Pessoal, agradeço a todos pelas dicas segue abaixo o que funcional para mim
################################################################################ ############################### Definicao das Interfaces ############################ ################################################################################ if_ext="em0" if_int="em1" ################################################################################ ############################### Definicao das Redes ############################### ################################################################################ # Redes rede_1="192.168.1.0/24" rede_2="192.168.2/24" # Enderecos IP ip_nat="200.163.75.250" ################################################################################ ############################### Definicao das Listas ########################### ################################################################################ table <bruteforce> persist ################################################################################ ############################### Definicao das Opcoes ########################### ################################################################################ set limit states 40000 set ruleset-optimization basic set optimization aggressive set require-order yes set skip on lo0 ################################################################################ ################################ Normalizacao ################################## ################################################################################ scrub in all fragment reassemble random-id no-df ################################################################################ ################ Controle de Banda e Priorizacao de Pacotes #################### ################################################################################ altq on $if_ext hfsc bandwidth 2Mb queue { ustd, urede_1, urede_2 } queue ustd bandwidth 1Kb priority 0 hfsc (default realtime 1Kb upperlimit 2Kb) queue urede_1 bandwidth 1Mb priority 7 qlimit 500 hfsc (realtime 1Mb upperlimit 2Mb) queue urede_2 bandwidth 500Kb priority 7 qlimit 500 hfsc (realtime 500Kb upperlimit 1Mb) altq on $if_ext hfsc bandwidth 100Mb queue { dstd, drede_1, drede_2 } queue dstd bandwidth 1Kb priority 0 hfsc (default realtime 1Kb upperlimit 2Kb) queue drede_1 bandwidth 1Mb priority 7 qlimit 500 hfsc (realtime 1Mb upperlimit 2Mb) queue drede_2 bandwidth 500Kb priority 7 qlimit 500 hfsc (realtime 500Kb upperlimit 1Mb) ################################################################################ ################################ NAT ########################################### ################################################################################ nat on $if_ext from { $rede_gabgov } to any tag rede_1 -> $ip_nat nat on $if_ext from { $rede_cc } to any tag rede_2 -> $ip_nat ################################################################################ ################################# Antispoof ###################################### ################################################################################ antispoof for { $if_int $if_ext } ################################################################################ ############################ Regras de Filtragem ################################## ################################################################################ # Rede 1 pass in quick on $if_int inet proto tcp from $rede_1 to any modulate state label rede_1 queue drede_1 pass out quick on $if_ext inet proto tcp from $ip_nat to any tagged rede_1 modulate state label rede_1 queue urede_1 pass in quick on $if_int inet proto {udp icmp} from $rede_1 to any label rede_1 queue drede_1 pass out quick on $if_ext inet proto {udp icmp} from $ip_nat to any tagged rede_1 label rede_1 queue urede_1 # Rede 2 pass in quick on $if_int inet proto tcp from $rede_2 to any modulate state label rede_2 queue drede_2 pass out quick on $if_ext inet proto tcp from $ip_nat to any tagged rede_2 modulate state label rede_2 queue urede_2 pass in quick on $if_int inet proto {udp icmp} from $rede_1 to any label rede_1 queue drede_1 pass out quick on $if_ext inet proto {udp icmp} from $ip_nat to any tagged rede_1 label rede_1 queue urede_1 sendo assim o meu problema com o UPLOAD foi resolvido com TAG um abraço a todos 2009/11/17 Alessandro de Souza Rocha <etherlin...@gmail.com> > exemplo meu aki. > > altq on $ext_if1 bandwidth 170Kb cbq queue {cpd} > queue cpd bandwidth 170Kb cbq(default) > > > altq on $int_if bandwidth 256Kb cbq queue {local1} > queue local1 bandwidth 250Kb cbq(default) > > pass out on $ext_if1 from 192.168.0.0/24 to any keep state queue local1 > pass out on $int_if from 192.168.0.0/24 to any keep state queue cpd > > > 2009/11/16 Nenhum_de_Nos <math...@eternamente.info>: > > > > On Mon, November 16, 2009 21:03, Rogério Moura wrote: > >> 2009/11/16 Matheus Cucoloto <matheuscucol...@gmail.com> > >> > >>> altq só funciona no fluxo sainte. > >>> > >>> por este motivo faça uma adaptação nas suas regras para limitar no > fluxo > >>> de > >>> saida. > >>> > >>> exempo: > >>> > >>> para limitar o download de um pc atras do seu limitador crie uma regra > >>> na > >>> saida da interface interna ( from any to ip damaquina) > >>> > >>> para limitar o upload de um pc atras do seu limitador crie uma regra na > >>> saida da interface externa ( from ip da maquina to any) > >>> > >> Mas Matheus como vou criar a regra na interface externa se o IP da > maquina > >> já foi traduzido pelo NAT , a interface externa não conhece o IP da > minha > >> maquina > >> me corriga se estiver errado. > >> > >> valeu > > > > como uma sugestão: > > > > # só upload > > > > pass in on $int_if from $minhaRede1 to any keep state queue filaUpload1 > > > > # só download > > > > pass out on $int_if from any to $minhaRede1 keep state queue > filaDownload1 > > > > mas se tudo tá atras de nat, ninguém tem ip válido na rede para publicar > > nenhum serviço. assim, tu já podes na chegada da $int_if colocar os dois > > nas suas filas: > > > > pass in ont $int_if from $minhaRede1 to any keep state queue > > (filaDownload1, filaUpload1) > > > > alguns protocolos são chatos para entrarem nesta onda, mas já consegui > > isso :) > > > > pass in on $int_if proto tcp from any to any port { 21, 80, 443, 8080 } > > modulate state queue (in_web, out_web) > > > > e isso funciona bem comigo :) > > > > matheus > >>> > >>> Cuidado com o keep state no free 7 ele gera automaticamente mesmo que > >>> você > >>> não mensione na regra, isso as vezes pode prejudicar na formação das > >>> regras, > >>> eu uso no state porem deve de existir formas mais elegantes. > >>> > >>> > >>> > >>> > >>> > >>> 2009/11/16 Rogério Moura <roger...@gmail.com> > >>> > >>> > olá pessoal, > >>> > estou com dificuldades para limitar o upload aqui na rede, ja fiz > >>> pesquina > >>> > no google e aqui mesmo na lista, achei algumas dicas mas que apliquei > >>> sem > >>> > sucesso. > >>> > > >>> > Meu ambiente é o seguinte, tenho uma maquina com PF fazendo NAT e > ALTQ > >>> para > >>> > um link de 34Mbps com varias redes atras dela > >>> > > >>> > ----------- > >>> > varias LANs----| P NAT |----internet > >>> > | F ALTQ| > >>> > ------------ > >>> > e gostaria de limitar x banda para cada uma dessas lans tanto para > >>> download > >>> > quanto upload, o download eu consigo mas nao o upload. > >>> > > >>> > segue minhas regras: > >>> > > >>> > # Interfaces > >>> > if_int="em0" > >>> > if_ext="em1" > >>> > > >>> > # Redes > >>> > rede_geral="10/8" > >>> > rede_1="10.20/16" > >>> > rede_2="10.50/16" > >>> > > >>> > # NAT > >>> > nat on $if_ext from $rede_geral to any -> ip_real > >>> > > >>> > > >>> > # ALTQ > >>> > > >>> > # UPLOAD > >>> > altq on $if_ext hfsc bandwidth 34Mb queue { upstnd, uprede1, uprede2 > >>> } > >>> > queue upstnd bandwidth 2Mb hfsc (default, realtime 2Mb, > >>> upperlimit > >>> > 3Mb) > >>> > queue uprede1 bandwidth 4Mb hfsc (realtime 4Mb, upperlimit > 5Mb) > >>> > queue uprede2 bandwidth 4Mb hfsc (realtime 4Mb, upperlimit > >>> 15Mb) > >>> > > >>> > > >>> > > >>> > # DOWNLOAD > >>> > altq on $if_int hfsc bandwidth 34Mb queue { dowstnd, dowrede1, > >>> dowrede2 > >>> } > >>> > queue dowstnd bandwidth 2Mb hfsc (default, realtime 2Mb, > >>> upperlimit > >>> > 3Mb) > >>> > queue dowrede1 bandwidth 4Mb hfsc (realtime 4Mb, upperlimit > >>> 5Mb) > >>> > queue dowrede2 bandwidth 4Mb hfsc (realtime 4Mb, upperlimit > >>> 15Mb) > >>> > > >>> > > >>> > # Regras > >>> > > >>> > pass in quick on $if_int from $rede_1 to any queue dowrede1 > >>> > > >>> > pass in quick on $if_int from $rede_2 to any queue dowrede2 > >>> > > >>> > > >>> > Do jeito que está descrito ai, consigo limitar o download, mas como > >>> faria > >>> > nesse ambiente pra limitar o UPLOAD? > >>> > > >>> > um abraço. > >>> > ------------------------- > >>> > Histórico: http://www.fug.com.br/historico/html/freebsd/ > >>> > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > >>> > > >>> > >>> > >>> > >>> -- > >>> ----------------------------------------------- > >>> Matheus Cucoloto > >>> Unix Expertise > >>> Voip Expertise > >>> > >>> WiTec - Wi Telecom > >>> Fix: +55 44 36194203 > >>> Cel: +55 44 99216200 > >>> Sip: sip://1...@sipwicne1.grupoirapida.com.br > >>> ------------------------- > >>> Histórico: http://www.fug.com.br/historico/html/freebsd/ > >>> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > >>> > >> ------------------------- > >> Histórico: http://www.fug.com.br/historico/html/freebsd/ > >> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > >> > > > > > > -- > > We will call you cygnus, > > The God of balance you shall be > > > > A: Because it messes up the order in which people normally read text. > > Q: Why is top-posting such a bad thing? > > > > http://en.wikipedia.org/wiki/Posting_style > > ------------------------- > > Histórico: http://www.fug.com.br/historico/html/freebsd/ > > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > > > > > > -- > Alessandro de Souza Rocha > Administrador de Redes e Sistemas > FreeBSD-BR User #117 > Long live FreeBSD > > Powered by .... > > (__) > \\\'',) > \/ \ ^ > .\._/_) > > www.FreeBSD.org > ------------------------- > Histórico: http://www.fug.com.br/historico/html/freebsd/ > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd