antes de mais nada digo que no sou expert nisso, s fiz at onde precisava por aqui, com muita

pesquisa e dor de cabea. mas no que puder ajuda, tranquilo. > Rapaz andei fazendo uns testes com hfsc e fiquei de cabelo em p. No > entendi essas trs opes (realtime, upperlimit e linkshare), quando meio louco isso mesmo. AFAIK, realtime e linkshare so quase a mesma coisa. uso o primeiro. so usados quando o link t saturado, para garantir esta fila a banda que voc quer. o link satura para ele qd usa 85% do definido (a soma de realtime d pode dar isso, ou 80%) > tudo parecia caminhar ai que eu menos entendia o que estava > acontecendo. Larguei de lado e usei pf + dummynet. Na verdade queria mas o dummynet + ipfw muito massa, pois em pf no posso limitar o mundo por ex 100kbps. a soma sempre tem que ser <= banda declarada. > usar openbsd com pf e hfsc, no teve jeito pulei para freeba. o OpenBSD massa. seguro e carrancudo. mas ainda prefiro o FreeBSD. s no uso pq no meu hardware o FreeBSD no acha meu disco microdrive da seagate com minha controladora ata. o OpenBSD usa sem problemas. mas prefiro a facilidade de atualizao do FreeBSD. e o 8-CURRENT t sem noo de massa :) > Nenhum_de_nos por acaso voc tem algo para compartilhar sobre o > funcionamento do hfsc, alguma regra, exemplo para que possa testar > trocar algumas figurinhas? tranquilo. o que eu souber. deixe-me colocar o que est aqui. um FW simples, ainda preciso ler sobre muita coisa. mas controla meu dsl ok. :) tenho pcs em casa, onde posso dividir em duas classes, meu Folding@HOME, e demais. no preciso controlar ningum aqui escrotos), mas quero que o fah (folding) quando mande seus upload, mas tenha o max de banda para mandar logo. quero o meu ed2k, sem tb atolar a rede. qd o fah tiver mandando, o fah no fica 24h como o ed2k. pfTop: Up Queue 1-21/21, View: queue, Cache: 10000 QUEUE root_tun0 out_ack out_dns out_ssh out_jogos out_web out_smtp out_bolo out_p2pFah out_fah out_p2p root_vr0 in_inet in_dns in_ssh BW 300K 30000 15000 30000 45000 30000 15000 15000 15000 12000 3000 100M 1000K 10000 100K SCH hfsc hfsc hfsc hfsc hfsc hfsc hfsc hfsc hfsc hfsc hfsc hfsc hfsc hfsc hfsc PR 0 8 7 6 5 4 3 2 7 2 0 8 8 7 PKTS 0 299 23923 9166 1269 1621K 7266 735K 0 99768 6188K 0 0 0 2217 pc que roda ed2k e (no h usurios WU's no atole meu max de upload para ed2k perde banda pq 22:21:53

BYTES DROP_P DROP_B QLEN BORR SUSP P/S B/S 0 0 0 0 0 0 23780 0 0 0 0 0 2149K 269 18885 0 1 114 3281K 0 0 0 0.2 11 103K 0 0 0 0 0 144M 236 31680 0 7 2600 784K 0 0 0 0 0 45M 0 0 0 12 738 0 0 0 0 0 0 126M 130 192920 0 0 0 2300M 986184 279M 49 63 20K 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 246K 0 0 0 0.2 35

in_jogos in_web in_p2pFah in_fah in_p2p lan

150K 300K 100K 80000 20000 99M

hfsc hfsc hfsc hfsc hfsc hfsc

6 0 0 5 1849K 2579M 0 0 7 59317 22M 2 7384K 4013M 26641 11M

0 0 0 0 0 0 0 0 1312 407082 0 0

0 0 0 0 0 0

0 0 2 2198 0 0 0 0 96 61K 1 453

tem mais algumas classes que quero dar prioridade. a que mais apanho mandar ACK's logo. falta estudar isso :) as regras para isso so: # cat regras.pf ext_if="tun0" modem_if="fxp0" int_if="vr0" lan="10.1.1.0/24" # Maquinas p = "10.1.1.1" m = "10.1.1.2" lamneth = "10.1.1.10" mo = "10.1.1.12" arroway = "10.1.1.80" darkside = "10.1.1.100" portas_arroway portas_p2p portas_m portas_jogos portas_servicos portas_ssh scrub in set skip on lo0 altq on $ext_if hfsc bandwidth 300Kb queue { out_ack, out_dns, out_ssh, out_web, out_jogos, out_p2pFah, out_smtp, out_bolo } queue out_ack bandwidth 10% priority 8 hfsc (realtime 20%) queue out_dns bandwidth 5% priority 7 hfsc (realtime 5%) queue out_ssh bandwidth 10% priority 6 hfsc (realtime 10%) queue out_jogos bandwidth 15% priority 5 hfsc (realtime 15%) queue out_web bandwidth 10% priority 4 hfsc (realtime 10%) queue out_smtp bandwidth 5% priority 3 hfsc (realtime 15%) queue out_bolo bandwidth 5% priority 2 hfsc (default) queue out_p2pFah bandwidth 5% priority 1 hfsc (upperlimit 160Kb) { out_fah, out_p2p } queue out_fah bandwidth 80% priority 7 hfsc queue out_p2p bandwidth 20% priority 2 hfsc altq on $int_if hfsc bandwidth 100Mb queue {in_inet, lan } queue in_inet bandwidth 1% priority 8 hfsc (realtime 1%) { in_dns, in_ssh, in_jogos, in_web, in_p2pFah } queue in_dns bandwidth 5% priority 8 hfsc (realtime 5%) queue in_ssh bandwidth 10% priority 7 hfsc (realtime 10%) queue in_jogos bandwidth 15% priority 6 hfsc (realtime 15%) queue in_web bandwidth 30% priority 5 hfsc (realtime 10%) queue in_p2pFah bandwidth 10% priority 1 hfsc (upperlimit 80%) { = = = = = = "5910" "{ 5000:5100 5900 }" "5000:5100" "{ 2009 2106 7777 }" "22 25 80 443" "{ 22 443 }"

in_fah, in_p2p } queue in_fah queue in_p2p queue lan

bandwidth 80% priority 7 hfsc bandwidth 20% priority 2 hfsc (default) bandwidth 99% priority 1 hfsc (upperlimit 98%)

table <chatos_ssh> persist table <ips_fah> persist file "/root/ips_fah" nat on $ext_if from $lan to any -> ($ext_if) nat on $modem_if from $lan to any -> ($modem_if) # m rdr on $ext_if proto { tcp, udp } from any to any port $portas_m tag in_p2p -> $m # lamneth #rdr pass inet proto smtp -> 127.0.0.1 #rdr pass inet proto rdr on $ext_if proto -> $lamneth rdr on $ext_if proto -> $lamneth port 22 tcp from !<spamd-white> to any port port spamd tcp from <spamd> to any port smtp -> 127.0.0.1 port spamd tcp from any to any port 80 tag in_web tcp from any to any port 443 tag in_ssh

# arroway rdr on $ext_if proto tcp -> $arroway port 22 rdr on $ext_if proto tcp -> $arroway rdr on $ext_if proto { tcp, udp } tag in_p2p -> $arroway # Servicos #rdr on $ext_if proto tcp $lamneth rdr on $ext_if proto tcp -> 127.0.0.1 # RDP rdr on $ext_if proto { tcp, udp } -> $mainha # Geral block log quick from <chatos_ssh> block in on $ext_if all block in on $int_if all antispoof for $ext_if

from any to any port 2222 tag in_ssh from any to any port 10101 tag in_web from any to any port $portas_arroway

from any to any port 25

->

from any to any port 25 tag in_email

from any to any port 3389 tag in_rdp

# DSL in pass in log on $ext_if tagged in_ssh keep state (max-src-conn-rate 4/60 overload <chatos_ssh> flush global) queue (out_bolo, out_ssh) pass in on $ext_if tagged in_email modulate state queue (out_bolo, out_smtp) pass in on $ext_if tagged in_p2p keep state queue (out_p2p) pass in on $ext_if tagged in_ssh keep state queue (out_bolo, out_ssh) pass in on $ext_if tagged in_web keep state queue (out_bolo, out_web) pass in on $ext_if inet proto tcp from any to any port 22 modulate state queue (out_bolo, out_ssh) # DSL out

pass out quick on $ext_if proto tcp from any to any flags A/A keep state queue (out_ack) pass out on $ext_if inet proto { tcp, udp } from any to any port 53 keep state queue (out_dns) pass out on $ext_if proto tcp from any to any port { 22, 2222, 23456 } keep state queue (out_ssh) pass out on $ext_if proto tcp from any to any port { 21, 80, 443, 8080 } keep state queue (out_web) pass out on $ext_if proto tcp from any to any port { 80, 443, 8080 } modulate state queue (out_web) pass out quick on $ext_if from any to <ips_fah> keep state queue (out_fah) pass in on $ext_if proto tcp from $arroway port 5900 to any modulate state queue (out_p2p) pass in on $ext_if proto udp from $arroway port 5900 to any keep state queue (out_p2p) pass out on $ext_if proto { tcp, udp } from any to any port ntp keep state queue (out_ack) pass out on $ext_if proto tcp from any to any port { 25, 465, 587 } keep state queue (out_smtp) pass out on $ext_if proto { tcp, udp } from any to any port 7777 keep state queue (out_jogos) pass out on $ext_if proto tcp from any to any port 1683 keep state queue (out_bolo) # LAN in pass in on $int_if keep state queue (out_p2p, in_p2p) pass in on $int_if proto tcp keep state queue (in_bolo) pass in on $int_if proto tcp modulate state queue (in_p2p) pass in on $int_if proto udp keep state queue (in_p2p) pass in on $int_if proto tcp } keep state queue (in_ssh) pass in on $int_if proto { tcp, udp } keep state pass in on $int_if proto tcp modulate state queue (in_web, out_web) pass in on $int_if proto tcp modulate state queue (out_smtp) pass in on $int_if proto { tcp, udp } keep state pass in on $int_if keep state queue (in_fah) pass in on $int_if keep state queue (lan) # LAN out pass out on $int_if keep state pass out on $int_if keep state queue (lan) from $arroway to any from any to any port 1683 from $arroway port 5900 to any from $arroway port 5900 to any from any to any port { 22, 2222, 23456 from $lamneth to any port 53 from any to any port { 80, 443, 8080 } from any to any port { 25, 465, 587 } from any to any port ntp from $arroway to <ips_fah> from $int_if:network to $int_if

from any to any from $int_if to $int_if:network

tem coisa para melhorar (sempre), mas cada pedao de tempo arrumo uma coisa. aqui, o amule fica sempre colado nos 20k. se o fah vai mandar, ele manda na casa dos 16k e o amule cai para 4k. ainda apanho um pouco com outros protocolos (nem tudo funciona 100%, mas no sei se culpa minha, do hfsc ou protocolo).

j fiz teste e tem fluxo que no toma toda a banda alocada para ele, a novamente no sei se culpa do hfsc ou protocolo ou minha. neste caso que tem dois ip's para reservar banda, tenho tido exp boa aqui em limites, seja com PRIQ ou HFSC. espero que tenha ajudado mais que complicado, qquer coisa s falar :) uma fonte que usei (muito) para ter info sobre pf+hfsc foi o site do calomel https://calomel.org/ e o livro do Jacek Artymiak de pf e openbsd. e muita tentativa :) matheus > > > > Boa noite moada. ------------------------Histrico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd

-We will call you cygnus, The God of balance you shall be A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? http://en.wikipedia.org/wiki/Posting_style