+ Responder ao Tópico



  1. Galera esta brabo de encontrar informações sobre o meu problema. Possuo um link de Velox com 4 MBps, e fiz o compartilhamento com o pessoal do prédio onde moro, limitei a galera em 128Kbps para download e upload. Até ai tudo bem o compartilhamento esta funcionando bem, mais estes computadores que estão com limite de banda, não conseguem utilizar o cache do meu proxy, quando paro o meu bandlimit, eles conseguem ter acesso ao cache, e também ficam sem qualquer limite de banda. Se alguém puder me ajudar ficarei muito grato.....

  2. Galera mais uma vez venho pedir a ajuda de vocês, pois continuo com o "problema" de não conseguir ter acesso ao cache do squid com a utilização do Bandlimit, ou seja a rede que esta com limite vai direto para a internet e utiliza o cache, mais quando paro o Bandlimit, essa rede acessa normalmente o cache. Segue abaixo os meus scripts e arquivos de configuração do Squid, Firewall e Bandlimit. Ficarei muito grato caso alguém possa me ajudar. (Devido ao limite de caracteres abaixo segue só o do squid na outra mensagem segue o Firewall e o Bandlimit)


    Squid:

    http_port 3128
    hierarchy_stoplist cgi-bin ?
    acl QUERY urlpath_regex cgi-bin \?
    no_cache deny QUERY
    cache_mem 256 MB
    cache_swap_low 95
    cache_swap_high 98
    maximum_object_size 100 MB
    minimum_object_size 3 KB
    maximum_object_size_in_memory 20 KB
    ipcache_size 2048
    ipcache_low 90
    ipcache_high 95
    cache_dir ufs /var/spool/squid 15000 16 256
    cache_access_log /var/log/squid/access.log
    cache_log /var/log/squid/cache.log
    auth_param basic children 5
    auth_param basic realm Squid proxy-caching web server
    auth_param basic credentialsttl 2 hours
    auth_param basic casesensitive off
    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern . 0 20% 4320
    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl to_localhost dst 127.0.0.0/8
    acl SSL_ports port 443 563
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 563 # https, snews
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl CONNECT method CONNECT
    acl minharede src 192.168.254.0/24
    acl redepredio src 192.168.1.8/29
    acl redepredio2 src 192.168.1.16/29
    acl redepredio3 src 192.168.1.24/29
    acl redepredio4 src 192.168.1.32/29
    acl redepredio5 src 192.168.1.40/29
    acl redepredio6 src 192.168.1.48/29
    http_access allow manager localhost
    http_access deny manager
    # Deny requests to unknown ports
    http_access deny !Safe_ports
    # Deny CONNECT to other than SSL ports
    http_access deny CONNECT !SSL_ports
    http_access allow minharede
    http_access allow redepredio
    http_access allow redepredio2
    http_access allow redepredio3
    http_access allow redepredio4
    http_access allow redepredio5
    http_access allow redepredio6
    http_access allow localhost
    http_access deny all
    http_reply_access allow all
    # and finally allow by default
    http_reply_access allow all
    icp_access allow all
    cache_mgr root
    visible_hostname SERVIDOR-PROXY
    #Default:
    httpd_accel_port 80
    #Default:
    httpd_accel_host virtual
    #Default:
    httpd_accel_with_proxy on
    #Default:
    httpd_accel_uses_host_header on
    httpd_accel_no_pmtu_disc off



  3. Script do Firewall.....

    Firewall:

    #!/bin/sh
    ### Resetando todas as regras ###
    iptables -F
    iptables -Z
    iptables -X
    iptables -t nat -F
    iptables -F INPUT
    iptables -F FORWARD
    iptables -t nat -F PREROUTING
    iptables -t nat -F POSTROUTING
    iptables -P INPUT DROP
    iptables -P FORWARD DROP
    iptables -P OUTPUT ACCEPT
    ###############################################################################
    for spoofing in /proc/sys/net/ipv4/conf/*/rp_filter;do
    echo "1" > $spoofing
    done
    echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
    echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
    echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
    echo 1 > /proc/sys/net/ipv4/tcp_syncookies
    ### Carregar modulos ###
    modprobe iptable_filter
    modprobe iptable_mangle
    modprobe ip_conntrack
    modprobe ip_conntrack_ftp
    modprobe iptable_nat
    #modprobe ipt_LOG
    modprobe ipt_state
    modprobe ipt_MASQUERADE
    modprobe ip_nat_ftp
    modprobe ipt_mark
    modprobe ipt_MARK
    modprobe ipt_mac
    echo "1" > /proc/sys/net/ipv4/ip_forward
    echo "1" > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
    ### Liberando acesso do LocalHost ###
    iptables -A INPUT -i lo -j ACCEPT
    ### Otimizando o roteamento ###
    iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    ### Manutencao de conexoes ativas ###
    iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
    ### Liberando acessos externos ao Firewall ###
    iptables -A INPUT -p udp --dport 53 -i ppp0 -j ACCEPT
    ### Liberado o Ping Interno ao Firewall da rede 192.168.254.0 ###
    iptables -A INPUT -p icmp -s 0/0 -i eth0 -j ACCEPT
    ### Liberado o Ping Interno ao Firewall da rede 192.168.1.x ###
    #iptables -A INPUT -p icmp -s 0/0 -i eth2 -j ACCEPT
    ### Liberado o Ping Interno ao Firewall da rede 192.168.2.0###
    iptables -A INPUT -p icmp -s 0/0 -i eth1 -j ACCEPT
    ### Porta SSH do Firewall ###
    iptables -A INPUT -p tcp --dport 22 -i ppp0 -j ACCEPT
    ### Porta de acesso ao HTTP ###
    iptables -A INPUT -p tcp --dport 80 -i ppp0 -j ACCEPT
    ### Porta de acesso ao WEBMIN ###
    iptables -A INPUT -p tcp --dport 33000 -i ppp0 -j ACCEPT
    ### Bloqueio de Ping Externo ao Firewall ###
    iptables -A INPUT -p icmp -s 0/0 -i ppp0 -j DROP
    ### Bloquea acessos vindo de fora para o Proxy na porta 3128 ###
    iptables -A INPUT -p tcp -s 0/0 -i ppp0 --dport 3128 -j DROP
    ## Liberando acessos interno ao Firewall ###
    ### Porta para o SSH Interno ###
    iptables -A INPUT -p tcp -s 192.168.254.0/24 -i eth0 --dport 22 -j ACCEPT
    iptables -A INPUT -p tcp -s 192.168.2.0/24 -i eth1 --dport 22 -j ACCEPT
    ### Porta do proxy Transparente ###
    iptables -A INPUT -p tcp -s 192.168.254.0/24 -i eth0 --dport 3128 -j ACCEPT
    # SALA 303 #
    iptables -A INPUT -p tcp -s 192.168.1.8/29 -i eth2 --dport 3128 -j ACCEPT
    # COBERTURA #
    iptables -A INPUT -p tcp -s 192.168.1.16/29 -i eth2 --dport 3128 -j ACCEPT
    # SALA 402 #
    iptables -A INPUT -p tcp -s 192.168.1.24/29 -i eth2 --dport 3128 -j ACCEPT
    # SALA 404 #
    iptables -A INPUT -p tcp -s 192.168.1.32/29 -i eth2 --dport 3128 -j ACCEPT
    # SALA 401 #
    iptables -A INPUT -p tcp -s 192.168.1.40/29 -i eth2 --dport 3128 -j ACCEPT
    # SALA 403 #
    iptables -A INPUT -p tcp -s 192.168.1.48/29 -i eth2 --dport 3128 -j ACCEPT
    # SALA 301 #
    ### Pesquisa de DNS ###
    iptables -A INPUT -p tcp -s 192.168.254.0/24 -i eth0 --dport 53 -j ACCEPT
    iptables -A INPUT -p udp -s 192.168.254.0/24 -i eth0 --dport 53 -j ACCEPT
    # SALA 303 #
    iptables -A INPUT -p tcp -s 192.168.1.8/29 -i eth2 --dport 53 -j ACCEPT
    iptables -A INPUT -p udp -s 192.168.1.8/29 -i eth2 --dport 53 -j ACCEPT
    # COBERTURA #
    iptables -A INPUT -p tcp -s 192.168.1.16/29 -i eth2 --dport 53 -j ACCEPT
    iptables -A INPUT -p udp -s 192.168.1.16/29 -i eth2 --dport 53 -j ACCEPT
    # SALA 402 #
    iptables -A INPUT -p tcp -s 192.168.1.24/29 -i eth2 --dport 53 -j ACCEPT
    iptables -A INPUT -p udp -s 192.168.1.24/29 -i eth2 --dport 53 -j ACCEPT
    # SALA 404 #
    iptables -A INPUT -p tcp -s 192.168.1.32/29 -i eth2 --dport 53 -j ACCEPT
    iptables -A INPUT -p udp -s 192.168.1.32/29 -i eth2 --dport 53 -j ACCEPT
    # SALA 401 #
    iptables -A INPUT -p tcp -s 192.168.1.40/29 -i eth2 --dport 53 -j ACCEPT
    iptables -A INPUT -p udp -s 192.168.1.40/29 -i eth2 --dport 53 -j ACCEPT
    # SALA 403 #
    iptables -A INPUT -p tcp -s 192.168.1.48/29 -i eth2 --dport 53 -j ACCEPT
    iptables -A INPUT -p udp -s 192.168.1.48/29 -i eth2 --dport 53 -j ACCEPT
    ### HTTP ###
    iptables -A INPUT -p tcp -s 192.168.254.0/24 -i eth0 --dport 80 -j ACCEPT
    # SALA 303 #
    iptables -A INPUT -p tcp -s 192.168.1.8/29 -i eth2 --dport 80 -j ACCEPT
    # COBERTURA #
    iptables -A INPUT -p tcp -s 192.168.1.16/29 -i eth2 --dport 80 -j ACCEPT
    # SALA 402 #
    iptables -A INPUT -p tcp -s 192.168.1.24/29 -i eth2 --dport 80 -j ACCEPT
    # SALA 404 #
    iptables -A INPUT -p tcp -s 192.168.1.32/29 -i eth2 --dport 80 -j ACCEPT
    # SALA 401 #
    iptables -A INPUT -p tcp -s 192.168.1.40/29 -i eth2 --dport 80 -j ACCEPT
    # SALA 403 #
    iptables -A INPUT -p tcp -s 192.168.1.48/29 -i eth2 --dport 80 -j ACCEPT
    # SALA 301 #
    iptables -A INPUT -p tcp -s 192.168.4.0/29 -i eth2 --dport 80 -j ACCEPT
    ### Acesso da rede interna ao Firewall para utilizar o proxy ###
    iptables -A INPUT -s 192.168.254.0/24 -i eth0 -j ACCEPT
    # SALA 303 #
    iptables -A INPUT -s 192.168.1.8/29 -i eth2 -j ACCEPT
    # COBERTURA #
    iptables -A INPUT -s 192.168.1.16/29 -i eth2 -j ACCEPT
    # SALA 402 #
    iptables -A INPUT -s 192.168.1.24/29 -i eth2 -j ACCEPT
    # SALA 404 #
    iptables -A INPUT -s 192.168.1.32/29 -i eth2 -j ACCEPT
    # SALA 401 #
    iptables -A INPUT -s 192.168.1.40/29 -i eth2 -j ACCEPT
    # SALA 403 #
    iptables -A INPUT -s 192.168.1.48/29 -i eth2 -j ACCEPT
    # SALA 301 #
    iptables -A INPUT -s 192.168.4.0/29 -i eth2 -j ACCEPT

    ### SMTP ###
    iptables -A FORWARD -p tcp -s 192.168.254.0/24 --dport 25 -i eth0 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.254.0/24 --sport 25 -i ppp0 -o eth0 -j ACCEPT
    ### SMTP da SALA 301 ###
    iptables -A FORWARD -p tcp -s 192.168.4.0/29 --dport 25 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.4.0/29 --sport 25 -i ppp0 -o eth2 -j ACCEPT
    ### SMTP da SALA 303 ###
    iptables -A FORWARD -p tcp -s 192.168.1.8/29 --dport 25 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.1.8/29 --sport 25 -i ppp0 -o eth2 -j ACCEPT
    ### SMTP da COBERTURA ###
    iptables -A FORWARD -p tcp -s 192.168.1.16/29 --dport 25 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.1.16/29 --sport 25 -i ppp0 -o eth2 -j ACCEPT
    ### SMTP da SALA 402 ###
    iptables -A FORWARD -p tcp -s 192.168.1.24/29 --dport 25 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.1.24/29 --sport 25 -i ppp0 -o eth2 -j ACCEPT
    ### SMTP da SALA 404 ###
    iptables -A FORWARD -p tcp -s 192.168.1.32/29 --dport 25 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.1.32/29 --sport 25 -i ppp0 -o eth2 -j ACCEPT
    ### SMTP da SALA 401 ###
    iptables -A FORWARD -p tcp -s 192.168.1.40/29 --dport 25 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.1.40/29 --sport 25 -i ppp0 -o eth2 -j ACCEPT
    ### SMTP da SALA 403 ###
    iptables -A FORWARD -p tcp -s 192.168.1.48/29 --dport 25 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.1.48/29 --sport 25 -i ppp0 -o eth2 -j ACCEPT
    ### POP3 ###
    iptables -A FORWARD -p tcp -s 192.168.254.0/24 --dport 110 -i eth0 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.254.0/24 --sport 110 -i ppp0 -o eth0 -j ACCEPT
    ### POP3 da SALA 301 ###
    iptables -A FORWARD -p tcp -s 192.168.4.0/29 --dport 110 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.4.0/29 --sport 110 -i ppp0 -o eth2 -j ACCEPT
    ### POP3 da SALA 303 ###
    iptables -A FORWARD -p tcp -s 192.168.1.8/29 --dport 110 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.1.8/29 --sport 110 -i ppp0 -o eth2 -j ACCEPT
    ### POP3 da SALA COBERTURA ###
    iptables -A FORWARD -p tcp -s 192.168.1.16/29 --dport 110 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.1.16/29 --sport 110 -i ppp0 -o eth2 -j ACCEPT
    ### POP3 da SALA 402 ###
    iptables -A FORWARD -p tcp -s 192.168.1.24/29 --dport 110 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.1.24/29 --sport 110 -i ppp0 -o eth2 -j ACCEPT
    ### POP3 da SALA 404 ###
    iptables -A FORWARD -p tcp -s 192.168.1.32/29 --dport 110 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.1.32/29 --sport 110 -i ppp0 -o eth2 -j ACCEPT
    ### POP3 da SALA 401 ###
    iptables -A FORWARD -p tcp -s 192.168.1.40/29 --dport 110 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.1.40/29 --sport 110 -i ppp0 -o eth2 -j ACCEPT
    ### POP3 da SALA 403 ###
    iptables -A FORWARD -p tcp -s 192.168.1.48/29 --dport 110 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.1.48/29 --sport 110 -i ppp0 -o eth2 -j ACCEPT
    ### IMAP ###
    iptables -A FORWARD -p tcp -s 192.168.254.0/24 --dport 143 -i eth0 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.254.0/24 --sport 143 -i ppp0 -o eth0 -j ACCEPT
    ### IMAP da SALA 301 ###
    iptables -A FORWARD -p tcp -s 192.168.4.0/29 --dport 143 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.4.0/29 --sport 143 -i ppp0 -o eth2 -j ACCEPT
    ### IMAP da SALA 303 ###
    iptables -A FORWARD -p tcp -s 192.168.1.8/29 --dport 143 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.1.8/29 --sport 143 -i ppp0 -o eth2 -j ACCEPT
    ### IMAP da COBERTURA ###
    iptables -A FORWARD -p tcp -s 192.168.1.16/29 --dport 143 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.1.16/29 --sport 143 -i ppp0 -o eth2 -j ACCEPT
    ### IMAP da SALA 402 ###
    iptables -A FORWARD -p tcp -s 192.168.1.24/29 --dport 143 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.1.24/29 --sport 143 -i ppp0 -o eth2 -j ACCEPT
    ### IMAP da SALA 404 ###
    iptables -A FORWARD -p tcp -s 192.168.1.32/29 --dport 143 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.1.32/29 --sport 143 -i ppp0 -o eth2 -j ACCEPT
    ### IMAP da SALA 401 ###
    iptables -A FORWARD -p tcp -s 192.168.1.40/29 --dport 143 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.1.40/29 --sport 143 -i ppp0 -o eth2 -j ACCEPT
    ### IMAP da SALA 403 ###
    iptables -A FORWARD -p tcp -s 192.168.1.48/29 --dport 143 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.1.48/29 --sport 143 -i ppp0 -o eth2 -j ACCEPT
    ### HTTP seguro ###
    iptables -A FORWARD -p tcp -s 192.168.254.0/24 --dport 443 -i eth0 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.254.0/24 --sport 443 -i ppp0 -o eth0 -j ACCEPT
    ### HTTP seguro da SALA 301 ###
    iptables -A FORWARD -p tcp -s 192.168.4.0/29 --dport 443 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.4.0/29 --sport 443 -i ppp0 -o eth2 -j ACCEPT
    ### HTTP seguro da SALA 303 ###
    iptables -A FORWARD -p tcp -s 192.168.1.8/29 --dport 443 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.1.8/29 --sport 443 -i ppp0 -o eth2 -j ACCEPT
    ### HTTP seguro da COBERTURA ###
    iptables -A FORWARD -p tcp -s 192.168.1.16/29 --dport 443 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.1.16/29 --sport 443 -i ppp0 -o eth2 -j ACCEPT
    ### HTTP seguro da SALA 402 ###
    iptables -A FORWARD -p tcp -s 192.168.1.24/29 --dport 443 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.1.24/29 --sport 443 -i ppp0 -o eth2 -j ACCEPT
    ### HTTP seguro da SALA 404 ###
    iptables -A FORWARD -p tcp -s 192.168.1.32/29 --dport 443 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.1.32/29 --sport 443 -i ppp0 -o eth2 -j ACCEPT
    ### HTTP seguro da SALA 401 ###
    iptables -A FORWARD -p tcp -s 192.168.1.40/29 --dport 443 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.1.40/29 --sport 443 -i ppp0 -o eth2 -j ACCEPT
    ### HTTP seguro da SALA 403 ###
    iptables -A FORWARD -p tcp -s 192.168.1.48/29 --dport 443 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.1.48/29 --sport 443 -i ppp0 -o eth2 -j ACCEPT
    ### Acesso ao FTP ###
    iptables -A FORWARD -p tcp -s 192.168.254.0/24 --dport 20:21 -i eth0 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.254.0/24 --sport 20:21 -i ppp0 -o eth0 -j ACCEPT
    ### FTP Rede da SALA 301 ###
    iptables -A FORWARD -p tcp -s 192.168.4.0/29 --dport 20:21 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.4.0/29 --sport 20:21 -i ppp0 -o eth2 -j ACCEPT
    ### FTP Rede da SALA 303 ###
    iptables -A FORWARD -p tcp -s 192.168.1.8/29 --dport 20:21 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.1.8/29 --sport 20:21 -i ppp0 -o eth2 -j ACCEPT
    ### FTP Rede da COBERTURA ###
    iptables -A FORWARD -p tcp -s 192.168.1.16/29 --dport 20:21 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.1.16/29 --sport 20:21 -i ppp0 -o eth2 -j ACCEPT
    ### FTP Rede da SALA 402 ###
    iptables -A FORWARD -p tcp -s 192.168.1.24/29 --dport 20:21 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.1.24/29 --sport 20:21 -i ppp0 -o eth2 -j ACCEPT
    ### FTP Rede da SALA 404 ###
    iptables -A FORWARD -p tcp -s 192.168.1.32/29 --dport 20:21 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.1.32/29 --sport 20:21 -i ppp0 -o eth2 -j ACCEPT
    ### FTP Rede da SALA 401 ###
    iptables -A FORWARD -p tcp -s 192.168.1.40/29 --dport 20:21 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.1.40/29 --sport 20:21 -i ppp0 -o eth2 -j ACCEPT
    ### FTP Rede da SALA 403 ###
    iptables -A FORWARD -p tcp -s 192.168.1.48/29 --dport 20:21 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p tcp -d 192.168.1.48/29 --sport 20:21 -i ppp0 -o eth2 -j ACCEPT
    ### Pesquisa de DNS ###
    iptables -A FORWARD -p udp -s 192.168.254.0/24 --dport 53 -i eth0 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p udp -d 192.168.254.0/24 --sport 53 -i ppp0 -o eth0 -j ACCEPT
    ### Rede Predial SALA 301 ###
    iptables -A FORWARD -p udp -s 192.168.4.0/29 --dport 53 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p udp -d 192.168.4.0/29 --sport 53 -i ppp0 -o eth2 -j ACCEPT
    ### Rede Predial SALA 303 ###
    iptables -A FORWARD -p udp -s 192.168.1.8/29 --dport 53 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p udp -d 192.168.1.8/29 --sport 53 -i ppp0 -o eth2 -j ACCEPT
    ### Rede Predial COBERTURA ###
    iptables -A FORWARD -p udp -s 192.168.1.16/29 --dport 53 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p udp -d 192.168.1.16/29 --sport 53 -i ppp0 -o eth2 -j ACCEPT
    ### Rede Predial SALA 402 ###
    iptables -A FORWARD -p udp -s 192.168.1.24/29 --dport 53 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p udp -d 192.168.1.24/29 --sport 53 -i ppp0 -o eth2 -j ACCEPT
    ### Rede Predial SALA 404 ###
    iptables -A FORWARD -p udp -s 192.168.1.32/29 --dport 53 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p udp -d 192.168.1.32/29 --sport 53 -i ppp0 -o eth2 -j ACCEPT
    ### Rede Predial SALA 401 ###
    iptables -A FORWARD -p udp -s 192.168.1.40/29 --dport 53 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p udp -d 192.168.1.40/29 --sport 53 -i ppp0 -o eth2 -j ACCEPT
    ### Rede Predial SALA 403 ###
    iptables -A FORWARD -p udp -s 192.168.1.48/29 --dport 53 -i eth2 -o ppp0 -j ACCEPT
    iptables -A FORWARD -p udp -d 192.168.1.48/29 --sport 53 -i ppp0 -o eth2 -j ACCEPT

    iptables -A FORWARD -p icmp --icmp-type 0 -j ACCEPT
    iptables -A FORWARD -p icmp --icmp-type echo-request -j ACCEPT
    iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
    ### Regras de NAT, mascaramento ###
    iptables -t nat -A POSTROUTING -s 192.168.254.0/24 -o ppp0 -j MASQUERADE
    # SALA 301 #
    iptables -t nat -A POSTROUTING -s 192.168.4.0/29 -o ppp0 -j MASQUERADE
    # SALA 303 #
    iptables -t nat -A POSTROUTING -s 192.168.1.8/29 -o ppp0 -j MASQUERADE
    # COBERTURA #
    iptables -t nat -A POSTROUTING -s 192.168.1.16/29 -o ppp0 -j MASQUERADE
    # SALA 402 #
    iptables -t nat -A POSTROUTING -s 192.168.1.24/29 -o ppp0 -j MASQUERADE
    # SALA 404 #
    iptables -t nat -A POSTROUTING -s 192.168.1.32/29 -o ppp0 -j MASQUERADE
    # SALA 401 #
    iptables -t nat -A POSTROUTING -s 192.168.1.40/29 -o ppp0 -j MASQUERADE
    # SALA 403 #
    iptables -t nat -A POSTROUTING -s 192.168.1.48/29 -o ppp0 -j MASQUERADE
    ### Redirecionando todo o trafego da porta 80 para o Proxy ###
    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -d! 200.201.174.207/32 -j REDIRECT --to-port 3128
    iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -d! 200.201.174.207/32 -j REDIRECT --to-port 3128

  4. Script do Bandlimit....

    Bandlimit:
    #!/bin/bash

    ##############################################################################
    # UnderLinux BandLimit v0.4 #
    # ============================================ #
    # #
    # Copyright (c) 2003 by Marcus Maciel(ScOrP|On) scorpion@under-linux.org #
    # https://under-linux.org #
    # #
    # This program is free software. You can redistribute it and/or modify #
    # it under the terms of the GNU General Public License as published by #
    # the Free Software Foundation; either version 2 of the License. #
    ##############################################################################


    #ChangeLog v0.4
    # Descobre o path dos binários usando which (by Eri Ramos Bastos erirb at xtms.com.br)
    # transforma stop e start em funções (by Eri Ramos Bastos erirb at xtms.com.br)
    # cria uma função de instalação (by Eri Ramos Bastos erirb at xtms.com.br)
    # cria um menu "init-like" (start|stop|restart|install) (by Eri Ramos Bastos erirb at xtms.com.br)
    # verifica sempre se o sistema está instalado antes de executá-lo (by Eri Ramos Bastos erirb at xtms.com.br)
    # permite maior modularização (by Eri Ramos Bastos erirb at xtms.com.br)
    # resolvido problema de nao utilizacao do modulo de compartilhamento


    #ChangeLog v0.3
    #adicionado compartilhamento de Link

    #ChangeLog v0.2
    #
    #Adicionado opcao para PATH de executaveis


    # Dependencias
    # Ipchains ou Iptables , iproute2 , modulos do kernel de CBQ QoS e compania... hehehe
    # Iptables: necessita de iptable_mangle e ipt_MARK
    # Ipchains: nenhuma

    ##################
    #INSTALACAO
    # crie o diretorio bandlimit dentro do seu /etc
    ##mkdir /etc/bandlimit
    # dentro deste diretorio crie os arquivos ips e interfaces
    ##touch /etc/bandlimit/ips
    ##touch /etc/bandlimit/interfaces
    # depois edite o ips e o interfaces
    # colocando dentro do ips
    # os ips que vc deseja limitar 1 por linha no seguinte formato
    # ip:ratein:rateout ex: 10.0.1.2:97:33
    # e no interfaces as interfaces que vc usa na sua maquina
    # no formato ethx ex: eth0
    # 1 por linha tambem ))
    #
    # Para rodar coloque o script dentro do seu rc.local
    # Para remover as regras digite rc.bandlimit stop
    #
    ##################

    #Checa se o usuario eh root
    if [ $(whoami) != root ]
    then
    echo "Voce nao e root"
    exit 1
    fi

    # Instalacao do sistema

    ##finstall(){
    #verifica a existencia do destino
    ##if [ -d /etc/bandlimit ]
    ##then
    ## echo "Sistema ja instalado."
    ##else
    ## mkdir /etc/bandlimit
    ## INST_IP=0
    #Loop para configuracao de IPs
    ## echo "Configurando IPs. Digite fim na configuracao de IP para terminar"
    ## while [ $INST_IP != fim ]
    ## do
    ## read -p "Entre com IP: " INST_IP
    ## if [ $INST_IP = "fim" ]
    ## then
    ## break
    ## fi
    ## read -p "Entre com Rate-IN: " INST_RATE_IN
    ## read -p "Entre com Rate-OUT: " INST_RATE_OUT
    ## echo "$INST_IP:$INST_RATE_IN:$INST_RATE_OUT" >> /etc/bandlimit/ips
    ## done
    ## INST_INT=0
    #Loop para configuracao de Interfaces
    ## echo "Configurando Interfaces. Digite fim para terminar"
    ## while [ $INST_INT != "fim" ]
    ## do
    ## read -p "Entre com Interface: " INST_INT
    ## if [ $INST_INT = "fim" ]
    ## then
    ## break
    ## fi
    ## echo $INST_INT >> /etc/bandlimit/interfaces
    ## done
    ##fi
    #}

    #PATH para os executaveis
    #Devem ser descobertos automaticamente

    IPTABLES=`which iptables`
    TC=`which tc`
    ##IPCHAINS=`which ipchains`
    GREP=`which grep`
    CUT=`which cut`
    EXPR=`which expr`

    ####
    # IMPORTANTE!!!! USAMOS OS COMANDO
    iptables -F -t mangle
    # ipchains -F input
    # ipchains -F output
    # Isso fara com que se voce tem alguma regra no seu mangle no iptables
    # ou alguma regra no input ou output no seu ipchains esta regra sera apagada
    # Para que voce nao perca suas regras de Firewall do iptables/ipchains
    # Caso use alguma coisa no mangle do iptables ou alguma coisa no input/output
    # no ipchains sete seu script de regras abaixo abaixo
    #Lembrando que usamos o mangle apartir do mark 2 e este vai gerando um mark novo
    #ate acabar seus ips ou seja se voce fizer pra 250 ips o ultimo mark sera o 252
    #Caso use o Mark tente comecar apartir do 1000 para evitar Marks Iguais
    #script=/path/seuscript.sh
    script=/etc/frw

    ##########################################################################################################
    #Inicio da Configuracao



    comum()
    {
    #Arquivos de Configuracao
    ips=/etc/bandlimit/ips
    #ips2=/etc/bandlimit/ips2
    interfaces=/etc/bandlimit/interfaces

    ##########################################################
    # Opcao de instalacao e remocao
    #########################################################

    ######################################
    #Este arquivo e para compartilhar Link
    #Ou seja se voce quer que mais de 1 ip use o mesmo link
    #coloque os "Filhos" dentro deste arquivo
    #e lembre-se os filhos nao podem estar dentro do arquivo ips
    #o formato do compartilhamento e o seguinte:
    #
    #ippai:ipfilho1:ipfilho2:0
    #
    #Ou seja:
    #
    #10.0.1.2:10.0.1.3:10.0.1.4:0
    #
    #lembre-se de terminar sempre com o :0
    #caso contrario ele vai entrar num looping infinito )

    compartilha=/etc/bandlimit/compartilha
    #compartilha=inexistente
    #########################

    #Firewall's Suportados ipchains e Iptables # Padrao IPTABLES
    #firewall=ipchains
    firewall=iptables
    ###################################


    #############
    # Interfaces
    redelocal=eth2
    #redelocal2=eth0
    redelocal2=inexistente
    internet=ppp0
    #############



    #Fim da configuracao
    ##########################################################################################################
    #ifacenum=0

    ###Contando o numero de Interaces####
    ## alterei aqui
    #for iface in `cat $interfaces`
    #do
    # ifacenum=`$EXPR $ifacenum + 1`
    #done


    if [ $firewall == "iptables" ]
    then
    modprobe iptable_mangle
    modprobe ipt_MARK
    fi

    } #fim do comum

    #inicio do markador
    mark=2

    #Stop e Start colocados dentro de funcoes

    fstop(){
    comum
    echo "Removendo Regras"
    for iface in `cat $interfaces`
    do
    $TC qdisc del dev $iface root
    done
    if [ $firewall == "iptables" ]
    then
    ## $IPTABLES -F -t mangle
    if [ $script != "0" ]
    then
    $script
    fi
    else
    $IPCHAINS -F input
    $IPCHAINS -F output
    if [ $script != "0" ]
    then
    $script
    fi
    fi
    }



    fstart(){
    comum
    #Limpar Regras antes de rodar o script )
    $IPTABLES -F -t mangle
    if [ $firewall == "iptables" ]
    then
    $IPTABLES -F -t mangle
    if [ $script != "0" ]
    then
    $script
    fi

    else
    $IPCHAINS -F input
    $IPCHAINS -F output
    if [ $script != "0" ]
    then
    $script
    fi

    fi


    #adicionado interfaces
    for iface in `cat $interfaces`
    do
    $TC qdisc del dev $iface root
    $TC qdisc add dev $iface root handle 1 cbq bandwidth 10Mbit avpkt 1000 cell 8
    $TC class change dev $iface root cbq weight 1Mbit allot 1514
    done

    ####


    for ip in `cat $ips`
    do
    ratein=`echo $ip | $CUT -d ":" -f 2`
    rateout=`echo $ip | $CUT -d ":" -f 3`
    ip=`echo $ip | $CUT -d ":" -f 1`



    #conteudo da variavel var
    var=2
    compartip=1

    #entrada
    $TC class add dev $redelocal parent 1: classid 1:$mark cbq bandwidth 10Mbit rate "$ratein"Kbit weight `$EXPR $ratein / 10`Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded
    $TC qdisc add dev $redelocal parent 1:$mark handle $mark sfq perturb 10
    $TC filter add dev $redelocal parent 1:0 protocol ip prio 200 handle $mark fw classid 1:$mark
    if [ $firewall == "iptables" ]
    then
    $IPTABLES -t mangle -A POSTROUTING -d $ip -j MARK --set-mark $mark
    if [ $compartilha != "inexistente" ]
    then
    if [ `$GREP $ip $compartilha | $CUT -d ":" -f 1` == $ip ]
    then
    while [ $compartip != "0" ]
    do
    compartip=`$GREP $ip $compartilha | $CUT -d ":" -f $var`
    $IPTABLES -t mangle -A POSTROUTING -d $compartip -j MARK --set-mark $mark
    var=`$EXPR $var + 1`
    compartip=`$GREP $ip $compartilha | $CUT -d ":" -f $var`
    done
    fi
    fi

    else
    $IPCHAINS -A output -d $ip --mark $mark
    if [ $compartilha != "inexistente" ]
    then
    if [ `$GREP $ip $compartilha | $CUT -d ":" -f 1` == $ip ]
    then
    while [ $compartip != "0" ]
    do
    compartip=`$GREP $ip $compartilha | $CUT -d ":" -f $var`
    $IPCHAINS -A output -d $compartip --mark $mark
    var=`$EXPR $var + 1`
    compartip=`$GREP $ip $compartilha | $CUT -d ":" -f $var`
    done
    fi
    fi
    fi


    #conteudo da variavel var
    var=2
    compartip=1

    #Saida
    $TC class add dev $internet parent 1: classid 1:$mark cbq bandwidth 10Mbit rate "$rateout"Kbit weight `$EXPR $rateout / 10`Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded
    $TC qdisc add dev $internet parent 1:$mark handle $mark sfq perturb 10
    $TC filter add dev $internet parent 1:0 protocol ip prio 200 handle $mark fw classid 1:$mark
    if [ $firewall == "iptables" ]
    then
    $IPTABLES -t mangle -A FORWARD -s $ip -j MARK --set-mark $mark
    if [ $compartilha != "inexistente" ]
    then
    if [ `$GREP $ip $compartilha | $CUT -d ":" -f 1` == $ip ]
    then
    while [ $compartip != "0" ]
    do
    compartip=`$GREP $ip $compartilha | $CUT -d ":" -f $var`
    $IPTABLES -t mangle -A FORWARD -s $compartip -j MARK --set-mark $mark
    var=`$EXPR $var + 1`
    compartip=`$GREP $ip $compartilha | $CUT -d ":" -f $var`
    done
    fi
    fi
    else
    $IPCHAINS -A input -s $ip --mark $mark
    if [ $compartilha != "inexistente" ]
    then
    if [ `$GREP $ip $compartilha | $CUT -d ":" -f 1` == $ip ]
    then
    while [ $compartip != "0" ]
    do
    compartip=`$GREP $ip $compartilha | $CUT -d ":" -f $var`
    $IPCHAINS -A input -s $compartip --mark $mark
    var=`$EXPR $var + 1`
    compartip=`$GREP $ip $compartilha | $CUT -d ":" -f $var`
    done
    fi
    fi
    fi
    #################################################################
    mark=`$EXPR $mark + 1`
    done

    if [ $redelocal2 != "inexistente" ]
    then
    for ip in `cat $ips2`
    do
    ratein=`echo $ip | $CUT -d ":" -f 2`
    rateout=`echo $ip | $CUT -d ":" -f 3`
    ip=`echo $ip | $CUT -d ":" -f 1`

    #conteudo da variavel var
    var=2
    compartip=1

    #entrada
    $TC class add dev $redelocal2 parent 1: classid 1:$mark cbq bandwidth 10Mbit rate "$ratein"Kbit weight `$EXPR $rateout / 10`Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded
    $TC qdisc add dev $redelocal2 parent 1:$mark handle $mark sfq perturb 10
    $TC filter add dev $redelocal2 parent 1:0 protocol ip prio 200 handle $mark fw classid 1:$mark
    if [ $firewall == "iptables" ]
    then
    $IPTABLES -t mangle -A POSTROUTING -d $ip -j MARK --set-mark $mark
    if [ $compartilha != "inexistente" ]
    then
    if [ `$GREP $ip $compartilha | $CUT -d ":" -f 1` == $ip ]
    then
    while [ $compartip != "0" ]
    do
    compartip=`$GREP $ip $compartilha | $CUT -d ":" -f $var`
    $IPTABLES -t mangle -A POSTROUTING -d $compartip -j MARK --set-mark $mark
    var=`$EXPR $var + 1`
    compartip=`$GREP $ip $compartilha | $CUT -d ":" -f $var`
    done
    fi
    fi
    else
    $IPCHAINS -A output -d $ip --mark $mark
    if [ $compartilha != "inexistente" ]
    then
    if [ `$GREP $ip $compartilha | $CUT -d ":" -f 1` == $ip ]
    then
    while [ $compartip != "0" ]
    do
    compartip=`$GREP $ip $compartilha | $CUT -d ":" -f $var`
    $IPCHAINS -A output -d $compartip --mark $mark
    var=`$EXPR $var + 1`
    compartip=`$GREP $ip $compartilha | $CUT -d ":" -f $var`
    done
    fi
    fi
    fi


    #conteudo da variavel var
    var=2
    compartip=1

    #Saida
    $TC class add dev $internet parent 1: classid 1:$mark cbq bandwidth 10Mbit rate "$rateout"Kbit weight `$EXPR $rateout / 10`Kbit prio 5 allot 1514 cell 8 maxburst 20 avpkt 1000 bounded
    $TC qdisc add dev $internet parent 1:$mark handle $mark sfq perturb 10
    $TC filter add dev $internet parent 1:0 protocol ip prio 200 handle $mark fw classid 1:$mark
    if [ $firewall == "iptables" ]
    then
    $IPTABLES -t mangle -A FORWARD -s $ip -j MARK --set-mark $mark
    if [ $compartilha != "inexistente" ]
    then
    if [ `$GREP $ip $compartilha | $CUT -d ":" -f 1` == $ip ]
    then
    while [ $compartip != "0" ]
    do
    compartip=`$GREP $ip $compartilha | $CUT -d ":" -f $var`
    $IPTABLES -t mangle -A FORWARD -s $compartip -j MARK --set-mark $mark
    var=`$EXPR $var + 1`
    compartip=`$GREP $ip $compartilha | $CUT -d ":" -f $var`
    done
    fi
    fi
    else
    $IPCHAINS -A input -s $ip --mark $mark
    if [ $compartilha != "inexistente" ]
    then
    if [ `$GREP $ip $compartilha | $CUT -d ":" -f 1` == $ip ]
    then
    while [ $compartip != "0" ]
    do
    compartip=`$GREP $ip $compartilha | $CUT -d ":" -f $var`
    $IPCHAINS -A input -s $compartip --mark $mark
    var=`$EXPR $var + 1`
    compartip=`$GREP $ip $compartilha | $CUT -d ":" -f $var`
    done
    fi
    fi
    fi
    #################################################################
    mark=`$EXPR $mark + 1`
    done
    fi

    }


    ##
    # Aqui rodamos as opcoes
    # Mais amigavel e modular usando estrutura case
    #
    ##
    case $1 in

    stop)
    if [ -d /etc/bandlimit ]
    then
    fstop
    else
    echo "Sistema nao instalado"
    exit 1
    fi
    ;;

    start)
    if [ -d /etc/bandlimit ]
    then
    fstart
    else
    echo "Sistema nao instalado"
    exit 1
    fi
    ;;
    restart)
    if [ -d /etc/bandlimit ]
    then
    $0 stop
    $0 start
    else
    echo "Sistema nao instalado"
    exit 1
    fi
    ;;
    install)
    finstall
    ;;
    *)
    echo "Uso: $0 (stop|start|restart|install)"
    ;;
    esac






Tópicos Similares

  1. Hotspot com cache pode ser?
    Por tata100 no fórum Redes
    Respostas: 3
    Último Post: 30-11-2006, 12:12
  2. Bandlimit com Erros
    Por marcelo@icenet.com.br no fórum Servidores de Rede
    Respostas: 3
    Último Post: 15-04-2005, 10:23
  3. Problemas com Cache no Apache 2.0.40
    Por demiurgo no fórum Servidores de Rede
    Respostas: 13
    Último Post: 01-04-2005, 12:40
  4. Squid com cache cheio.
    Por Renato17 no fórum Servidores de Rede
    Respostas: 5
    Último Post: 12-01-2005, 07:18
  5. PROBLEMAS COM CACHE
    Por Jorge Gouveia no fórum Servidores de Rede
    Respostas: 2
    Último Post: 29-04-2004, 10:44

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L