
>
> # Liberando acesso
> pass in log on $int_ext from  to any queue baixa_in
> pass in log on $int_ext from  to any queue bmedia_in
> pass in log on $int_ext from  to any queue media_in
> pass in log on $int_ext from  to any queue alta_in
> pass in log on $int_ext from  to any queue center_in
>
> pass in log on $int_ext from  to any
> pass in log on $int_ext from  to any
> pass in log on $int_ext from  to any
> pass in log on $int_ext from  to any
> pass in log on $int_ext from  to any
>
>
> Obrigada
>
>
> Cristina
>
>
> __
> Fale com seus amigos  de graça com o novo Yahoo! Messenger
> http://br.messenger.yahoo.com/
> -
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>


-- 
Mauricio Bonani
LPIC-1
mailto:[EMAIL PROTECTED]
-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd

Re: [FUG-BR] Erro no pf.conf - queue root_dc0 already exists on interface dc0

2007-01-25 Por tôpico Alessandro de Souza Rocha 
2007/1/25, Alessandro de Souza Rocha <[EMAIL PROTECTED]>:
> 2007/1/25, Alessandro de Souza Rocha <[EMAIL PROTECTED]>:
> > 2007/1/25, Cristina Fernandes Silva <[EMAIL PROTECTED]>:
> > > O restante é esse.
> > >
> > >
> > > # Fazendo o NAT
> > > nat on $int_ext from $rede to any -> $int_ext
> > > nat on $int_ext from  to any -> $int_ext
> > > nat on $int_ext from  to any -> $int_ext
> > > nat on $int_ext from  to any -> $int_ext
> > > nat on $int_ext from   to any -> $int_ext
> > > nat on $int_ext from   to any -> $int_int
> > >
> > >
> > > # Redicrecionamento
> > > #
> > > rdr on $int_int proto tcp from any to any port 80 -> $server1 port 3128
> > >
> > > # ... sessão de filtragem
> > >
> > > # blockeando tudo por default
> > > block in log on $int_ext from any to any
> > >
> > > # bloqueando spoof
> > > antispoof for { $int_ext } inet
> > >
> > > # bloqueando scanners
> > > block drop in quick on { $int_ext } from any os { NMAP }
> > >
> > > # bloqueando trafego ipv6
> > > block log quick inet6
> > >
> > > #Liberando loopback
> > > pass quick on lo0 all
> > >
> > > # liberando ping/traceroute
> > > pass out log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state
> > > pass in log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state
> > >
> > > # Liberando portas
> > > #INCOMING
> > > #TCP
> > > pass in quick on $int_ext inet proto tcp from any to $int_ext port 
> > > $TCP_IN flags S/SA keep state
> > > #UDP
> > > #pass in quick on $int_ext inet proto udp from any to $int_ext port 
> > > $UDP_IN keep state
> > > #PING
> > > pass in quick on $int_ext inet proto icmp from any to $int_ext icmp-type 
> > > $PING keep state
> > >
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 22
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 21
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 20
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 25
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 53
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 80
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 443
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 110
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 8080
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 6667
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 6891
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 6893
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 6900
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 1213
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 1214
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 1832
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 3094
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 3622
> > > pass in on $int_ext inet proto { tcp udp } from any to any port 2216
> > > pass in on $int_ext inet proto tcp from port 20 to ($int_ext) user proxy 
> > > flags S/SA keep state
> > >
> > > #OUTGOING
> > > #EXTERNAL INTERFACE
> > >
> > > #TCP
> > > pass out quick on $int_ext inet proto tcp from $int_ext to any port 
> > > $TCP_OUT flags S/SA  keep
> > > state
> > >
> > > #UDP
> > > pass out quick on $int_ext inet proto udp from $int_ext to any port 
> > > $UDP_OUT keep state
> > >
> > > #ICMP
> > > pass out quick on $int_ext inet proto icmp from $int_ext to any icmp-type 
> > > $PING keep state
> > >
> > > # Liberando acesso
> > > pass in log on $int_ext from  to any queue baixa_in
> > > pass in log on $int_ext from  to any queue bmedia_in
> > > pass in log on $int_ext from  to any queue media_in
> > > pass in log on $int_ext from  to any queue alta_in
> > > pass in log on $int_ext from  to any queue center_in
> > >
> > > pass in log on $int_ext from  to any
> > > pass in log on $int_ext from  to any
> > > pass in log on $int_ext from  to any
> > > pass in log on $int_ext from  to any
> > > pass in log on $int_ext from  to any
> > >
> > >
> > > Obrigada
> > >
> > >
> > > Cristina
> > >
> > >
> > > __
> > > Fale com seus amigos  de graça com o novo Yahoo! Messenger
> > > http://br.messenger.yahoo.com/
> > > -
> > > Histórico: http://www.fug.com.br/historico/html/freebsd/
> > > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
> > >
> > Cristina um exemplo para vc.
> >
> > altq on $ext_if bandwidth 1Mb cbq queue { dflt_out, local,wireless }
> > queue dflt_out bandwidth 5% cbq(default)
> > queue local bandwidth 50%
> > queue wireless bandwidth 40%
> >
> > altq on $int_if bandwidth 1Mb cbq queue { dflt_in, cpd, radio }
> > queue dflt_in bandwidth 10% cbq(default)
> > queue cpd 50%
> > queue radio bandwidth 40%
> >
> > pass out on $int_if from

Re: [FUG-BR] Erro no pf.conf - queue root_dc0 already exists on interface dc0

2007-01-25 Por tôpico Alessandro de Souza Rocha 
2007/1/25, Alessandro de Souza Rocha <[EMAIL PROTECTED]>:
> 2007/1/25, Cristina Fernandes Silva <[EMAIL PROTECTED]>:
> > O restante é esse.
> >
> >
> > # Fazendo o NAT
> > nat on $int_ext from $rede to any -> $int_ext
> > nat on $int_ext from  to any -> $int_ext
> > nat on $int_ext from  to any -> $int_ext
> > nat on $int_ext from  to any -> $int_ext
> > nat on $int_ext from   to any -> $int_ext
> > nat on $int_ext from   to any -> $int_int
> >
> >
> > # Redicrecionamento
> > #
> > rdr on $int_int proto tcp from any to any port 80 -> $server1 port 3128
> >
> > # ... sessão de filtragem
> >
> > # blockeando tudo por default
> > block in log on $int_ext from any to any
> >
> > # bloqueando spoof
> > antispoof for { $int_ext } inet
> >
> > # bloqueando scanners
> > block drop in quick on { $int_ext } from any os { NMAP }
> >
> > # bloqueando trafego ipv6
> > block log quick inet6
> >
> > #Liberando loopback
> > pass quick on lo0 all
> >
> > # liberando ping/traceroute
> > pass out log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state
> > pass in log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state
> >
> > # Liberando portas
> > #INCOMING
> > #TCP
> > pass in quick on $int_ext inet proto tcp from any to $int_ext port $TCP_IN 
> > flags S/SA keep state
> > #UDP
> > #pass in quick on $int_ext inet proto udp from any to $int_ext port $UDP_IN 
> > keep state
> > #PING
> > pass in quick on $int_ext inet proto icmp from any to $int_ext icmp-type 
> > $PING keep state
> >
> > pass in on $int_ext inet proto { tcp udp } from any to any port 22
> > pass in on $int_ext inet proto { tcp udp } from any to any port 21
> > pass in on $int_ext inet proto { tcp udp } from any to any port 20
> > pass in on $int_ext inet proto { tcp udp } from any to any port 25
> > pass in on $int_ext inet proto { tcp udp } from any to any port 53
> > pass in on $int_ext inet proto { tcp udp } from any to any port 80
> > pass in on $int_ext inet proto { tcp udp } from any to any port 443
> > pass in on $int_ext inet proto { tcp udp } from any to any port 110
> > pass in on $int_ext inet proto { tcp udp } from any to any port 8080
> > pass in on $int_ext inet proto { tcp udp } from any to any port 6667
> > pass in on $int_ext inet proto { tcp udp } from any to any port 6891
> > pass in on $int_ext inet proto { tcp udp } from any to any port 6893
> > pass in on $int_ext inet proto { tcp udp } from any to any port 6900
> > pass in on $int_ext inet proto { tcp udp } from any to any port 1213
> > pass in on $int_ext inet proto { tcp udp } from any to any port 1214
> > pass in on $int_ext inet proto { tcp udp } from any to any port 1832
> > pass in on $int_ext inet proto { tcp udp } from any to any port 3094
> > pass in on $int_ext inet proto { tcp udp } from any to any port 3622
> > pass in on $int_ext inet proto { tcp udp } from any to any port 2216
> > pass in on $int_ext inet proto tcp from port 20 to ($int_ext) user proxy 
> > flags S/SA keep state
> >
> > #OUTGOING
> > #EXTERNAL INTERFACE
> >
> > #TCP
> > pass out quick on $int_ext inet proto tcp from $int_ext to any port 
> > $TCP_OUT flags S/SA  keep
> > state
> >
> > #UDP
> > pass out quick on $int_ext inet proto udp from $int_ext to any port 
> > $UDP_OUT keep state
> >
> > #ICMP
> > pass out quick on $int_ext inet proto icmp from $int_ext to any icmp-type 
> > $PING keep state
> >
> > # Liberando acesso
> > pass in log on $int_ext from  to any queue baixa_in
> > pass in log on $int_ext from  to any queue bmedia_in
> > pass in log on $int_ext from  to any queue media_in
> > pass in log on $int_ext from  to any queue alta_in
> > pass in log on $int_ext from  to any queue center_in
> >
> > pass in log on $int_ext from  to any
> > pass in log on $int_ext from  to any
> > pass in log on $int_ext from  to any
> > pass in log on $int_ext from  to any
> > pass in log on $int_ext from  to any
> >
> >
> > Obrigada
> >
> >
> > Cristina
> >
> >
> > __
> > Fale com seus amigos  de graça com o novo Yahoo! Messenger
> > http://br.messenger.yahoo.com/
> > -
> > Histórico: http://www.fug.com.br/historico/html/freebsd/
> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
> >
> Cristina um exemplo para vc.
>
> altq on $ext_if bandwidth 1Mb cbq queue { dflt_out, local,wireless }
> queue dflt_out bandwidth 5% cbq(default)
> queue local bandwidth 50%
> queue wireless bandwidth 40%
>
> altq on $int_if bandwidth 1Mb cbq queue { dflt_in, cpd, radio }
> queue dflt_in bandwidth 10% cbq(default)
> queue cpd 50%
> queue radio bandwidth 40%
>
> pass out on $int_if from 192.168.0.0/24 to any keep state queue cpd
> pass out on $int_if from 100.100.100.0/24 to any keep state queue radio
> pass out on $ext_if from 192.168.0.0/24 to any keep state queue cpd
> pass out on $ext_if from 100.100.100.0/24 to any keep state queue radio
>
>
> --
> Alessandro de Souza Rocha
> Administrador d

Re: [FUG-BR] Erro no pf.conf - queue root_dc0 already exists on interface dc0

2007-01-25 Por tôpico Alessandro de Souza Rocha 
2007/1/25, Cristina Fernandes Silva <[EMAIL PROTECTED]>:
> O restante é esse.
>
>
> # Fazendo o NAT
> nat on $int_ext from $rede to any -> $int_ext
> nat on $int_ext from  to any -> $int_ext
> nat on $int_ext from  to any -> $int_ext
> nat on $int_ext from  to any -> $int_ext
> nat on $int_ext from   to any -> $int_ext
> nat on $int_ext from   to any -> $int_int
>
>
> # Redicrecionamento
> #
> rdr on $int_int proto tcp from any to any port 80 -> $server1 port 3128
>
> # ... sessão de filtragem
>
> # blockeando tudo por default
> block in log on $int_ext from any to any
>
> # bloqueando spoof
> antispoof for { $int_ext } inet
>
> # bloqueando scanners
> block drop in quick on { $int_ext } from any os { NMAP }
>
> # bloqueando trafego ipv6
> block log quick inet6
>
> #Liberando loopback
> pass quick on lo0 all
>
> # liberando ping/traceroute
> pass out log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state
> pass in log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state
>
> # Liberando portas
> #INCOMING
> #TCP
> pass in quick on $int_ext inet proto tcp from any to $int_ext port $TCP_IN 
> flags S/SA keep state
> #UDP
> #pass in quick on $int_ext inet proto udp from any to $int_ext port $UDP_IN 
> keep state
> #PING
> pass in quick on $int_ext inet proto icmp from any to $int_ext icmp-type 
> $PING keep state
>
> pass in on $int_ext inet proto { tcp udp } from any to any port 22
> pass in on $int_ext inet proto { tcp udp } from any to any port 21
> pass in on $int_ext inet proto { tcp udp } from any to any port 20
> pass in on $int_ext inet proto { tcp udp } from any to any port 25
> pass in on $int_ext inet proto { tcp udp } from any to any port 53
> pass in on $int_ext inet proto { tcp udp } from any to any port 80
> pass in on $int_ext inet proto { tcp udp } from any to any port 443
> pass in on $int_ext inet proto { tcp udp } from any to any port 110
> pass in on $int_ext inet proto { tcp udp } from any to any port 8080
> pass in on $int_ext inet proto { tcp udp } from any to any port 6667
> pass in on $int_ext inet proto { tcp udp } from any to any port 6891
> pass in on $int_ext inet proto { tcp udp } from any to any port 6893
> pass in on $int_ext inet proto { tcp udp } from any to any port 6900
> pass in on $int_ext inet proto { tcp udp } from any to any port 1213
> pass in on $int_ext inet proto { tcp udp } from any to any port 1214
> pass in on $int_ext inet proto { tcp udp } from any to any port 1832
> pass in on $int_ext inet proto { tcp udp } from any to any port 3094
> pass in on $int_ext inet proto { tcp udp } from any to any port 3622
> pass in on $int_ext inet proto { tcp udp } from any to any port 2216
> pass in on $int_ext inet proto tcp from port 20 to ($int_ext) user proxy 
> flags S/SA keep state
>
> #OUTGOING
> #EXTERNAL INTERFACE
>
> #TCP
> pass out quick on $int_ext inet proto tcp from $int_ext to any port $TCP_OUT 
> flags S/SA  keep
> state
>
> #UDP
> pass out quick on $int_ext inet proto udp from $int_ext to any port $UDP_OUT 
> keep state
>
> #ICMP
> pass out quick on $int_ext inet proto icmp from $int_ext to any icmp-type 
> $PING keep state
>
> # Liberando acesso
> pass in log on $int_ext from  to any queue baixa_in
> pass in log on $int_ext from  to any queue bmedia_in
> pass in log on $int_ext from  to any queue media_in
> pass in log on $int_ext from  to any queue alta_in
> pass in log on $int_ext from  to any queue center_in
>
> pass in log on $int_ext from  to any
> pass in log on $int_ext from  to any
> pass in log on $int_ext from  to any
> pass in log on $int_ext from  to any
> pass in log on $int_ext from  to any
>
>
> Obrigada
>
>
> Cristina
>
>
> __
> Fale com seus amigos  de graça com o novo Yahoo! Messenger
> http://br.messenger.yahoo.com/
> -
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>
Cristina um exemplo para vc.

altq on $ext_if bandwidth 1Mb cbq queue { dflt_out, local,wireless }
queue dflt_out bandwidth 5% cbq(default)
queue local bandwidth 50%
queue wireless bandwidth 40%

altq on $int_if bandwidth 1Mb cbq queue { dflt_in, cpd, radio }
queue dflt_in bandwidth 10% cbq(default)
queue cpd 50%
queue radio bandwidth 40%

pass out on $int_if from 192.168.0.0/24 to any keep state queue cpd
pass out on $int_if from 100.100.100.0/24 to any keep state queue radio
pass out on $ext_if from 192.168.0.0/24 to any keep state queue cpd
pass out on $ext_if from 100.100.100.0/24 to any keep state queue radio


-- 
Alessandro de Souza Rocha
Administrador de Redes e Sistemas
Freebsd-BR User #117
-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd

Re: [FUG-BR] Erro no pf.conf - queue root_dc0 already exists on interface dc0

2007-01-25 Por tôpico Cristina Fernandes Silva 
O restante é esse.


# Fazendo o NAT
nat on $int_ext from $rede to any -> $int_ext
nat on $int_ext from  to any -> $int_ext
nat on $int_ext from  to any -> $int_ext
nat on $int_ext from  to any -> $int_ext
nat on $int_ext from   to any -> $int_ext
nat on $int_ext from   to any -> $int_int


# Redicrecionamento
#
rdr on $int_int proto tcp from any to any port 80 -> $server1 port 3128

# ... sessão de filtragem

# blockeando tudo por default
block in log on $int_ext from any to any

# bloqueando spoof
antispoof for { $int_ext } inet

# bloqueando scanners
block drop in quick on { $int_ext } from any os { NMAP }

# bloqueando trafego ipv6
block log quick inet6

#Liberando loopback
pass quick on lo0 all

# liberando ping/traceroute
pass out log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state
pass in log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state

# Liberando portas
#INCOMING
#TCP
pass in quick on $int_ext inet proto tcp from any to $int_ext port $TCP_IN 
flags S/SA keep state
#UDP
#pass in quick on $int_ext inet proto udp from any to $int_ext port $UDP_IN 
keep state
#PING
pass in quick on $int_ext inet proto icmp from any to $int_ext icmp-type $PING 
keep state

pass in on $int_ext inet proto { tcp udp } from any to any port 22
pass in on $int_ext inet proto { tcp udp } from any to any port 21
pass in on $int_ext inet proto { tcp udp } from any to any port 20
pass in on $int_ext inet proto { tcp udp } from any to any port 25
pass in on $int_ext inet proto { tcp udp } from any to any port 53
pass in on $int_ext inet proto { tcp udp } from any to any port 80
pass in on $int_ext inet proto { tcp udp } from any to any port 443
pass in on $int_ext inet proto { tcp udp } from any to any port 110
pass in on $int_ext inet proto { tcp udp } from any to any port 8080
pass in on $int_ext inet proto { tcp udp } from any to any port 6667
pass in on $int_ext inet proto { tcp udp } from any to any port 6891
pass in on $int_ext inet proto { tcp udp } from any to any port 6893
pass in on $int_ext inet proto { tcp udp } from any to any port 6900
pass in on $int_ext inet proto { tcp udp } from any to any port 1213
pass in on $int_ext inet proto { tcp udp } from any to any port 1214
pass in on $int_ext inet proto { tcp udp } from any to any port 1832
pass in on $int_ext inet proto { tcp udp } from any to any port 3094
pass in on $int_ext inet proto { tcp udp } from any to any port 3622
pass in on $int_ext inet proto { tcp udp } from any to any port 2216
pass in on $int_ext inet proto tcp from port 20 to ($int_ext) user proxy flags 
S/SA keep state

#OUTGOING
#EXTERNAL INTERFACE

#TCP
pass out quick on $int_ext inet proto tcp from $int_ext to any port $TCP_OUT 
flags S/SA  keep
state

#UDP
pass out quick on $int_ext inet proto udp from $int_ext to any port $UDP_OUT 
keep state

#ICMP
pass out quick on $int_ext inet proto icmp from $int_ext to any icmp-type $PING 
keep state

# Liberando acesso
pass in log on $int_ext from  to any queue baixa_in
pass in log on $int_ext from  to any queue bmedia_in
pass in log on $int_ext from  to any queue media_in
pass in log on $int_ext from  to any queue alta_in
pass in log on $int_ext from  to any queue center_in

pass in log on $int_ext from  to any  
pass in log on $int_ext from  to any
pass in log on $int_ext from  to any
pass in log on $int_ext from  to any  
pass in log on $int_ext from  to any


Obrigada


Cristina


__
Fale com seus amigos  de graça com o novo Yahoo! Messenger 
http://br.messenger.yahoo.com/ 
-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd

Re: [FUG-BR] Erro no pf.conf - queue root_dc0 already exists on interface dc0

2007-01-25 Por tôpico Mauricio Bonani 
Isso já é um erro nas regras de filtragem.

Como você não mandou o arquivo completo não tem como te ajudar.

Em 25/01/07, Cristina Fernandes Silva<[EMAIL PROTECTED]> escreveu:
> eu retirei e apresentou isso
>
> pfctl: DIOCADDRULE: Address family not supported by protocol family
>
>
> --- Mauricio Bonani <[EMAIL PROTECTED]> escreveu:
>
> > Você está criando filas duas vezes na mesma interface:
> >
> > altq on $int_ext cbq bandwidth $uplo queue  { baixa bmedia media alta 
> > center }
> > altq on $int_ext cbq bandwidth $down queue  { baixa_in bmedia_in
> > media_in alta_in center_in }
> >
> > Num dos casos não seria 'altq on $int_int'?
> >
> > Em 25/01/07, Cristina Fernandes Silva<[EMAIL PROTECTED]> escreveu:
> > > Pessoal,
> > >
> > > estou com erro ao instalar um controle de banda usando o PF. o erro é 
> > > este ao digitar
> > >
> > > pfctl -f pf.conf
> > >
> > > queue root_dc0 already exists on interface dc0
> > > pfctl: DIOCADDALTQ: Invalid argument
> > >
> > > pfctl -nf pf.conf
> > > queue root_dc0 already exists on interface dc0
> > > pfctl: the sum of the child bandwidth higher than parent "root_dc0"
> > > pfctl: the sum of the child bandwidth higher than parent "root_dc0"
> > >
> > > andei olhando a lista encontrei este erro, porem segundo ocorre quando a 
> > > soma do bandwith das
> > > filas filho ultrapassam o bandwith da fila pai, porem nas minhas 
> > > configurações nao ultrapasam.
> > >
> > >
> > > Eis minhas configurações
> > >
> > > no kernel
> > > ##
> > >
> > > #Opcpes para Packet Filter
> > >
> > > device  pf
> > > device  pflog
> > > device  pfsync
> > >
> > > options ALTQ
> > > options ALTQ_CBQ# Class Bases Queuing (CBQ)
> > > options ALTQ_RED# Random Early Detection (RED)
> > > options ALTQ_RIO# RED In/Out
> > > options ALTQ_HFSC   # Hierarchical Packet Scheduler (HFSC)
> > > options ALTQ_PRIQ   # Priority Queuing (PRIQ)
> > > options ALTQ_NOPCC  # Required for SMP build
> > >
> > > no rc.conf
> > > #
> > >
> > > ifconfig_dc0="inet 10.0.0.2  netmask 255.255.255.0"
> > > ifconfig_vr0="inet 172.168.0.2 netmask 255.255.255.0"
> > >
> > > pf_enable="YES"
> > > pf_rules="/etc/pf.conf"
> > > pf_flags=""
> > > pflog_enable="YES"
> > > pflog_logfile="/var/log/pflog"
> > > pflog_flags=""
> > >
> > >
> > > no pf.conf
> > > ###
> > >
> > > int_int="vr0"
> > > int_ext="dc0"
> > > rede="172.168.0.0"
> > >
> > > # Link
> > > down="2.5Mb"
> > > uplo="2.5Mb"
> > >
> > > # Habilita enfileiramento
> > > #
> > > # Upload
> > > altq on $int_ext cbq bandwidth $uplo queue  { baixa bmedia media alta 
> > > center }
> > >queue baixa   bandwidth 128Kb   cbq(default)
> > >queue bmedia  bandwidth 128Kb   priority 1
> > >queue media  bandwidth 200Kb   priority 2
> > >queue alta   bandwidth 350Kb   priority 3
> > >queue center   bandwidth 512Kb   priority 4
> > >
> > > # Download
> > > # define os parametros para as subfilas.
> > > altq on $int_ext cbq bandwidth $down queue  { baixa_in bmedia_in media_in 
> > > alta_in center_in }
> > > queue baixa_in   bandwidth 200Kb   cbq(default)
> > > queue bmedia_in bandwidth 200Kb   priority 1
> > > queue media_in  bandwidth 300Kb   priority 2
> > > queue alta_in   bandwidth 512Kb   priority 3
> > > queue center_in bandwidth 768Kb   priority 4
> > >
> > >
> > > O restante eu nao mandei, mas se for importante eu mando.
> > >
> > > obrigada
> > >
> > > Cristina
> > >
> > >
> > > __
> > > Fale com seus amigos  de graça com o novo Yahoo! Messenger
> > > http://br.messenger.yahoo.com/
> > > -
> > > Histórico: http://www.fug.com.br/historico/html/freebsd/
> > > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
> > >
> >
> >
> > --
> > Mauricio Bonani
> > LPIC-1
> > mailto:[EMAIL PROTECTED]
> > -
> > Histórico: http://www.fug.com.br/historico/html/freebsd/
> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
> >
>
>
> __
> Fale com seus amigos  de graça com o novo Yahoo! Messenger
> http://br.messenger.yahoo.com/
> -
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>


-- 
Mauricio Bonani
LPIC-1
mailto:[EMAIL PROTECTED]
-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd

Re: [FUG-BR] Erro no pf.conf - queue root_dc0 already exists on interface dc0

2007-01-25 Por tôpico Cristina Fernandes Silva 
eu retirei e apresentou isso

pfctl: DIOCADDRULE: Address family not supported by protocol family


--- Mauricio Bonani <[EMAIL PROTECTED]> escreveu:

> Você está criando filas duas vezes na mesma interface:
> 
> altq on $int_ext cbq bandwidth $uplo queue  { baixa bmedia media alta center }
> altq on $int_ext cbq bandwidth $down queue  { baixa_in bmedia_in
> media_in alta_in center_in }
> 
> Num dos casos não seria 'altq on $int_int'?
> 
> Em 25/01/07, Cristina Fernandes Silva<[EMAIL PROTECTED]> escreveu:
> > Pessoal,
> >
> > estou com erro ao instalar um controle de banda usando o PF. o erro é este 
> > ao digitar
> >
> > pfctl -f pf.conf
> >
> > queue root_dc0 already exists on interface dc0
> > pfctl: DIOCADDALTQ: Invalid argument
> >
> > pfctl -nf pf.conf
> > queue root_dc0 already exists on interface dc0
> > pfctl: the sum of the child bandwidth higher than parent "root_dc0"
> > pfctl: the sum of the child bandwidth higher than parent "root_dc0"
> >
> > andei olhando a lista encontrei este erro, porem segundo ocorre quando a 
> > soma do bandwith das
> > filas filho ultrapassam o bandwith da fila pai, porem nas minhas 
> > configurações nao ultrapasam.
> >
> >
> > Eis minhas configurações
> >
> > no kernel
> > ##
> >
> > #Opcpes para Packet Filter
> >
> > device  pf
> > device  pflog
> > device  pfsync
> >
> > options ALTQ
> > options ALTQ_CBQ# Class Bases Queuing (CBQ)
> > options ALTQ_RED# Random Early Detection (RED)
> > options ALTQ_RIO# RED In/Out
> > options ALTQ_HFSC   # Hierarchical Packet Scheduler (HFSC)
> > options ALTQ_PRIQ   # Priority Queuing (PRIQ)
> > options ALTQ_NOPCC  # Required for SMP build
> >
> > no rc.conf
> > #
> >
> > ifconfig_dc0="inet 10.0.0.2  netmask 255.255.255.0"
> > ifconfig_vr0="inet 172.168.0.2 netmask 255.255.255.0"
> >
> > pf_enable="YES"
> > pf_rules="/etc/pf.conf"
> > pf_flags=""
> > pflog_enable="YES"
> > pflog_logfile="/var/log/pflog"
> > pflog_flags=""
> >
> >
> > no pf.conf
> > ###
> >
> > int_int="vr0"
> > int_ext="dc0"
> > rede="172.168.0.0"
> >
> > # Link
> > down="2.5Mb"
> > uplo="2.5Mb"
> >
> > # Habilita enfileiramento
> > #
> > # Upload
> > altq on $int_ext cbq bandwidth $uplo queue  { baixa bmedia media alta 
> > center }
> >queue baixa   bandwidth 128Kb   cbq(default)
> >queue bmedia  bandwidth 128Kb   priority 1
> >queue media  bandwidth 200Kb   priority 2
> >queue alta   bandwidth 350Kb   priority 3
> >queue center   bandwidth 512Kb   priority 4
> >
> > # Download
> > # define os parametros para as subfilas.
> > altq on $int_ext cbq bandwidth $down queue  { baixa_in bmedia_in media_in 
> > alta_in center_in }
> > queue baixa_in   bandwidth 200Kb   cbq(default)
> > queue bmedia_in bandwidth 200Kb   priority 1
> > queue media_in  bandwidth 300Kb   priority 2
> > queue alta_in   bandwidth 512Kb   priority 3
> > queue center_in bandwidth 768Kb   priority 4
> >
> >
> > O restante eu nao mandei, mas se for importante eu mando.
> >
> > obrigada
> >
> > Cristina
> >
> >
> > __
> > Fale com seus amigos  de graça com o novo Yahoo! Messenger
> > http://br.messenger.yahoo.com/
> > -
> > Histórico: http://www.fug.com.br/historico/html/freebsd/
> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
> >
> 
> 
> -- 
> Mauricio Bonani
> LPIC-1
> mailto:[EMAIL PROTECTED]
> -
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
> 


__
Fale com seus amigos  de graça com o novo Yahoo! Messenger 
http://br.messenger.yahoo.com/ 
-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd

Re: [FUG-BR] Erro no pf.conf - queue root_dc0 already exists on interface dc0

2007-01-25 Por tôpico Mauricio Bonani 
Você está criando filas duas vezes na mesma interface:

altq on $int_ext cbq bandwidth $uplo queue  { baixa bmedia media alta center }
altq on $int_ext cbq bandwidth $down queue  { baixa_in bmedia_in
media_in alta_in center_in }

Num dos casos não seria 'altq on $int_int'?

Em 25/01/07, Cristina Fernandes Silva<[EMAIL PROTECTED]> escreveu:
> Pessoal,
>
> estou com erro ao instalar um controle de banda usando o PF. o erro é este ao 
> digitar
>
> pfctl -f pf.conf
>
> queue root_dc0 already exists on interface dc0
> pfctl: DIOCADDALTQ: Invalid argument
>
> pfctl -nf pf.conf
> queue root_dc0 already exists on interface dc0
> pfctl: the sum of the child bandwidth higher than parent "root_dc0"
> pfctl: the sum of the child bandwidth higher than parent "root_dc0"
>
> andei olhando a lista encontrei este erro, porem segundo ocorre quando a soma 
> do bandwith das
> filas filho ultrapassam o bandwith da fila pai, porem nas minhas 
> configurações nao ultrapasam.
>
>
> Eis minhas configurações
>
> no kernel
> ##
>
> #Opcpes para Packet Filter
>
> device  pf
> device  pflog
> device  pfsync
>
> options ALTQ
> options ALTQ_CBQ# Class Bases Queuing (CBQ)
> options ALTQ_RED# Random Early Detection (RED)
> options ALTQ_RIO# RED In/Out
> options ALTQ_HFSC   # Hierarchical Packet Scheduler (HFSC)
> options ALTQ_PRIQ   # Priority Queuing (PRIQ)
> options ALTQ_NOPCC  # Required for SMP build
>
> no rc.conf
> #
>
> ifconfig_dc0="inet 10.0.0.2  netmask 255.255.255.0"
> ifconfig_vr0="inet 172.168.0.2 netmask 255.255.255.0"
>
> pf_enable="YES"
> pf_rules="/etc/pf.conf"
> pf_flags=""
> pflog_enable="YES"
> pflog_logfile="/var/log/pflog"
> pflog_flags=""
>
>
> no pf.conf
> ###
>
> int_int="vr0"
> int_ext="dc0"
> rede="172.168.0.0"
>
> # Link
> down="2.5Mb"
> uplo="2.5Mb"
>
> # Habilita enfileiramento
> #
> # Upload
> altq on $int_ext cbq bandwidth $uplo queue  { baixa bmedia media alta center }
>queue baixa   bandwidth 128Kb   cbq(default)
>queue bmedia  bandwidth 128Kb   priority 1
>queue media  bandwidth 200Kb   priority 2
>queue alta   bandwidth 350Kb   priority 3
>queue center   bandwidth 512Kb   priority 4
>
> # Download
> # define os parametros para as subfilas.
> altq on $int_ext cbq bandwidth $down queue  { baixa_in bmedia_in media_in 
> alta_in center_in }
> queue baixa_in   bandwidth 200Kb   cbq(default)
> queue bmedia_in bandwidth 200Kb   priority 1
> queue media_in  bandwidth 300Kb   priority 2
> queue alta_in   bandwidth 512Kb   priority 3
> queue center_in bandwidth 768Kb   priority 4
>
>
> O restante eu nao mandei, mas se for importante eu mando.
>
> obrigada
>
> Cristina
>
>
> __
> Fale com seus amigos  de graça com o novo Yahoo! Messenger
> http://br.messenger.yahoo.com/
> -
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>


-- 
Mauricio Bonani
LPIC-1
mailto:[EMAIL PROTECTED]
-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd