Pessoal Tenho um link dedicado da telefonica de 2MB. Meu server é um P4 3.2 com 2 HD SATA 80GB / 160GB, 1GB RAM, Placas de Rede 3Com. Tenho os seguintes serviço rodando nele. Proxy / Firewall e controle de Banda com PF / Squid / NATD / DHCP.
O problema é o seguinte:
Quando tenho mais de 10 clientes conectados simultaneamente cada um com 128Kbps meu server fica lento e ninguem consegue navegar mais, sendo q eu tenho 2MB de link. Quando eu pingo no server ele me retorna uns tempos de 2000ms, 2800ms. Alguem sabe o q pode estar acontecendo? Posso postar as configurações dos serviço aqui no forum.
Obs: Ja fiz alguns teste desabilitando os serviços de NAT / DHCP e Squid/Cache e continuou lento.
Estou maluco com isso. Se alguem puder me ajudar eu agradeço.
PF.CONF
################################################## #############
# CONFIGURACAO DAS PLACAS DE REDE
################################################## #############
ext_if="xl0"
int_if="xl1"
ip_rede="192.168.0.0/16"
miguel="192.168.2.253"
teste3="192.168.1.253"
marco="192.168.3.253"
irmaomiguel="192.168.4.253"
atendimento="192.168.5.253"
aguinaldo="192.168.6.253"
harumi="192.168.7.253"
adeval="192.168.8.253"
everson="192.168.9.253"
fabio="192.168.10.253"
PING = "echoreq"
TCP_IN = "{ 53, 22, 80, 3456, ssh, ftp, 20, 21, 443 }"
UDP_IN = "{ 53, 67, 80, 20, 21 }"
TCP_OUT = "{ 53, 22, 80, 20, 21, ftp, 443, http, ntp, 8080, 5999 }"
UDP_OUT = "{ 53, 67, 80, 20, 21, domain, ntp }"
server1="127.0.0.1"
server2="192.168.253.171"
################################################## #############
# NORMALIZANDO OS PACOTES
################################################## #############
set timeout { tcp.first 60 tcp.opening 15 tcp.established 86400 \
tcp.closing 300 tcp.finwait 15 tcp.closed 15 }
set timeout { udp.first 30 udp.single 15 udp.multiple 30 }
set timeout { icmp.first 10 icmp.error 5 }
set timeout { other.first 30 other.single 15 other.multiple 30 }
set timeout { frag 30 interval 10 }
set limit { states 50000 frags 25000 }
set optimization aggressive
set loginterface $ext_if
set loginterface $int_if
set block-policy return
set require-order yes
scrub all fragment reassemble random-id no-df
################################################## #############
# CONTROLE DE UPLOAD E DOWNLOAD
################################################## #############
altq on $int_if cbq bandwidth 2048Kb queue { d_32 d_64 d_128 d_256 d_512 }
altq on $ext_if cbq bandwidth 2048Kb queue { up_32 up_64 up_128 up_256 }
queue up_32 bandwidth 32Kb cbq(default)
queue up_64 bandwidth 64Kb priority 4
queue up_128 bandwidth 128Kb priority 4
queue up_256 bandwidth 256Kb priority 4
queue d_32 bandwidth 32Kb cbq(default)
queue d_64 bandwidth 64Kb priority 4
queue d_128 bandwidth 128Kb priority 4
queue d_256 bandwidth 256Kb priority 4
queue d_512 bandwidth 512Kb priority 4
################################################## #############
# FAZENDO NAT
################################################## #############
nat on $ext_if from $ip_rede to any -> $ext_if
################################################## #############
# REDIRECIONAMENTO
################################################## #############
rdr on $ext_if proto tcp from any to any port 8080 -> $server2 port 8080
rdr on $int_if proto tcp from any to any port 21 -> $server1 port 8021
rdr on $ext_if proto tcp from any to any port 6667 -> $server2 port 6667
rdr on $ext_if proto tcp from any to any port 6891 -> $server2 port 6891
rdr on $ext_if proto tcp from any to any port 6893 -> $server2 port 6893
rdr on $ext_if proto tcp from any to any port 6900 -> $server2 port 6900
rdr on $ext_if proto tcp from any to any port 5900 -> $server2 port 5900
rdr on $ext_if proto tcp from any to any port 1213 -> $server2 port 1213
rdr on $ext_if proto tcp from any to any port 1214 -> $server2 port 1214
rdr on $ext_if proto tcp from any to any port 1832 -> $server2 port 1832
rdr on $ext_if proto tcp from any to any port 3094 -> $server2 port 3094
rdr on $ext_if proto tcp from any to any port 3622 -> $server2 port 3622
rdr on $ext_if proto udp from any to any port 1213 -> $server2 port 1213
rdr on $ext_if proto udp from any to any port 1214 -> $server2 port 1214
rdr on $ext_if proto udp from any to any port 1832 -> $server2 port 1832
rdr on $ext_if proto udp from any to any port 3094 -> $server2 port 3094
rdr on $ext_if proto udp from any to any port 3622 -> $server2 port 3622
#rdr on $int_if proto tcp from any to any port 80 -> $server1 port 3128
#rdr on $int_if proto udp from any to any port 80 -> $server1 port 3128
# blockeando tudo por default
block in log on $int_if all
block out log on $int_if all
# bloqueando spoof
antispoof for { $ext_if } inet
# bloqueando scanners
block drop in quick on { $ext_if } from any os { NMAP }
# bloqueando trafego ipv6
block log quick inet6
#Liberando loopback
pass quick on lo0 all
# liberando ping/traceroute
pass out log on $ext_if inet proto icmp all icmp-type 8 code 0 keep state
pass in log on $ext_if inet proto icmp all icmp-type 8 code 0 keep state
# Liberando portas
#INCOMING
#TCP
pass in quick on $ext_if inet proto tcp from any to $ext_if port $TCP_IN \
flags S/SA keep state
#UDP
#pass in quick on $ext_if inet proto udp from any to $ext_if port $UDP_IN \
keep state
#PING
pass in quick on $ext_if inet proto icmp from any to $ext_if icmp-type $PING \
keep state
pass in on $ext_if inet proto { tcp udp } from any to any port 22
pass in on $ext_if inet proto { tcp udp } from any to any port 21
pass in on $ext_if inet proto { tcp udp } from any to any port 20
pass in on $ext_if inet proto { tcp udp } from any to any port 25
pass in on $ext_if inet proto { tcp udp } from any to any port 53
pass in on $ext_if inet proto { tcp udp } from any to any port 80
pass in on $ext_if inet proto { tcp udp } from any to any port 443
pass in on $ext_if inet proto { tcp udp } from any to any port 110
pass in on $ext_if inet proto { tcp udp } from any to any port 8080
pass in on $ext_if inet proto { tcp udp } from any to any port 6667
pass in on $ext_if inet proto { tcp udp } from any to any port 6891
pass in on $ext_if inet proto { tcp udp } from any to any port 6893
pass in on $ext_if inet proto { tcp udp } from any to any port 6900
pass in on $ext_if inet proto { tcp udp } from any to any port 1213
pass in on $ext_if inet proto { tcp udp } from any to any port 1214
pass in on $ext_if inet proto { tcp udp } from any to any port 1832
pass in on $ext_if inet proto { tcp udp } from any to any port 3094
pass in on $ext_if inet proto { tcp udp } from any to any port 3622
pass in on $ext_if inet proto { tcp udp } from any to any port 2216
pass in on $ext_if inet proto tcp from port 20 to $ext_if \
user proxy flags S/SA keep state
#OUTGOING
#EXTERNAL INTERFACE
#TCP
pass out quick on $ext_if inet proto tcp from $ext_if to any port $TCP_OUT \
flags S/SA keep state
#UDP
pass out quick on $ext_if inet proto udp from $ext_if to any port $UDP_OUT \
keep state
#ICMP
pass out quick on $ext_if inet proto icmp from $ext_if to any icmp-type $PING \
keep state
# Liberando acesso
################################################## #############
# CONTROLE DE DOWNLOAD
################################################## #############
pass out log on $int_if from any to $teste3 queue d_64
pass out log on $int_if from any to $miguel queue d_64
pass out log on $int_if from any to $marco queue d_64
pass out log on $int_if from any to $irmaomiguel queue d_64
pass out log on $int_if from any to $atendimento queue d_64
pass out log on $int_if from any to $aguinaldo queue d_64
pass out log on $int_if from any to $harumi queue d_64
pass out log on $int_if from any to $adeval queue d_64
pass out log on $int_if from any to $everson queue d_64
pass out log on $int_if from any to $fabio queue d_128
################################################## #############
# CONTROLE DE UPLOAD
################################################## #############
pass in log on $int_if from $teste3 to any queue up_32
pass in log on $int_if from $miguel to any queue up_32
pass in log on $int_if from $marco to any queue up_32
pass in log on $int_if from $irmaomiguel to any queue up_32
pass in log on $int_if from $atendimento to any queue up_32
pass in log on $int_if from $aguinaldo to any queue up_32
pass in log on $int_if from $harumi to any queue up_32
pass in log on $int_if from $adeval to any queue up_32
pass in log on $int_if from $everson to any queue up_32
pass in log on $int_if from $fabio to any queue up_64