[Shorewall-users] Fwd: confirm 899689e155664d652518be9e5cdcd2f3caad64d9

fabiano stocco2 Thu, 22 Dec 2011 11:41:10 -0800

---------- Mensagem encaminhada ----------
De: fabiano stocco2 <[email protected]>
Data: 22 de dezembro de 2011 17:13
Assunto: Re: confirm 899689e155664d652518be9e5cdcd2f3caad64d9
Para: [email protected]



Boa tarde

Galera to com um problema aqui que é o seguinte.

Tenho dois link de internet. O primeiro possui 2Mbit o outro tem 4Mbit, com
isso estou montando um controle de download onde trata a entrada para a
rede como base na origem dos links de WAN, isso para min controlar certinho
a quantidade de dado trafegando por cada link. O problema que o shorewall
não consegue fazer essa regra abaixo para min:

#iptables -t mangle -A FORWARD -i eth1 -o eth3 -p tcp --sport 80 -j
CLASSIFY --set-class 3:21

O Shorewall esta tratando a regra como tcpos e não como tcfor como
esperado, com isso não funciona.

Versão shorewall-4.4.23


Segue dados
#tcdevices
#NUMBER:    IN-BANDWITH    OUT-BANDWIDTH    OPTIONS
eth1        2mbit              2mbit
eth2        4mbit             4mbit
eth3       100mbit          100mbit        classify



#tcclass
eth1                       11    10*full/100    50*full/100     1
tos=0x68/0xfc,tos=0xb8/0xfc     #Voip
eth1                       12    15*full/100    50*full/100     2
tcp-ack,tos-minimize-delay      #Conexao
eth1                       13    45*full/100    full            3
            #Dados
eth1                       14    30*full/100    50*full/100        4
default                         #Default

eth2                       11      5*full/100    50*full/100     1
tos=0x68/0xfc,tos=0xb8/0xfc     #Voip
eth2                       12      15*full/100     50*full/100    2
tcp-ack,tos-minimize-delay      #Conexao
eth2                       13      50*full/100     full            3
            #Dados
eth2                       14      30*full/100     50*full/100     4
default                         #Default

eth3:2                     -         2mbit           2mbit           1
eth3:2:20                 -        200kbit         400kbit         1
tos=0x68/0xfc,tos=0xb8/0xfc     #Voip
eth3:2:21                 -        200kbit        400kbit         2
tcp-ack,tos-minimize-delay      #Conexao
eth3:2:22                 -        1200kbit        full
3                                       #Dados
eth3:2:23                 -        400kbit         400kbit
4                    #Default

eth3:3                    -         4mbit           4mbit           1
eth3:3:30               -         200kbit        400kbit        1
tos=0x68/0xfc,tos=0xb8/0xfc     #Voip
eth3:3:31               -         500kbit        1mbit        2
tcp-ack,tos-minimize-delay      #Conexao
eth3:3:32               -         2mbit        full
3                                       #Dados
eth3:3:33               -         400kbit        full        4
default                            #Default

eth3:4                  -      400kbit         400kbit         1
        #Sem QOS


#Tcrules
######################################################################################################################
#MARK    SOURCE        DEST        PROTO    DEST    SOURCE    USER
TEST    LENGTH    TOS   CONNBYTES        HELPER
#                        PORT(S)    PORT(S)
#############################UPLOAD
WAN##########################################
#Conexao
12      172.16.0.0/16    0.0.0.0/0       icmp    echo-request,echo-reply
12    172.16.0.0/16    0.0.0.0/0    udp     53
12    172.16.0.0/16    0.0.0.0/0    tcp     53

#VOIP
11      $VOIP            0.0.0.0/0    tcp     4569,5060
11      $VOIP            0.0.0.0/0    udp     4569,5060

#Dados
13    172.16.0.0/16    0.0.0.0/0       tcp
1194,22017,60179,22,3389,631,5900:5904
13    172.16.0.0/16   0.0.0.0/0    udp     1194


##############################DOWNLOAD
LInk1##########################################
##Conexao
3:21     eth1        172.16.0.0/16    icmp    echo-request,echo-reply
3:21    eth1        172.16.0.0/16    udp     53
3:21    eth1        eth3        tcp     -    53,80
3:21    eth1        eth3          tcp     53,80

#VOIP
3:20    eth1        $SOUNDWAVE1     tcp     4569,5060
3:20    eth1               $SOUNDWAVE1     udp     4569,5060

#Dados
3:22    eth1               172.16.0.0/16    tcp
1194,22017,389,60179,22,3389,631,5900:5904,9102,9103
3:22    eth1               172.16.0.0/16    udp     1194,389,161

##############################DOWNLOAD
Link1###########################################################
##Conexao
3:31    eth2            172.16.0.0/16   icmp    echo-request,echo-reply
3:31    eth2            172.16.0.0/16   udp     53
3:31    eth2            172.16.0.0/16   tcp     53

#VOIP
3:30    eth2           $VOIP     tcp     4569,5060
3:30    eth2           $VOIP     udp     4569,5060

##Dados
3:32    eth2           172.16.0.0/16    tcp
1194,22017,389,60179,22,3389,631,5900:5904,9102,9103
3:32    eth2           172.16.0.0/16   udp     1194,389,161

#CONTINUE 0.0.0.0/0      0.0.0.0/0       all        -             -
-         !0
##Sem QoS
3:4     $FW           172.16.0.0/16       tcp
22,9102,9103,3128,60179,389

Desde já obrigado

Fabiano Stocco




-- 
*Fabiano Stocco**
**Sysadmin*
Agro Industrial Parati Ltda - Averama
44-3672-8000
44-8444-6635**

------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create 
new or port existing apps to sell to consumers worldwide. Explore the 
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev

_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users

[Shorewall-users] Fwd: confirm 899689e155664d652518be9e5cdcd2f3caad64d9

Reply via email to