liverar + banda para ftp interno ??

**LEE337** · 05-03-2006, 07:39

tenho servidor FreeBSD com limitador de banda por mac address, coloquei serviço de ftp para dispor algums arquivos para clientes, só q os clientes nao estao disposto baixar do ftp se der mesma velocidade de internet, entao precisso modificar a regra no firewall para q se baixar de ftp interno q pelo menos seja dobro da velocidade, só q nao estou conseguindo.

aqui se der ipfw show:
00100 712 85302 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
00400 343 40169 deny ip from any to any dst-port 137-139
00500 0 0 deny ip from any 137-139 to any
00600 0 0 deny ip from any to any dst-port 445
00700 0 0 deny ip from any 445 to any
00800 256324 140412829 divert 8668 ip from any to any via fxp0
00900 0 0 deny ip from any to any MAC any 00:cc:dd:aa:33:88
01000 0 0 deny ip from any to any MAC 00:cc:dd:aa:33:88 any
02100 0 0 pipe 3 ip from any to any MAC any 00:00:22:77:11:55 in
02200 0 0 pipe 4 ip from any to any MAC 00:00:22:77:11:55 any out
02300 0 0 skipto 65000 ip from any to any MAC any 00:00:22:77:11:55
02400 0 0 skipto 65000 ip from any to any MAC 00:00:22:77:11:55 any
64000 0 0 deny log ip from any to any layer2 in via fxp1
64100 4500 523060 allow tcp from me to any dst-port 80
64200 1884 222804 fwd 127.0.0.1,3128 tcp from any to any dst-port 80 in via fxp1
65000 994284 555164701 allow ip from any to any
65535 6 378 allow ip from any to any

tentei adicionar esta regra neste servidor e nao tive resultado:
ipfw pipe 1 config bw 800Kbits/s
ipfw add pipe 1 src-port 20-21
ipfw pipe 2 config bw 10Mbits/s
ipfw add pipe 2 dst-port 20-21

aqui a regra de firewall:
setup_loopback

${fwcmd} add deny ip from any to any 137-139
${fwcmd} add deny ip from any 137-139 to any
${fwcmd} add deny ip from any to any 445
${fwcmd} add deny ip from any 445 to any

# Pipes
pin=3
pout=4

# NAT para os IP's falsos
${fwcmd} add divert natd all from any to any via ${natd_interface}

# Bloqueios de MAC's
if [ -f /etc/limiter/lock.conf ]; then
. /etc/limiter/lock.conf
fi

# Regras para limitar por MAC e pular para regra 65000 (allow ip from any to any)
if [ -f /etc/limiter/mac.conf ]; then
. /etc/limiter/mac.conf
fi
# Bloqueia todos MAC address (tem que estar listado no mac.conf para navegar)
${fwcmd} add 64000 deny log ip from any to any layer2 in via fxp1

# PROXY TRANSPARENTE
${fwcmd} add allow tcp from me to any 80
${fwcmd} add fwd 127.0.0.1,3128 tcp from any to any 80 in via fxp1

# Permite todo o resto
${fwcmd} add 65000 pass all from any to any

aqui mac.conf:
${fwcmd} pipe $pin config bw 56Kbits/s
${fwcmd} pipe $pout config bw 110Kbits/s
${fwcmd} add pipe $pin all from any to any MAC any 00:00:22:77:11:55 in
${fwcmd} add pipe $pout all from any to any MAC 00:00:22:77:11:55 any out
${fwcmd} add skipto 65000 all from any to any MAC any 00:00:22:77:11:55
${fwcmd} add skipto 65000 all from any to any MAC 000:00:22:77:11:55 any
pin=$(($pin + 2))
pout=$(($pout + 2))

Lee

liverar + banda para ftp interno ??

Ferramentas de Tópicos

liverar + banda para ftp interno ??