Re: [FUG-BR] Erro no pf.conf - queue root_dc0 already exists on interface dc0
Quando você roda 'pfctl -f pf.conf' não aparece a linha onde se encontra o erro?
2007/1/25, Cristina Fernandes Silva [EMAIL PROTECTED]:
O restante é esse.
# Fazendo o NAT
nat on $int_ext from $rede to any - $int_ext
nat on $int_ext from baixa to any - $int_ext
nat on $int_ext from bmedia to any - $int_ext
nat on $int_ext from media to any - $int_ext
nat on $int_ext from alta to any - $int_ext
nat on $int_ext from center to any - $int_int
# Redicrecionamento
#
rdr on $int_int proto tcp from any to any port 80 - $server1 port 3128
# ... sessão de filtragem
# blockeando tudo por default
block in log on $int_ext from any to any
# bloqueando spoof
antispoof for { $int_ext } inet
# bloqueando scanners
block drop in quick on { $int_ext } from any os { NMAP }
# bloqueando trafego ipv6
block log quick inet6
#Liberando loopback
pass quick on lo0 all
# liberando ping/traceroute
pass out log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state
pass in log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state
# Liberando portas
#INCOMING
#TCP
pass in quick on $int_ext inet proto tcp from any to $int_ext port $TCP_IN
flags S/SA keep state
#UDP
#pass in quick on $int_ext inet proto udp from any to $int_ext port $UDP_IN
keep state
#PING
pass in quick on $int_ext inet proto icmp from any to $int_ext icmp-type
$PING keep state
pass in on $int_ext inet proto { tcp udp } from any to any port 22
pass in on $int_ext inet proto { tcp udp } from any to any port 21
pass in on $int_ext inet proto { tcp udp } from any to any port 20
pass in on $int_ext inet proto { tcp udp } from any to any port 25
pass in on $int_ext inet proto { tcp udp } from any to any port 53
pass in on $int_ext inet proto { tcp udp } from any to any port 80
pass in on $int_ext inet proto { tcp udp } from any to any port 443
pass in on $int_ext inet proto { tcp udp } from any to any port 110
pass in on $int_ext inet proto { tcp udp } from any to any port 8080
pass in on $int_ext inet proto { tcp udp } from any to any port 6667
pass in on $int_ext inet proto { tcp udp } from any to any port 6891
pass in on $int_ext inet proto { tcp udp } from any to any port 6893
pass in on $int_ext inet proto { tcp udp } from any to any port 6900
pass in on $int_ext inet proto { tcp udp } from any to any port 1213
pass in on $int_ext inet proto { tcp udp } from any to any port 1214
pass in on $int_ext inet proto { tcp udp } from any to any port 1832
pass in on $int_ext inet proto { tcp udp } from any to any port 3094
pass in on $int_ext inet proto { tcp udp } from any to any port 3622
pass in on $int_ext inet proto { tcp udp } from any to any port 2216
pass in on $int_ext inet proto tcp from port 20 to ($int_ext) user proxy
flags S/SA keep state
#OUTGOING
#EXTERNAL INTERFACE
#TCP
pass out quick on $int_ext inet proto tcp from $int_ext to any port $TCP_OUT
flags S/SA keep
state
#UDP
pass out quick on $int_ext inet proto udp from $int_ext to any port $UDP_OUT
keep state
#ICMP
pass out quick on $int_ext inet proto icmp from $int_ext to any icmp-type
$PING keep state
# Liberando acesso
pass in log on $int_ext from baixa to any queue baixa_in
pass in log on $int_ext from bmedia to any queue bmedia_in
pass in log on $int_ext from media to any queue media_in
pass in log on $int_ext from alta to any queue alta_in
pass in log on $int_ext from center to any queue center_in
pass in log on $int_ext from baixa to any
pass in log on $int_ext from bmedia to any
pass in log on $int_ext from media to any
pass in log on $int_ext from alta to any
pass in log on $int_ext from center to any
Obrigada
Cristina
__
Fale com seus amigos de graça com o novo Yahoo! Messenger
http://br.messenger.yahoo.com/
-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
--
Mauricio Bonani
LPIC-1
mailto:[EMAIL PROTECTED]
-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Re: [FUG-BR] Erro no pf.conf - queue root_dc0 already exists on interface dc0
2007/1/26, Mauricio Bonani [EMAIL PROTECTED]:
Quando você roda 'pfctl -f pf.conf' não aparece a linha onde se encontra o
erro?
2007/1/25, Cristina Fernandes Silva [EMAIL PROTECTED]:
O restante é esse.
# Fazendo o NAT
nat on $int_ext from $rede to any - $int_ext
nat on $int_ext from baixa to any - $int_ext
nat on $int_ext from bmedia to any - $int_ext
nat on $int_ext from media to any - $int_ext
nat on $int_ext from alta to any - $int_ext
nat on $int_ext from center to any - $int_int
# Redicrecionamento
#
rdr on $int_int proto tcp from any to any port 80 - $server1 port 3128
# ... sessão de filtragem
# blockeando tudo por default
block in log on $int_ext from any to any
# bloqueando spoof
antispoof for { $int_ext } inet
# bloqueando scanners
block drop in quick on { $int_ext } from any os { NMAP }
# bloqueando trafego ipv6
block log quick inet6
#Liberando loopback
pass quick on lo0 all
# liberando ping/traceroute
pass out log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state
pass in log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state
# Liberando portas
#INCOMING
#TCP
pass in quick on $int_ext inet proto tcp from any to $int_ext port $TCP_IN
flags S/SA keep state
#UDP
#pass in quick on $int_ext inet proto udp from any to $int_ext port $UDP_IN
keep state
#PING
pass in quick on $int_ext inet proto icmp from any to $int_ext icmp-type
$PING keep state
pass in on $int_ext inet proto { tcp udp } from any to any port 22
pass in on $int_ext inet proto { tcp udp } from any to any port 21
pass in on $int_ext inet proto { tcp udp } from any to any port 20
pass in on $int_ext inet proto { tcp udp } from any to any port 25
pass in on $int_ext inet proto { tcp udp } from any to any port 53
pass in on $int_ext inet proto { tcp udp } from any to any port 80
pass in on $int_ext inet proto { tcp udp } from any to any port 443
pass in on $int_ext inet proto { tcp udp } from any to any port 110
pass in on $int_ext inet proto { tcp udp } from any to any port 8080
pass in on $int_ext inet proto { tcp udp } from any to any port 6667
pass in on $int_ext inet proto { tcp udp } from any to any port 6891
pass in on $int_ext inet proto { tcp udp } from any to any port 6893
pass in on $int_ext inet proto { tcp udp } from any to any port 6900
pass in on $int_ext inet proto { tcp udp } from any to any port 1213
pass in on $int_ext inet proto { tcp udp } from any to any port 1214
pass in on $int_ext inet proto { tcp udp } from any to any port 1832
pass in on $int_ext inet proto { tcp udp } from any to any port 3094
pass in on $int_ext inet proto { tcp udp } from any to any port 3622
pass in on $int_ext inet proto { tcp udp } from any to any port 2216
pass in on $int_ext inet proto tcp from port 20 to ($int_ext) user proxy
flags S/SA keep state
#OUTGOING
#EXTERNAL INTERFACE
#TCP
pass out quick on $int_ext inet proto tcp from $int_ext to any port
$TCP_OUT flags S/SA keep
state
#UDP
pass out quick on $int_ext inet proto udp from $int_ext to any port
$UDP_OUT keep state
#ICMP
pass out quick on $int_ext inet proto icmp from $int_ext to any icmp-type
$PING keep state
# Liberando acesso
pass in log on $int_ext from baixa to any queue baixa_in
pass in log on $int_ext from bmedia to any queue bmedia_in
pass in log on $int_ext from media to any queue media_in
pass in log on $int_ext from alta to any queue alta_in
pass in log on $int_ext from center to any queue center_in
pass in log on $int_ext from baixa to any
pass in log on $int_ext from bmedia to any
pass in log on $int_ext from media to any
pass in log on $int_ext from alta to any
pass in log on $int_ext from center to any
Obrigada
Cristina
__
Fale com seus amigos de graça com o novo Yahoo! Messenger
http://br.messenger.yahoo.com/
-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
--
Mauricio Bonani
LPIC-1
mailto:[EMAIL PROTECTED]
-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
geralmente eu uso pfctl -NRf pf.conf
--
Alessandro de Souza Rocha
Administrador de Redes e Sistemas
Freebsd-BR User #117
-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Re: [FUG-BR] Erro no pf.conf - queue root_dc0 already exists on interface dc0
Você está criando filas duas vezes na mesma interface:
altq on $int_ext cbq bandwidth $uplo queue { baixa bmedia media alta center }
altq on $int_ext cbq bandwidth $down queue { baixa_in bmedia_in
media_in alta_in center_in }
Num dos casos não seria 'altq on $int_int'?
Em 25/01/07, Cristina Fernandes Silva[EMAIL PROTECTED] escreveu:
Pessoal,
estou com erro ao instalar um controle de banda usando o PF. o erro é este ao
digitar
pfctl -f pf.conf
queue root_dc0 already exists on interface dc0
pfctl: DIOCADDALTQ: Invalid argument
pfctl -nf pf.conf
queue root_dc0 already exists on interface dc0
pfctl: the sum of the child bandwidth higher than parent root_dc0
pfctl: the sum of the child bandwidth higher than parent root_dc0
andei olhando a lista encontrei este erro, porem segundo ocorre quando a soma
do bandwith das
filas filho ultrapassam o bandwith da fila pai, porem nas minhas
configurações nao ultrapasam.
Eis minhas configurações
no kernel
##
#Opcpes para Packet Filter
device pf
device pflog
device pfsync
options ALTQ
options ALTQ_CBQ# Class Bases Queuing (CBQ)
options ALTQ_RED# Random Early Detection (RED)
options ALTQ_RIO# RED In/Out
options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC)
options ALTQ_PRIQ # Priority Queuing (PRIQ)
options ALTQ_NOPCC # Required for SMP build
no rc.conf
#
ifconfig_dc0=inet 10.0.0.2 netmask 255.255.255.0
ifconfig_vr0=inet 172.168.0.2 netmask 255.255.255.0
pf_enable=YES
pf_rules=/etc/pf.conf
pf_flags=
pflog_enable=YES
pflog_logfile=/var/log/pflog
pflog_flags=
no pf.conf
###
int_int=vr0
int_ext=dc0
rede=172.168.0.0
# Link
down=2.5Mb
uplo=2.5Mb
# Habilita enfileiramento
#
# Upload
altq on $int_ext cbq bandwidth $uplo queue { baixa bmedia media alta center }
queue baixa bandwidth 128Kb cbq(default)
queue bmedia bandwidth 128Kb priority 1
queue media bandwidth 200Kb priority 2
queue alta bandwidth 350Kb priority 3
queue center bandwidth 512Kb priority 4
# Download
# define os parametros para as subfilas.
altq on $int_ext cbq bandwidth $down queue { baixa_in bmedia_in media_in
alta_in center_in }
queue baixa_in bandwidth 200Kb cbq(default)
queue bmedia_in bandwidth 200Kb priority 1
queue media_in bandwidth 300Kb priority 2
queue alta_in bandwidth 512Kb priority 3
queue center_in bandwidth 768Kb priority 4
O restante eu nao mandei, mas se for importante eu mando.
obrigada
Cristina
__
Fale com seus amigos de graça com o novo Yahoo! Messenger
http://br.messenger.yahoo.com/
-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
--
Mauricio Bonani
LPIC-1
mailto:[EMAIL PROTECTED]
-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Re: [FUG-BR] Erro no pf.conf - queue root_dc0 already exists on interface dc0
eu retirei e apresentou isso
pfctl: DIOCADDRULE: Address family not supported by protocol family
--- Mauricio Bonani [EMAIL PROTECTED] escreveu:
Você está criando filas duas vezes na mesma interface:
altq on $int_ext cbq bandwidth $uplo queue { baixa bmedia media alta center }
altq on $int_ext cbq bandwidth $down queue { baixa_in bmedia_in
media_in alta_in center_in }
Num dos casos não seria 'altq on $int_int'?
Em 25/01/07, Cristina Fernandes Silva[EMAIL PROTECTED] escreveu:
Pessoal,
estou com erro ao instalar um controle de banda usando o PF. o erro é este
ao digitar
pfctl -f pf.conf
queue root_dc0 already exists on interface dc0
pfctl: DIOCADDALTQ: Invalid argument
pfctl -nf pf.conf
queue root_dc0 already exists on interface dc0
pfctl: the sum of the child bandwidth higher than parent root_dc0
pfctl: the sum of the child bandwidth higher than parent root_dc0
andei olhando a lista encontrei este erro, porem segundo ocorre quando a
soma do bandwith das
filas filho ultrapassam o bandwith da fila pai, porem nas minhas
configurações nao ultrapasam.
Eis minhas configurações
no kernel
##
#Opcpes para Packet Filter
device pf
device pflog
device pfsync
options ALTQ
options ALTQ_CBQ# Class Bases Queuing (CBQ)
options ALTQ_RED# Random Early Detection (RED)
options ALTQ_RIO# RED In/Out
options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC)
options ALTQ_PRIQ # Priority Queuing (PRIQ)
options ALTQ_NOPCC # Required for SMP build
no rc.conf
#
ifconfig_dc0=inet 10.0.0.2 netmask 255.255.255.0
ifconfig_vr0=inet 172.168.0.2 netmask 255.255.255.0
pf_enable=YES
pf_rules=/etc/pf.conf
pf_flags=
pflog_enable=YES
pflog_logfile=/var/log/pflog
pflog_flags=
no pf.conf
###
int_int=vr0
int_ext=dc0
rede=172.168.0.0
# Link
down=2.5Mb
uplo=2.5Mb
# Habilita enfileiramento
#
# Upload
altq on $int_ext cbq bandwidth $uplo queue { baixa bmedia media alta
center }
queue baixa bandwidth 128Kb cbq(default)
queue bmedia bandwidth 128Kb priority 1
queue media bandwidth 200Kb priority 2
queue alta bandwidth 350Kb priority 3
queue center bandwidth 512Kb priority 4
# Download
# define os parametros para as subfilas.
altq on $int_ext cbq bandwidth $down queue { baixa_in bmedia_in media_in
alta_in center_in }
queue baixa_in bandwidth 200Kb cbq(default)
queue bmedia_in bandwidth 200Kb priority 1
queue media_in bandwidth 300Kb priority 2
queue alta_in bandwidth 512Kb priority 3
queue center_in bandwidth 768Kb priority 4
O restante eu nao mandei, mas se for importante eu mando.
obrigada
Cristina
__
Fale com seus amigos de graça com o novo Yahoo! Messenger
http://br.messenger.yahoo.com/
-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
--
Mauricio Bonani
LPIC-1
mailto:[EMAIL PROTECTED]
-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
__
Fale com seus amigos de graça com o novo Yahoo! Messenger
http://br.messenger.yahoo.com/
-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Re: [FUG-BR] Erro no pf.conf - queue root_dc0 already exists on interface dc0
Isso já é um erro nas regras de filtragem.
Como você não mandou o arquivo completo não tem como te ajudar.
Em 25/01/07, Cristina Fernandes Silva[EMAIL PROTECTED] escreveu:
eu retirei e apresentou isso
pfctl: DIOCADDRULE: Address family not supported by protocol family
--- Mauricio Bonani [EMAIL PROTECTED] escreveu:
Você está criando filas duas vezes na mesma interface:
altq on $int_ext cbq bandwidth $uplo queue { baixa bmedia media alta
center }
altq on $int_ext cbq bandwidth $down queue { baixa_in bmedia_in
media_in alta_in center_in }
Num dos casos não seria 'altq on $int_int'?
Em 25/01/07, Cristina Fernandes Silva[EMAIL PROTECTED] escreveu:
Pessoal,
estou com erro ao instalar um controle de banda usando o PF. o erro é
este ao digitar
pfctl -f pf.conf
queue root_dc0 already exists on interface dc0
pfctl: DIOCADDALTQ: Invalid argument
pfctl -nf pf.conf
queue root_dc0 already exists on interface dc0
pfctl: the sum of the child bandwidth higher than parent root_dc0
pfctl: the sum of the child bandwidth higher than parent root_dc0
andei olhando a lista encontrei este erro, porem segundo ocorre quando a
soma do bandwith das
filas filho ultrapassam o bandwith da fila pai, porem nas minhas
configurações nao ultrapasam.
Eis minhas configurações
no kernel
##
#Opcpes para Packet Filter
device pf
device pflog
device pfsync
options ALTQ
options ALTQ_CBQ# Class Bases Queuing (CBQ)
options ALTQ_RED# Random Early Detection (RED)
options ALTQ_RIO# RED In/Out
options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC)
options ALTQ_PRIQ # Priority Queuing (PRIQ)
options ALTQ_NOPCC # Required for SMP build
no rc.conf
#
ifconfig_dc0=inet 10.0.0.2 netmask 255.255.255.0
ifconfig_vr0=inet 172.168.0.2 netmask 255.255.255.0
pf_enable=YES
pf_rules=/etc/pf.conf
pf_flags=
pflog_enable=YES
pflog_logfile=/var/log/pflog
pflog_flags=
no pf.conf
###
int_int=vr0
int_ext=dc0
rede=172.168.0.0
# Link
down=2.5Mb
uplo=2.5Mb
# Habilita enfileiramento
#
# Upload
altq on $int_ext cbq bandwidth $uplo queue { baixa bmedia media alta
center }
queue baixa bandwidth 128Kb cbq(default)
queue bmedia bandwidth 128Kb priority 1
queue media bandwidth 200Kb priority 2
queue alta bandwidth 350Kb priority 3
queue center bandwidth 512Kb priority 4
# Download
# define os parametros para as subfilas.
altq on $int_ext cbq bandwidth $down queue { baixa_in bmedia_in media_in
alta_in center_in }
queue baixa_in bandwidth 200Kb cbq(default)
queue bmedia_in bandwidth 200Kb priority 1
queue media_in bandwidth 300Kb priority 2
queue alta_in bandwidth 512Kb priority 3
queue center_in bandwidth 768Kb priority 4
O restante eu nao mandei, mas se for importante eu mando.
obrigada
Cristina
__
Fale com seus amigos de graça com o novo Yahoo! Messenger
http://br.messenger.yahoo.com/
-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
--
Mauricio Bonani
LPIC-1
mailto:[EMAIL PROTECTED]
-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
__
Fale com seus amigos de graça com o novo Yahoo! Messenger
http://br.messenger.yahoo.com/
-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
--
Mauricio Bonani
LPIC-1
mailto:[EMAIL PROTECTED]
-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Re: [FUG-BR] Erro no pf.conf - queue root_dc0 already exists on interface dc0
O restante é esse.
# Fazendo o NAT
nat on $int_ext from $rede to any - $int_ext
nat on $int_ext from baixa to any - $int_ext
nat on $int_ext from bmedia to any - $int_ext
nat on $int_ext from media to any - $int_ext
nat on $int_ext from alta to any - $int_ext
nat on $int_ext from center to any - $int_int
# Redicrecionamento
#
rdr on $int_int proto tcp from any to any port 80 - $server1 port 3128
# ... sessão de filtragem
# blockeando tudo por default
block in log on $int_ext from any to any
# bloqueando spoof
antispoof for { $int_ext } inet
# bloqueando scanners
block drop in quick on { $int_ext } from any os { NMAP }
# bloqueando trafego ipv6
block log quick inet6
#Liberando loopback
pass quick on lo0 all
# liberando ping/traceroute
pass out log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state
pass in log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state
# Liberando portas
#INCOMING
#TCP
pass in quick on $int_ext inet proto tcp from any to $int_ext port $TCP_IN
flags S/SA keep state
#UDP
#pass in quick on $int_ext inet proto udp from any to $int_ext port $UDP_IN
keep state
#PING
pass in quick on $int_ext inet proto icmp from any to $int_ext icmp-type $PING
keep state
pass in on $int_ext inet proto { tcp udp } from any to any port 22
pass in on $int_ext inet proto { tcp udp } from any to any port 21
pass in on $int_ext inet proto { tcp udp } from any to any port 20
pass in on $int_ext inet proto { tcp udp } from any to any port 25
pass in on $int_ext inet proto { tcp udp } from any to any port 53
pass in on $int_ext inet proto { tcp udp } from any to any port 80
pass in on $int_ext inet proto { tcp udp } from any to any port 443
pass in on $int_ext inet proto { tcp udp } from any to any port 110
pass in on $int_ext inet proto { tcp udp } from any to any port 8080
pass in on $int_ext inet proto { tcp udp } from any to any port 6667
pass in on $int_ext inet proto { tcp udp } from any to any port 6891
pass in on $int_ext inet proto { tcp udp } from any to any port 6893
pass in on $int_ext inet proto { tcp udp } from any to any port 6900
pass in on $int_ext inet proto { tcp udp } from any to any port 1213
pass in on $int_ext inet proto { tcp udp } from any to any port 1214
pass in on $int_ext inet proto { tcp udp } from any to any port 1832
pass in on $int_ext inet proto { tcp udp } from any to any port 3094
pass in on $int_ext inet proto { tcp udp } from any to any port 3622
pass in on $int_ext inet proto { tcp udp } from any to any port 2216
pass in on $int_ext inet proto tcp from port 20 to ($int_ext) user proxy flags
S/SA keep state
#OUTGOING
#EXTERNAL INTERFACE
#TCP
pass out quick on $int_ext inet proto tcp from $int_ext to any port $TCP_OUT
flags S/SA keep
state
#UDP
pass out quick on $int_ext inet proto udp from $int_ext to any port $UDP_OUT
keep state
#ICMP
pass out quick on $int_ext inet proto icmp from $int_ext to any icmp-type $PING
keep state
# Liberando acesso
pass in log on $int_ext from baixa to any queue baixa_in
pass in log on $int_ext from bmedia to any queue bmedia_in
pass in log on $int_ext from media to any queue media_in
pass in log on $int_ext from alta to any queue alta_in
pass in log on $int_ext from center to any queue center_in
pass in log on $int_ext from baixa to any
pass in log on $int_ext from bmedia to any
pass in log on $int_ext from media to any
pass in log on $int_ext from alta to any
pass in log on $int_ext from center to any
Obrigada
Cristina
__
Fale com seus amigos de graça com o novo Yahoo! Messenger
http://br.messenger.yahoo.com/
-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Re: [FUG-BR] Erro no pf.conf - queue root_dc0 already exists on interface dc0
2007/1/25, Cristina Fernandes Silva [EMAIL PROTECTED]:
O restante é esse.
# Fazendo o NAT
nat on $int_ext from $rede to any - $int_ext
nat on $int_ext from baixa to any - $int_ext
nat on $int_ext from bmedia to any - $int_ext
nat on $int_ext from media to any - $int_ext
nat on $int_ext from alta to any - $int_ext
nat on $int_ext from center to any - $int_int
# Redicrecionamento
#
rdr on $int_int proto tcp from any to any port 80 - $server1 port 3128
# ... sessão de filtragem
# blockeando tudo por default
block in log on $int_ext from any to any
# bloqueando spoof
antispoof for { $int_ext } inet
# bloqueando scanners
block drop in quick on { $int_ext } from any os { NMAP }
# bloqueando trafego ipv6
block log quick inet6
#Liberando loopback
pass quick on lo0 all
# liberando ping/traceroute
pass out log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state
pass in log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state
# Liberando portas
#INCOMING
#TCP
pass in quick on $int_ext inet proto tcp from any to $int_ext port $TCP_IN
flags S/SA keep state
#UDP
#pass in quick on $int_ext inet proto udp from any to $int_ext port $UDP_IN
keep state
#PING
pass in quick on $int_ext inet proto icmp from any to $int_ext icmp-type
$PING keep state
pass in on $int_ext inet proto { tcp udp } from any to any port 22
pass in on $int_ext inet proto { tcp udp } from any to any port 21
pass in on $int_ext inet proto { tcp udp } from any to any port 20
pass in on $int_ext inet proto { tcp udp } from any to any port 25
pass in on $int_ext inet proto { tcp udp } from any to any port 53
pass in on $int_ext inet proto { tcp udp } from any to any port 80
pass in on $int_ext inet proto { tcp udp } from any to any port 443
pass in on $int_ext inet proto { tcp udp } from any to any port 110
pass in on $int_ext inet proto { tcp udp } from any to any port 8080
pass in on $int_ext inet proto { tcp udp } from any to any port 6667
pass in on $int_ext inet proto { tcp udp } from any to any port 6891
pass in on $int_ext inet proto { tcp udp } from any to any port 6893
pass in on $int_ext inet proto { tcp udp } from any to any port 6900
pass in on $int_ext inet proto { tcp udp } from any to any port 1213
pass in on $int_ext inet proto { tcp udp } from any to any port 1214
pass in on $int_ext inet proto { tcp udp } from any to any port 1832
pass in on $int_ext inet proto { tcp udp } from any to any port 3094
pass in on $int_ext inet proto { tcp udp } from any to any port 3622
pass in on $int_ext inet proto { tcp udp } from any to any port 2216
pass in on $int_ext inet proto tcp from port 20 to ($int_ext) user proxy
flags S/SA keep state
#OUTGOING
#EXTERNAL INTERFACE
#TCP
pass out quick on $int_ext inet proto tcp from $int_ext to any port $TCP_OUT
flags S/SA keep
state
#UDP
pass out quick on $int_ext inet proto udp from $int_ext to any port $UDP_OUT
keep state
#ICMP
pass out quick on $int_ext inet proto icmp from $int_ext to any icmp-type
$PING keep state
# Liberando acesso
pass in log on $int_ext from baixa to any queue baixa_in
pass in log on $int_ext from bmedia to any queue bmedia_in
pass in log on $int_ext from media to any queue media_in
pass in log on $int_ext from alta to any queue alta_in
pass in log on $int_ext from center to any queue center_in
pass in log on $int_ext from baixa to any
pass in log on $int_ext from bmedia to any
pass in log on $int_ext from media to any
pass in log on $int_ext from alta to any
pass in log on $int_ext from center to any
Obrigada
Cristina
__
Fale com seus amigos de graça com o novo Yahoo! Messenger
http://br.messenger.yahoo.com/
-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Cristina um exemplo para vc.
altq on $ext_if bandwidth 1Mb cbq queue { dflt_out, local,wireless }
queue dflt_out bandwidth 5% cbq(default)
queue local bandwidth 50%
queue wireless bandwidth 40%
altq on $int_if bandwidth 1Mb cbq queue { dflt_in, cpd, radio }
queue dflt_in bandwidth 10% cbq(default)
queue cpd 50%
queue radio bandwidth 40%
pass out on $int_if from 192.168.0.0/24 to any keep state queue cpd
pass out on $int_if from 100.100.100.0/24 to any keep state queue radio
pass out on $ext_if from 192.168.0.0/24 to any keep state queue cpd
pass out on $ext_if from 100.100.100.0/24 to any keep state queue radio
--
Alessandro de Souza Rocha
Administrador de Redes e Sistemas
Freebsd-BR User #117
-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Re: [FUG-BR] Erro no pf.conf - queue root_dc0 already exists on interface dc0
2007/1/25, Alessandro de Souza Rocha [EMAIL PROTECTED]:
2007/1/25, Cristina Fernandes Silva [EMAIL PROTECTED]:
O restante é esse.
# Fazendo o NAT
nat on $int_ext from $rede to any - $int_ext
nat on $int_ext from baixa to any - $int_ext
nat on $int_ext from bmedia to any - $int_ext
nat on $int_ext from media to any - $int_ext
nat on $int_ext from alta to any - $int_ext
nat on $int_ext from center to any - $int_int
# Redicrecionamento
#
rdr on $int_int proto tcp from any to any port 80 - $server1 port 3128
# ... sessão de filtragem
# blockeando tudo por default
block in log on $int_ext from any to any
# bloqueando spoof
antispoof for { $int_ext } inet
# bloqueando scanners
block drop in quick on { $int_ext } from any os { NMAP }
# bloqueando trafego ipv6
block log quick inet6
#Liberando loopback
pass quick on lo0 all
# liberando ping/traceroute
pass out log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state
pass in log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state
# Liberando portas
#INCOMING
#TCP
pass in quick on $int_ext inet proto tcp from any to $int_ext port $TCP_IN
flags S/SA keep state
#UDP
#pass in quick on $int_ext inet proto udp from any to $int_ext port $UDP_IN
keep state
#PING
pass in quick on $int_ext inet proto icmp from any to $int_ext icmp-type
$PING keep state
pass in on $int_ext inet proto { tcp udp } from any to any port 22
pass in on $int_ext inet proto { tcp udp } from any to any port 21
pass in on $int_ext inet proto { tcp udp } from any to any port 20
pass in on $int_ext inet proto { tcp udp } from any to any port 25
pass in on $int_ext inet proto { tcp udp } from any to any port 53
pass in on $int_ext inet proto { tcp udp } from any to any port 80
pass in on $int_ext inet proto { tcp udp } from any to any port 443
pass in on $int_ext inet proto { tcp udp } from any to any port 110
pass in on $int_ext inet proto { tcp udp } from any to any port 8080
pass in on $int_ext inet proto { tcp udp } from any to any port 6667
pass in on $int_ext inet proto { tcp udp } from any to any port 6891
pass in on $int_ext inet proto { tcp udp } from any to any port 6893
pass in on $int_ext inet proto { tcp udp } from any to any port 6900
pass in on $int_ext inet proto { tcp udp } from any to any port 1213
pass in on $int_ext inet proto { tcp udp } from any to any port 1214
pass in on $int_ext inet proto { tcp udp } from any to any port 1832
pass in on $int_ext inet proto { tcp udp } from any to any port 3094
pass in on $int_ext inet proto { tcp udp } from any to any port 3622
pass in on $int_ext inet proto { tcp udp } from any to any port 2216
pass in on $int_ext inet proto tcp from port 20 to ($int_ext) user proxy
flags S/SA keep state
#OUTGOING
#EXTERNAL INTERFACE
#TCP
pass out quick on $int_ext inet proto tcp from $int_ext to any port
$TCP_OUT flags S/SA keep
state
#UDP
pass out quick on $int_ext inet proto udp from $int_ext to any port
$UDP_OUT keep state
#ICMP
pass out quick on $int_ext inet proto icmp from $int_ext to any icmp-type
$PING keep state
# Liberando acesso
pass in log on $int_ext from baixa to any queue baixa_in
pass in log on $int_ext from bmedia to any queue bmedia_in
pass in log on $int_ext from media to any queue media_in
pass in log on $int_ext from alta to any queue alta_in
pass in log on $int_ext from center to any queue center_in
pass in log on $int_ext from baixa to any
pass in log on $int_ext from bmedia to any
pass in log on $int_ext from media to any
pass in log on $int_ext from alta to any
pass in log on $int_ext from center to any
Obrigada
Cristina
__
Fale com seus amigos de graça com o novo Yahoo! Messenger
http://br.messenger.yahoo.com/
-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Cristina um exemplo para vc.
altq on $ext_if bandwidth 1Mb cbq queue { dflt_out, local,wireless }
queue dflt_out bandwidth 5% cbq(default)
queue local bandwidth 50%
queue wireless bandwidth 40%
altq on $int_if bandwidth 1Mb cbq queue { dflt_in, cpd, radio }
queue dflt_in bandwidth 10% cbq(default)
queue cpd 50%
queue radio bandwidth 40%
pass out on $int_if from 192.168.0.0/24 to any keep state queue cpd
pass out on $int_if from 100.100.100.0/24 to any keep state queue radio
pass out on $ext_if from 192.168.0.0/24 to any keep state queue cpd
pass out on $ext_if from 100.100.100.0/24 to any keep state queue radio
--
Alessandro de Souza Rocha
Administrador de Redes e Sistemas
Freebsd-BR User #117
--
Alessandro de Souza Rocha
Administrador de Redes e Sistemas
Freebsd-BR User #117
-
Histórico:
Re: [FUG-BR] Erro no pf.conf - queue root_dc0 already exists on interface dc0
2007/1/25, Alessandro de Souza Rocha [EMAIL PROTECTED]:
2007/1/25, Alessandro de Souza Rocha [EMAIL PROTECTED]:
2007/1/25, Cristina Fernandes Silva [EMAIL PROTECTED]:
O restante é esse.
# Fazendo o NAT
nat on $int_ext from $rede to any - $int_ext
nat on $int_ext from baixa to any - $int_ext
nat on $int_ext from bmedia to any - $int_ext
nat on $int_ext from media to any - $int_ext
nat on $int_ext from alta to any - $int_ext
nat on $int_ext from center to any - $int_int
# Redicrecionamento
#
rdr on $int_int proto tcp from any to any port 80 - $server1 port 3128
# ... sessão de filtragem
# blockeando tudo por default
block in log on $int_ext from any to any
# bloqueando spoof
antispoof for { $int_ext } inet
# bloqueando scanners
block drop in quick on { $int_ext } from any os { NMAP }
# bloqueando trafego ipv6
block log quick inet6
#Liberando loopback
pass quick on lo0 all
# liberando ping/traceroute
pass out log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state
pass in log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state
# Liberando portas
#INCOMING
#TCP
pass in quick on $int_ext inet proto tcp from any to $int_ext port
$TCP_IN flags S/SA keep state
#UDP
#pass in quick on $int_ext inet proto udp from any to $int_ext port
$UDP_IN keep state
#PING
pass in quick on $int_ext inet proto icmp from any to $int_ext icmp-type
$PING keep state
pass in on $int_ext inet proto { tcp udp } from any to any port 22
pass in on $int_ext inet proto { tcp udp } from any to any port 21
pass in on $int_ext inet proto { tcp udp } from any to any port 20
pass in on $int_ext inet proto { tcp udp } from any to any port 25
pass in on $int_ext inet proto { tcp udp } from any to any port 53
pass in on $int_ext inet proto { tcp udp } from any to any port 80
pass in on $int_ext inet proto { tcp udp } from any to any port 443
pass in on $int_ext inet proto { tcp udp } from any to any port 110
pass in on $int_ext inet proto { tcp udp } from any to any port 8080
pass in on $int_ext inet proto { tcp udp } from any to any port 6667
pass in on $int_ext inet proto { tcp udp } from any to any port 6891
pass in on $int_ext inet proto { tcp udp } from any to any port 6893
pass in on $int_ext inet proto { tcp udp } from any to any port 6900
pass in on $int_ext inet proto { tcp udp } from any to any port 1213
pass in on $int_ext inet proto { tcp udp } from any to any port 1214
pass in on $int_ext inet proto { tcp udp } from any to any port 1832
pass in on $int_ext inet proto { tcp udp } from any to any port 3094
pass in on $int_ext inet proto { tcp udp } from any to any port 3622
pass in on $int_ext inet proto { tcp udp } from any to any port 2216
pass in on $int_ext inet proto tcp from port 20 to ($int_ext) user proxy
flags S/SA keep state
#OUTGOING
#EXTERNAL INTERFACE
#TCP
pass out quick on $int_ext inet proto tcp from $int_ext to any port
$TCP_OUT flags S/SA keep
state
#UDP
pass out quick on $int_ext inet proto udp from $int_ext to any port
$UDP_OUT keep state
#ICMP
pass out quick on $int_ext inet proto icmp from $int_ext to any icmp-type
$PING keep state
# Liberando acesso
pass in log on $int_ext from baixa to any queue baixa_in
pass in log on $int_ext from bmedia to any queue bmedia_in
pass in log on $int_ext from media to any queue media_in
pass in log on $int_ext from alta to any queue alta_in
pass in log on $int_ext from center to any queue center_in
pass in log on $int_ext from baixa to any
pass in log on $int_ext from bmedia to any
pass in log on $int_ext from media to any
pass in log on $int_ext from alta to any
pass in log on $int_ext from center to any
Obrigada
Cristina
__
Fale com seus amigos de graça com o novo Yahoo! Messenger
http://br.messenger.yahoo.com/
-
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Cristina um exemplo para vc.
altq on $ext_if bandwidth 1Mb cbq queue { dflt_out, local,wireless }
queue dflt_out bandwidth 5% cbq(default)
queue local bandwidth 50%
queue wireless bandwidth 40%
altq on $int_if bandwidth 1Mb cbq queue { dflt_in, cpd, radio }
queue dflt_in bandwidth 10% cbq(default)
queue cpd 50%
queue radio bandwidth 40%
pass out on $int_if from 192.168.0.0/24 to any keep state queue cpd
pass out on $int_if from 100.100.100.0/24 to any keep state queue radio
pass out on $ext_if from 192.168.0.0/24 to any keep state queue cpd
pass out on $ext_if from 100.100.100.0/24 to any keep state queue radio
--
Alessandro de Souza Rocha
