Re: [FUG-BR] Erro no pf.conf - queue root_dc0 already exists on interface dc0
Quando você roda 'pfctl -f pf.conf' não aparece a linha onde se encontra o erro? 2007/1/25, Cristina Fernandes Silva [EMAIL PROTECTED]: O restante é esse. # Fazendo o NAT nat on $int_ext from $rede to any - $int_ext nat on $int_ext from baixa to any - $int_ext nat on $int_ext from bmedia to any - $int_ext nat on $int_ext from media to any - $int_ext nat on $int_ext from alta to any - $int_ext nat on $int_ext from center to any - $int_int # Redicrecionamento # rdr on $int_int proto tcp from any to any port 80 - $server1 port 3128 # ... sessão de filtragem # blockeando tudo por default block in log on $int_ext from any to any # bloqueando spoof antispoof for { $int_ext } inet # bloqueando scanners block drop in quick on { $int_ext } from any os { NMAP } # bloqueando trafego ipv6 block log quick inet6 #Liberando loopback pass quick on lo0 all # liberando ping/traceroute pass out log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state pass in log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state # Liberando portas #INCOMING #TCP pass in quick on $int_ext inet proto tcp from any to $int_ext port $TCP_IN flags S/SA keep state #UDP #pass in quick on $int_ext inet proto udp from any to $int_ext port $UDP_IN keep state #PING pass in quick on $int_ext inet proto icmp from any to $int_ext icmp-type $PING keep state pass in on $int_ext inet proto { tcp udp } from any to any port 22 pass in on $int_ext inet proto { tcp udp } from any to any port 21 pass in on $int_ext inet proto { tcp udp } from any to any port 20 pass in on $int_ext inet proto { tcp udp } from any to any port 25 pass in on $int_ext inet proto { tcp udp } from any to any port 53 pass in on $int_ext inet proto { tcp udp } from any to any port 80 pass in on $int_ext inet proto { tcp udp } from any to any port 443 pass in on $int_ext inet proto { tcp udp } from any to any port 110 pass in on $int_ext inet proto { tcp udp } from any to any port 8080 pass in on $int_ext inet proto { tcp udp } from any to any port 6667 pass in on $int_ext inet proto { tcp udp } from any to any port 6891 pass in on $int_ext inet proto { tcp udp } from any to any port 6893 pass in on $int_ext inet proto { tcp udp } from any to any port 6900 pass in on $int_ext inet proto { tcp udp } from any to any port 1213 pass in on $int_ext inet proto { tcp udp } from any to any port 1214 pass in on $int_ext inet proto { tcp udp } from any to any port 1832 pass in on $int_ext inet proto { tcp udp } from any to any port 3094 pass in on $int_ext inet proto { tcp udp } from any to any port 3622 pass in on $int_ext inet proto { tcp udp } from any to any port 2216 pass in on $int_ext inet proto tcp from port 20 to ($int_ext) user proxy flags S/SA keep state #OUTGOING #EXTERNAL INTERFACE #TCP pass out quick on $int_ext inet proto tcp from $int_ext to any port $TCP_OUT flags S/SA keep state #UDP pass out quick on $int_ext inet proto udp from $int_ext to any port $UDP_OUT keep state #ICMP pass out quick on $int_ext inet proto icmp from $int_ext to any icmp-type $PING keep state # Liberando acesso pass in log on $int_ext from baixa to any queue baixa_in pass in log on $int_ext from bmedia to any queue bmedia_in pass in log on $int_ext from media to any queue media_in pass in log on $int_ext from alta to any queue alta_in pass in log on $int_ext from center to any queue center_in pass in log on $int_ext from baixa to any pass in log on $int_ext from bmedia to any pass in log on $int_ext from media to any pass in log on $int_ext from alta to any pass in log on $int_ext from center to any Obrigada Cristina __ Fale com seus amigos de graça com o novo Yahoo! Messenger http://br.messenger.yahoo.com/ - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd -- Mauricio Bonani LPIC-1 mailto:[EMAIL PROTECTED] - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Re: [FUG-BR] Erro no pf.conf - queue root_dc0 already exists on interface dc0
2007/1/26, Mauricio Bonani [EMAIL PROTECTED]: Quando você roda 'pfctl -f pf.conf' não aparece a linha onde se encontra o erro? 2007/1/25, Cristina Fernandes Silva [EMAIL PROTECTED]: O restante é esse. # Fazendo o NAT nat on $int_ext from $rede to any - $int_ext nat on $int_ext from baixa to any - $int_ext nat on $int_ext from bmedia to any - $int_ext nat on $int_ext from media to any - $int_ext nat on $int_ext from alta to any - $int_ext nat on $int_ext from center to any - $int_int # Redicrecionamento # rdr on $int_int proto tcp from any to any port 80 - $server1 port 3128 # ... sessão de filtragem # blockeando tudo por default block in log on $int_ext from any to any # bloqueando spoof antispoof for { $int_ext } inet # bloqueando scanners block drop in quick on { $int_ext } from any os { NMAP } # bloqueando trafego ipv6 block log quick inet6 #Liberando loopback pass quick on lo0 all # liberando ping/traceroute pass out log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state pass in log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state # Liberando portas #INCOMING #TCP pass in quick on $int_ext inet proto tcp from any to $int_ext port $TCP_IN flags S/SA keep state #UDP #pass in quick on $int_ext inet proto udp from any to $int_ext port $UDP_IN keep state #PING pass in quick on $int_ext inet proto icmp from any to $int_ext icmp-type $PING keep state pass in on $int_ext inet proto { tcp udp } from any to any port 22 pass in on $int_ext inet proto { tcp udp } from any to any port 21 pass in on $int_ext inet proto { tcp udp } from any to any port 20 pass in on $int_ext inet proto { tcp udp } from any to any port 25 pass in on $int_ext inet proto { tcp udp } from any to any port 53 pass in on $int_ext inet proto { tcp udp } from any to any port 80 pass in on $int_ext inet proto { tcp udp } from any to any port 443 pass in on $int_ext inet proto { tcp udp } from any to any port 110 pass in on $int_ext inet proto { tcp udp } from any to any port 8080 pass in on $int_ext inet proto { tcp udp } from any to any port 6667 pass in on $int_ext inet proto { tcp udp } from any to any port 6891 pass in on $int_ext inet proto { tcp udp } from any to any port 6893 pass in on $int_ext inet proto { tcp udp } from any to any port 6900 pass in on $int_ext inet proto { tcp udp } from any to any port 1213 pass in on $int_ext inet proto { tcp udp } from any to any port 1214 pass in on $int_ext inet proto { tcp udp } from any to any port 1832 pass in on $int_ext inet proto { tcp udp } from any to any port 3094 pass in on $int_ext inet proto { tcp udp } from any to any port 3622 pass in on $int_ext inet proto { tcp udp } from any to any port 2216 pass in on $int_ext inet proto tcp from port 20 to ($int_ext) user proxy flags S/SA keep state #OUTGOING #EXTERNAL INTERFACE #TCP pass out quick on $int_ext inet proto tcp from $int_ext to any port $TCP_OUT flags S/SA keep state #UDP pass out quick on $int_ext inet proto udp from $int_ext to any port $UDP_OUT keep state #ICMP pass out quick on $int_ext inet proto icmp from $int_ext to any icmp-type $PING keep state # Liberando acesso pass in log on $int_ext from baixa to any queue baixa_in pass in log on $int_ext from bmedia to any queue bmedia_in pass in log on $int_ext from media to any queue media_in pass in log on $int_ext from alta to any queue alta_in pass in log on $int_ext from center to any queue center_in pass in log on $int_ext from baixa to any pass in log on $int_ext from bmedia to any pass in log on $int_ext from media to any pass in log on $int_ext from alta to any pass in log on $int_ext from center to any Obrigada Cristina __ Fale com seus amigos de graça com o novo Yahoo! Messenger http://br.messenger.yahoo.com/ - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd -- Mauricio Bonani LPIC-1 mailto:[EMAIL PROTECTED] - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd geralmente eu uso pfctl -NRf pf.conf -- Alessandro de Souza Rocha Administrador de Redes e Sistemas Freebsd-BR User #117 - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
[FUG-BR] Erro no pf.conf - queue root_dc0 already exists on interface dc0
Pessoal, estou com erro ao instalar um controle de banda usando o PF. o erro é este ao digitar pfctl -f pf.conf queue root_dc0 already exists on interface dc0 pfctl: DIOCADDALTQ: Invalid argument pfctl -nf pf.conf queue root_dc0 already exists on interface dc0 pfctl: the sum of the child bandwidth higher than parent root_dc0 pfctl: the sum of the child bandwidth higher than parent root_dc0 andei olhando a lista encontrei este erro, porem segundo ocorre quando a soma do bandwith das filas filho ultrapassam o bandwith da fila pai, porem nas minhas configurações nao ultrapasam. Eis minhas configurações no kernel ## #Opcpes para Packet Filter device pf device pflog device pfsync options ALTQ options ALTQ_CBQ# Class Bases Queuing (CBQ) options ALTQ_RED# Random Early Detection (RED) options ALTQ_RIO# RED In/Out options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC) options ALTQ_PRIQ # Priority Queuing (PRIQ) options ALTQ_NOPCC # Required for SMP build no rc.conf # ifconfig_dc0=inet 10.0.0.2 netmask 255.255.255.0 ifconfig_vr0=inet 172.168.0.2 netmask 255.255.255.0 pf_enable=YES pf_rules=/etc/pf.conf pf_flags= pflog_enable=YES pflog_logfile=/var/log/pflog pflog_flags= no pf.conf ### int_int=vr0 int_ext=dc0 rede=172.168.0.0 # Link down=2.5Mb uplo=2.5Mb # Habilita enfileiramento # # Upload altq on $int_ext cbq bandwidth $uplo queue { baixa bmedia media alta center } queue baixa bandwidth 128Kb cbq(default) queue bmedia bandwidth 128Kb priority 1 queue media bandwidth 200Kb priority 2 queue alta bandwidth 350Kb priority 3 queue center bandwidth 512Kb priority 4 # Download # define os parametros para as subfilas. altq on $int_ext cbq bandwidth $down queue { baixa_in bmedia_in media_in alta_in center_in } queue baixa_in bandwidth 200Kb cbq(default) queue bmedia_in bandwidth 200Kb priority 1 queue media_in bandwidth 300Kb priority 2 queue alta_in bandwidth 512Kb priority 3 queue center_in bandwidth 768Kb priority 4 O restante eu nao mandei, mas se for importante eu mando. obrigada Cristina __ Fale com seus amigos de graça com o novo Yahoo! Messenger http://br.messenger.yahoo.com/ - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Re: [FUG-BR] Erro no pf.conf - queue root_dc0 already exists on interface dc0
Você está criando filas duas vezes na mesma interface: altq on $int_ext cbq bandwidth $uplo queue { baixa bmedia media alta center } altq on $int_ext cbq bandwidth $down queue { baixa_in bmedia_in media_in alta_in center_in } Num dos casos não seria 'altq on $int_int'? Em 25/01/07, Cristina Fernandes Silva[EMAIL PROTECTED] escreveu: Pessoal, estou com erro ao instalar um controle de banda usando o PF. o erro é este ao digitar pfctl -f pf.conf queue root_dc0 already exists on interface dc0 pfctl: DIOCADDALTQ: Invalid argument pfctl -nf pf.conf queue root_dc0 already exists on interface dc0 pfctl: the sum of the child bandwidth higher than parent root_dc0 pfctl: the sum of the child bandwidth higher than parent root_dc0 andei olhando a lista encontrei este erro, porem segundo ocorre quando a soma do bandwith das filas filho ultrapassam o bandwith da fila pai, porem nas minhas configurações nao ultrapasam. Eis minhas configurações no kernel ## #Opcpes para Packet Filter device pf device pflog device pfsync options ALTQ options ALTQ_CBQ# Class Bases Queuing (CBQ) options ALTQ_RED# Random Early Detection (RED) options ALTQ_RIO# RED In/Out options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC) options ALTQ_PRIQ # Priority Queuing (PRIQ) options ALTQ_NOPCC # Required for SMP build no rc.conf # ifconfig_dc0=inet 10.0.0.2 netmask 255.255.255.0 ifconfig_vr0=inet 172.168.0.2 netmask 255.255.255.0 pf_enable=YES pf_rules=/etc/pf.conf pf_flags= pflog_enable=YES pflog_logfile=/var/log/pflog pflog_flags= no pf.conf ### int_int=vr0 int_ext=dc0 rede=172.168.0.0 # Link down=2.5Mb uplo=2.5Mb # Habilita enfileiramento # # Upload altq on $int_ext cbq bandwidth $uplo queue { baixa bmedia media alta center } queue baixa bandwidth 128Kb cbq(default) queue bmedia bandwidth 128Kb priority 1 queue media bandwidth 200Kb priority 2 queue alta bandwidth 350Kb priority 3 queue center bandwidth 512Kb priority 4 # Download # define os parametros para as subfilas. altq on $int_ext cbq bandwidth $down queue { baixa_in bmedia_in media_in alta_in center_in } queue baixa_in bandwidth 200Kb cbq(default) queue bmedia_in bandwidth 200Kb priority 1 queue media_in bandwidth 300Kb priority 2 queue alta_in bandwidth 512Kb priority 3 queue center_in bandwidth 768Kb priority 4 O restante eu nao mandei, mas se for importante eu mando. obrigada Cristina __ Fale com seus amigos de graça com o novo Yahoo! Messenger http://br.messenger.yahoo.com/ - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd -- Mauricio Bonani LPIC-1 mailto:[EMAIL PROTECTED] - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Re: [FUG-BR] Erro no pf.conf - queue root_dc0 already exists on interface dc0
eu retirei e apresentou isso pfctl: DIOCADDRULE: Address family not supported by protocol family --- Mauricio Bonani [EMAIL PROTECTED] escreveu: Você está criando filas duas vezes na mesma interface: altq on $int_ext cbq bandwidth $uplo queue { baixa bmedia media alta center } altq on $int_ext cbq bandwidth $down queue { baixa_in bmedia_in media_in alta_in center_in } Num dos casos não seria 'altq on $int_int'? Em 25/01/07, Cristina Fernandes Silva[EMAIL PROTECTED] escreveu: Pessoal, estou com erro ao instalar um controle de banda usando o PF. o erro é este ao digitar pfctl -f pf.conf queue root_dc0 already exists on interface dc0 pfctl: DIOCADDALTQ: Invalid argument pfctl -nf pf.conf queue root_dc0 already exists on interface dc0 pfctl: the sum of the child bandwidth higher than parent root_dc0 pfctl: the sum of the child bandwidth higher than parent root_dc0 andei olhando a lista encontrei este erro, porem segundo ocorre quando a soma do bandwith das filas filho ultrapassam o bandwith da fila pai, porem nas minhas configurações nao ultrapasam. Eis minhas configurações no kernel ## #Opcpes para Packet Filter device pf device pflog device pfsync options ALTQ options ALTQ_CBQ# Class Bases Queuing (CBQ) options ALTQ_RED# Random Early Detection (RED) options ALTQ_RIO# RED In/Out options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC) options ALTQ_PRIQ # Priority Queuing (PRIQ) options ALTQ_NOPCC # Required for SMP build no rc.conf # ifconfig_dc0=inet 10.0.0.2 netmask 255.255.255.0 ifconfig_vr0=inet 172.168.0.2 netmask 255.255.255.0 pf_enable=YES pf_rules=/etc/pf.conf pf_flags= pflog_enable=YES pflog_logfile=/var/log/pflog pflog_flags= no pf.conf ### int_int=vr0 int_ext=dc0 rede=172.168.0.0 # Link down=2.5Mb uplo=2.5Mb # Habilita enfileiramento # # Upload altq on $int_ext cbq bandwidth $uplo queue { baixa bmedia media alta center } queue baixa bandwidth 128Kb cbq(default) queue bmedia bandwidth 128Kb priority 1 queue media bandwidth 200Kb priority 2 queue alta bandwidth 350Kb priority 3 queue center bandwidth 512Kb priority 4 # Download # define os parametros para as subfilas. altq on $int_ext cbq bandwidth $down queue { baixa_in bmedia_in media_in alta_in center_in } queue baixa_in bandwidth 200Kb cbq(default) queue bmedia_in bandwidth 200Kb priority 1 queue media_in bandwidth 300Kb priority 2 queue alta_in bandwidth 512Kb priority 3 queue center_in bandwidth 768Kb priority 4 O restante eu nao mandei, mas se for importante eu mando. obrigada Cristina __ Fale com seus amigos de graça com o novo Yahoo! Messenger http://br.messenger.yahoo.com/ - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd -- Mauricio Bonani LPIC-1 mailto:[EMAIL PROTECTED] - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd __ Fale com seus amigos de graça com o novo Yahoo! Messenger http://br.messenger.yahoo.com/ - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Re: [FUG-BR] Erro no pf.conf - queue root_dc0 already exists on interface dc0
Isso já é um erro nas regras de filtragem. Como você não mandou o arquivo completo não tem como te ajudar. Em 25/01/07, Cristina Fernandes Silva[EMAIL PROTECTED] escreveu: eu retirei e apresentou isso pfctl: DIOCADDRULE: Address family not supported by protocol family --- Mauricio Bonani [EMAIL PROTECTED] escreveu: Você está criando filas duas vezes na mesma interface: altq on $int_ext cbq bandwidth $uplo queue { baixa bmedia media alta center } altq on $int_ext cbq bandwidth $down queue { baixa_in bmedia_in media_in alta_in center_in } Num dos casos não seria 'altq on $int_int'? Em 25/01/07, Cristina Fernandes Silva[EMAIL PROTECTED] escreveu: Pessoal, estou com erro ao instalar um controle de banda usando o PF. o erro é este ao digitar pfctl -f pf.conf queue root_dc0 already exists on interface dc0 pfctl: DIOCADDALTQ: Invalid argument pfctl -nf pf.conf queue root_dc0 already exists on interface dc0 pfctl: the sum of the child bandwidth higher than parent root_dc0 pfctl: the sum of the child bandwidth higher than parent root_dc0 andei olhando a lista encontrei este erro, porem segundo ocorre quando a soma do bandwith das filas filho ultrapassam o bandwith da fila pai, porem nas minhas configurações nao ultrapasam. Eis minhas configurações no kernel ## #Opcpes para Packet Filter device pf device pflog device pfsync options ALTQ options ALTQ_CBQ# Class Bases Queuing (CBQ) options ALTQ_RED# Random Early Detection (RED) options ALTQ_RIO# RED In/Out options ALTQ_HFSC # Hierarchical Packet Scheduler (HFSC) options ALTQ_PRIQ # Priority Queuing (PRIQ) options ALTQ_NOPCC # Required for SMP build no rc.conf # ifconfig_dc0=inet 10.0.0.2 netmask 255.255.255.0 ifconfig_vr0=inet 172.168.0.2 netmask 255.255.255.0 pf_enable=YES pf_rules=/etc/pf.conf pf_flags= pflog_enable=YES pflog_logfile=/var/log/pflog pflog_flags= no pf.conf ### int_int=vr0 int_ext=dc0 rede=172.168.0.0 # Link down=2.5Mb uplo=2.5Mb # Habilita enfileiramento # # Upload altq on $int_ext cbq bandwidth $uplo queue { baixa bmedia media alta center } queue baixa bandwidth 128Kb cbq(default) queue bmedia bandwidth 128Kb priority 1 queue media bandwidth 200Kb priority 2 queue alta bandwidth 350Kb priority 3 queue center bandwidth 512Kb priority 4 # Download # define os parametros para as subfilas. altq on $int_ext cbq bandwidth $down queue { baixa_in bmedia_in media_in alta_in center_in } queue baixa_in bandwidth 200Kb cbq(default) queue bmedia_in bandwidth 200Kb priority 1 queue media_in bandwidth 300Kb priority 2 queue alta_in bandwidth 512Kb priority 3 queue center_in bandwidth 768Kb priority 4 O restante eu nao mandei, mas se for importante eu mando. obrigada Cristina __ Fale com seus amigos de graça com o novo Yahoo! Messenger http://br.messenger.yahoo.com/ - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd -- Mauricio Bonani LPIC-1 mailto:[EMAIL PROTECTED] - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd __ Fale com seus amigos de graça com o novo Yahoo! Messenger http://br.messenger.yahoo.com/ - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd -- Mauricio Bonani LPIC-1 mailto:[EMAIL PROTECTED] - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Re: [FUG-BR] Erro no pf.conf - queue root_dc0 already exists on interface dc0
O restante é esse. # Fazendo o NAT nat on $int_ext from $rede to any - $int_ext nat on $int_ext from baixa to any - $int_ext nat on $int_ext from bmedia to any - $int_ext nat on $int_ext from media to any - $int_ext nat on $int_ext from alta to any - $int_ext nat on $int_ext from center to any - $int_int # Redicrecionamento # rdr on $int_int proto tcp from any to any port 80 - $server1 port 3128 # ... sessão de filtragem # blockeando tudo por default block in log on $int_ext from any to any # bloqueando spoof antispoof for { $int_ext } inet # bloqueando scanners block drop in quick on { $int_ext } from any os { NMAP } # bloqueando trafego ipv6 block log quick inet6 #Liberando loopback pass quick on lo0 all # liberando ping/traceroute pass out log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state pass in log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state # Liberando portas #INCOMING #TCP pass in quick on $int_ext inet proto tcp from any to $int_ext port $TCP_IN flags S/SA keep state #UDP #pass in quick on $int_ext inet proto udp from any to $int_ext port $UDP_IN keep state #PING pass in quick on $int_ext inet proto icmp from any to $int_ext icmp-type $PING keep state pass in on $int_ext inet proto { tcp udp } from any to any port 22 pass in on $int_ext inet proto { tcp udp } from any to any port 21 pass in on $int_ext inet proto { tcp udp } from any to any port 20 pass in on $int_ext inet proto { tcp udp } from any to any port 25 pass in on $int_ext inet proto { tcp udp } from any to any port 53 pass in on $int_ext inet proto { tcp udp } from any to any port 80 pass in on $int_ext inet proto { tcp udp } from any to any port 443 pass in on $int_ext inet proto { tcp udp } from any to any port 110 pass in on $int_ext inet proto { tcp udp } from any to any port 8080 pass in on $int_ext inet proto { tcp udp } from any to any port 6667 pass in on $int_ext inet proto { tcp udp } from any to any port 6891 pass in on $int_ext inet proto { tcp udp } from any to any port 6893 pass in on $int_ext inet proto { tcp udp } from any to any port 6900 pass in on $int_ext inet proto { tcp udp } from any to any port 1213 pass in on $int_ext inet proto { tcp udp } from any to any port 1214 pass in on $int_ext inet proto { tcp udp } from any to any port 1832 pass in on $int_ext inet proto { tcp udp } from any to any port 3094 pass in on $int_ext inet proto { tcp udp } from any to any port 3622 pass in on $int_ext inet proto { tcp udp } from any to any port 2216 pass in on $int_ext inet proto tcp from port 20 to ($int_ext) user proxy flags S/SA keep state #OUTGOING #EXTERNAL INTERFACE #TCP pass out quick on $int_ext inet proto tcp from $int_ext to any port $TCP_OUT flags S/SA keep state #UDP pass out quick on $int_ext inet proto udp from $int_ext to any port $UDP_OUT keep state #ICMP pass out quick on $int_ext inet proto icmp from $int_ext to any icmp-type $PING keep state # Liberando acesso pass in log on $int_ext from baixa to any queue baixa_in pass in log on $int_ext from bmedia to any queue bmedia_in pass in log on $int_ext from media to any queue media_in pass in log on $int_ext from alta to any queue alta_in pass in log on $int_ext from center to any queue center_in pass in log on $int_ext from baixa to any pass in log on $int_ext from bmedia to any pass in log on $int_ext from media to any pass in log on $int_ext from alta to any pass in log on $int_ext from center to any Obrigada Cristina __ Fale com seus amigos de graça com o novo Yahoo! Messenger http://br.messenger.yahoo.com/ - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Re: [FUG-BR] Erro no pf.conf - queue root_dc0 already exists on interface dc0
2007/1/25, Cristina Fernandes Silva [EMAIL PROTECTED]: O restante é esse. # Fazendo o NAT nat on $int_ext from $rede to any - $int_ext nat on $int_ext from baixa to any - $int_ext nat on $int_ext from bmedia to any - $int_ext nat on $int_ext from media to any - $int_ext nat on $int_ext from alta to any - $int_ext nat on $int_ext from center to any - $int_int # Redicrecionamento # rdr on $int_int proto tcp from any to any port 80 - $server1 port 3128 # ... sessão de filtragem # blockeando tudo por default block in log on $int_ext from any to any # bloqueando spoof antispoof for { $int_ext } inet # bloqueando scanners block drop in quick on { $int_ext } from any os { NMAP } # bloqueando trafego ipv6 block log quick inet6 #Liberando loopback pass quick on lo0 all # liberando ping/traceroute pass out log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state pass in log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state # Liberando portas #INCOMING #TCP pass in quick on $int_ext inet proto tcp from any to $int_ext port $TCP_IN flags S/SA keep state #UDP #pass in quick on $int_ext inet proto udp from any to $int_ext port $UDP_IN keep state #PING pass in quick on $int_ext inet proto icmp from any to $int_ext icmp-type $PING keep state pass in on $int_ext inet proto { tcp udp } from any to any port 22 pass in on $int_ext inet proto { tcp udp } from any to any port 21 pass in on $int_ext inet proto { tcp udp } from any to any port 20 pass in on $int_ext inet proto { tcp udp } from any to any port 25 pass in on $int_ext inet proto { tcp udp } from any to any port 53 pass in on $int_ext inet proto { tcp udp } from any to any port 80 pass in on $int_ext inet proto { tcp udp } from any to any port 443 pass in on $int_ext inet proto { tcp udp } from any to any port 110 pass in on $int_ext inet proto { tcp udp } from any to any port 8080 pass in on $int_ext inet proto { tcp udp } from any to any port 6667 pass in on $int_ext inet proto { tcp udp } from any to any port 6891 pass in on $int_ext inet proto { tcp udp } from any to any port 6893 pass in on $int_ext inet proto { tcp udp } from any to any port 6900 pass in on $int_ext inet proto { tcp udp } from any to any port 1213 pass in on $int_ext inet proto { tcp udp } from any to any port 1214 pass in on $int_ext inet proto { tcp udp } from any to any port 1832 pass in on $int_ext inet proto { tcp udp } from any to any port 3094 pass in on $int_ext inet proto { tcp udp } from any to any port 3622 pass in on $int_ext inet proto { tcp udp } from any to any port 2216 pass in on $int_ext inet proto tcp from port 20 to ($int_ext) user proxy flags S/SA keep state #OUTGOING #EXTERNAL INTERFACE #TCP pass out quick on $int_ext inet proto tcp from $int_ext to any port $TCP_OUT flags S/SA keep state #UDP pass out quick on $int_ext inet proto udp from $int_ext to any port $UDP_OUT keep state #ICMP pass out quick on $int_ext inet proto icmp from $int_ext to any icmp-type $PING keep state # Liberando acesso pass in log on $int_ext from baixa to any queue baixa_in pass in log on $int_ext from bmedia to any queue bmedia_in pass in log on $int_ext from media to any queue media_in pass in log on $int_ext from alta to any queue alta_in pass in log on $int_ext from center to any queue center_in pass in log on $int_ext from baixa to any pass in log on $int_ext from bmedia to any pass in log on $int_ext from media to any pass in log on $int_ext from alta to any pass in log on $int_ext from center to any Obrigada Cristina __ Fale com seus amigos de graça com o novo Yahoo! Messenger http://br.messenger.yahoo.com/ - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd Cristina um exemplo para vc. altq on $ext_if bandwidth 1Mb cbq queue { dflt_out, local,wireless } queue dflt_out bandwidth 5% cbq(default) queue local bandwidth 50% queue wireless bandwidth 40% altq on $int_if bandwidth 1Mb cbq queue { dflt_in, cpd, radio } queue dflt_in bandwidth 10% cbq(default) queue cpd 50% queue radio bandwidth 40% pass out on $int_if from 192.168.0.0/24 to any keep state queue cpd pass out on $int_if from 100.100.100.0/24 to any keep state queue radio pass out on $ext_if from 192.168.0.0/24 to any keep state queue cpd pass out on $ext_if from 100.100.100.0/24 to any keep state queue radio -- Alessandro de Souza Rocha Administrador de Redes e Sistemas Freebsd-BR User #117 - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
Re: [FUG-BR] Erro no pf.conf - queue root_dc0 already exists on interface dc0
2007/1/25, Alessandro de Souza Rocha [EMAIL PROTECTED]: 2007/1/25, Cristina Fernandes Silva [EMAIL PROTECTED]: O restante é esse. # Fazendo o NAT nat on $int_ext from $rede to any - $int_ext nat on $int_ext from baixa to any - $int_ext nat on $int_ext from bmedia to any - $int_ext nat on $int_ext from media to any - $int_ext nat on $int_ext from alta to any - $int_ext nat on $int_ext from center to any - $int_int # Redicrecionamento # rdr on $int_int proto tcp from any to any port 80 - $server1 port 3128 # ... sessão de filtragem # blockeando tudo por default block in log on $int_ext from any to any # bloqueando spoof antispoof for { $int_ext } inet # bloqueando scanners block drop in quick on { $int_ext } from any os { NMAP } # bloqueando trafego ipv6 block log quick inet6 #Liberando loopback pass quick on lo0 all # liberando ping/traceroute pass out log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state pass in log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state # Liberando portas #INCOMING #TCP pass in quick on $int_ext inet proto tcp from any to $int_ext port $TCP_IN flags S/SA keep state #UDP #pass in quick on $int_ext inet proto udp from any to $int_ext port $UDP_IN keep state #PING pass in quick on $int_ext inet proto icmp from any to $int_ext icmp-type $PING keep state pass in on $int_ext inet proto { tcp udp } from any to any port 22 pass in on $int_ext inet proto { tcp udp } from any to any port 21 pass in on $int_ext inet proto { tcp udp } from any to any port 20 pass in on $int_ext inet proto { tcp udp } from any to any port 25 pass in on $int_ext inet proto { tcp udp } from any to any port 53 pass in on $int_ext inet proto { tcp udp } from any to any port 80 pass in on $int_ext inet proto { tcp udp } from any to any port 443 pass in on $int_ext inet proto { tcp udp } from any to any port 110 pass in on $int_ext inet proto { tcp udp } from any to any port 8080 pass in on $int_ext inet proto { tcp udp } from any to any port 6667 pass in on $int_ext inet proto { tcp udp } from any to any port 6891 pass in on $int_ext inet proto { tcp udp } from any to any port 6893 pass in on $int_ext inet proto { tcp udp } from any to any port 6900 pass in on $int_ext inet proto { tcp udp } from any to any port 1213 pass in on $int_ext inet proto { tcp udp } from any to any port 1214 pass in on $int_ext inet proto { tcp udp } from any to any port 1832 pass in on $int_ext inet proto { tcp udp } from any to any port 3094 pass in on $int_ext inet proto { tcp udp } from any to any port 3622 pass in on $int_ext inet proto { tcp udp } from any to any port 2216 pass in on $int_ext inet proto tcp from port 20 to ($int_ext) user proxy flags S/SA keep state #OUTGOING #EXTERNAL INTERFACE #TCP pass out quick on $int_ext inet proto tcp from $int_ext to any port $TCP_OUT flags S/SA keep state #UDP pass out quick on $int_ext inet proto udp from $int_ext to any port $UDP_OUT keep state #ICMP pass out quick on $int_ext inet proto icmp from $int_ext to any icmp-type $PING keep state # Liberando acesso pass in log on $int_ext from baixa to any queue baixa_in pass in log on $int_ext from bmedia to any queue bmedia_in pass in log on $int_ext from media to any queue media_in pass in log on $int_ext from alta to any queue alta_in pass in log on $int_ext from center to any queue center_in pass in log on $int_ext from baixa to any pass in log on $int_ext from bmedia to any pass in log on $int_ext from media to any pass in log on $int_ext from alta to any pass in log on $int_ext from center to any Obrigada Cristina __ Fale com seus amigos de graça com o novo Yahoo! Messenger http://br.messenger.yahoo.com/ - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd Cristina um exemplo para vc. altq on $ext_if bandwidth 1Mb cbq queue { dflt_out, local,wireless } queue dflt_out bandwidth 5% cbq(default) queue local bandwidth 50% queue wireless bandwidth 40% altq on $int_if bandwidth 1Mb cbq queue { dflt_in, cpd, radio } queue dflt_in bandwidth 10% cbq(default) queue cpd 50% queue radio bandwidth 40% pass out on $int_if from 192.168.0.0/24 to any keep state queue cpd pass out on $int_if from 100.100.100.0/24 to any keep state queue radio pass out on $ext_if from 192.168.0.0/24 to any keep state queue cpd pass out on $ext_if from 100.100.100.0/24 to any keep state queue radio -- Alessandro de Souza Rocha Administrador de Redes e Sistemas Freebsd-BR User #117 -- Alessandro de Souza Rocha Administrador de Redes e Sistemas Freebsd-BR User #117 - Histórico:
Re: [FUG-BR] Erro no pf.conf - queue root_dc0 already exists on interface dc0
2007/1/25, Alessandro de Souza Rocha [EMAIL PROTECTED]: 2007/1/25, Alessandro de Souza Rocha [EMAIL PROTECTED]: 2007/1/25, Cristina Fernandes Silva [EMAIL PROTECTED]: O restante é esse. # Fazendo o NAT nat on $int_ext from $rede to any - $int_ext nat on $int_ext from baixa to any - $int_ext nat on $int_ext from bmedia to any - $int_ext nat on $int_ext from media to any - $int_ext nat on $int_ext from alta to any - $int_ext nat on $int_ext from center to any - $int_int # Redicrecionamento # rdr on $int_int proto tcp from any to any port 80 - $server1 port 3128 # ... sessão de filtragem # blockeando tudo por default block in log on $int_ext from any to any # bloqueando spoof antispoof for { $int_ext } inet # bloqueando scanners block drop in quick on { $int_ext } from any os { NMAP } # bloqueando trafego ipv6 block log quick inet6 #Liberando loopback pass quick on lo0 all # liberando ping/traceroute pass out log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state pass in log on $int_ext inet proto icmp all icmp-type 8 code 0 keep state # Liberando portas #INCOMING #TCP pass in quick on $int_ext inet proto tcp from any to $int_ext port $TCP_IN flags S/SA keep state #UDP #pass in quick on $int_ext inet proto udp from any to $int_ext port $UDP_IN keep state #PING pass in quick on $int_ext inet proto icmp from any to $int_ext icmp-type $PING keep state pass in on $int_ext inet proto { tcp udp } from any to any port 22 pass in on $int_ext inet proto { tcp udp } from any to any port 21 pass in on $int_ext inet proto { tcp udp } from any to any port 20 pass in on $int_ext inet proto { tcp udp } from any to any port 25 pass in on $int_ext inet proto { tcp udp } from any to any port 53 pass in on $int_ext inet proto { tcp udp } from any to any port 80 pass in on $int_ext inet proto { tcp udp } from any to any port 443 pass in on $int_ext inet proto { tcp udp } from any to any port 110 pass in on $int_ext inet proto { tcp udp } from any to any port 8080 pass in on $int_ext inet proto { tcp udp } from any to any port 6667 pass in on $int_ext inet proto { tcp udp } from any to any port 6891 pass in on $int_ext inet proto { tcp udp } from any to any port 6893 pass in on $int_ext inet proto { tcp udp } from any to any port 6900 pass in on $int_ext inet proto { tcp udp } from any to any port 1213 pass in on $int_ext inet proto { tcp udp } from any to any port 1214 pass in on $int_ext inet proto { tcp udp } from any to any port 1832 pass in on $int_ext inet proto { tcp udp } from any to any port 3094 pass in on $int_ext inet proto { tcp udp } from any to any port 3622 pass in on $int_ext inet proto { tcp udp } from any to any port 2216 pass in on $int_ext inet proto tcp from port 20 to ($int_ext) user proxy flags S/SA keep state #OUTGOING #EXTERNAL INTERFACE #TCP pass out quick on $int_ext inet proto tcp from $int_ext to any port $TCP_OUT flags S/SA keep state #UDP pass out quick on $int_ext inet proto udp from $int_ext to any port $UDP_OUT keep state #ICMP pass out quick on $int_ext inet proto icmp from $int_ext to any icmp-type $PING keep state # Liberando acesso pass in log on $int_ext from baixa to any queue baixa_in pass in log on $int_ext from bmedia to any queue bmedia_in pass in log on $int_ext from media to any queue media_in pass in log on $int_ext from alta to any queue alta_in pass in log on $int_ext from center to any queue center_in pass in log on $int_ext from baixa to any pass in log on $int_ext from bmedia to any pass in log on $int_ext from media to any pass in log on $int_ext from alta to any pass in log on $int_ext from center to any Obrigada Cristina __ Fale com seus amigos de graça com o novo Yahoo! Messenger http://br.messenger.yahoo.com/ - Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd Cristina um exemplo para vc. altq on $ext_if bandwidth 1Mb cbq queue { dflt_out, local,wireless } queue dflt_out bandwidth 5% cbq(default) queue local bandwidth 50% queue wireless bandwidth 40% altq on $int_if bandwidth 1Mb cbq queue { dflt_in, cpd, radio } queue dflt_in bandwidth 10% cbq(default) queue cpd 50% queue radio bandwidth 40% pass out on $int_if from 192.168.0.0/24 to any keep state queue cpd pass out on $int_if from 100.100.100.0/24 to any keep state queue radio pass out on $ext_if from 192.168.0.0/24 to any keep state queue cpd pass out on $ext_if from 100.100.100.0/24 to any keep state queue radio -- Alessandro de Souza Rocha