Servidor FreeBSD Lento

coolburn_br · 13-12-2006, 18:12

Ola pessoal. Tenho um servidor P4 3.2 Ghz / 1Gb RAM / 2 HD SATA um de 80GB para o sistema e outro de 160GB para cache/squid e Duas placas 3Com.
Tenho um link dedicado telefonica de 1MB e estou usando FreeBSD 6.1.
O problema é q a navegação esta muito lenta e quando eu pingo para o gt do servidor os tempo são de 2000 ms / 3000 ms. Segue abaixoa configuração do meu pf.conf se alguem puder me dar algumas dicas ou até mesmo melhorar a configuração eu agradeço muito. Se alguem precisar de mais alguma informação eu posto aqui.

Agradeço desde ja toda e qualquer ajuda.

PF.CONF
###############################################################
# CONFIGURACAO DAS PLACAS DE REDE
###############################################################
ext_if="xl0"
int_if="xl1"
ip_rede="192.168.0.0/16"

miguel="192.168.2.253"
teste3="192.168.1.253"
marco="192.168.3.253"
irmaomiguel="192.168.4.253"
atendimento="192.168.5.253"
aguinaldo="192.168.6.253"
harumi="192.168.7.253"
adeval="192.168.8.253"
everson="192.168.9.253"
fabio="192.168.10.253"

PING = "echoreq"
TCP_IN = "{ 53, 22, 80, 3456, ssh, ftp, 20, 21, 443 }"
UDP_IN = "{ 53, 67, 80, 20, 21 }"

TCP_OUT = "{ 53, 22, 80, 20, 21, ftp, 443, http, ntp, 8080, 5999 }"
UDP_OUT = "{ 53, 67, 80, 20, 21, domain, ntp }"

server1="127.0.0.1"
server2="192.168.253.171"

###############################################################
# NORMALIZANDO OS PACOTES
###############################################################
set timeout { tcp.first 60 tcp.opening 15 tcp.established 86400 \
tcp.closing 300 tcp.finwait 15 tcp.closed 15 }
set timeout { udp.first 30 udp.single 15 udp.multiple 30 }
set timeout { icmp.first 10 icmp.error 5 }
set timeout { other.first 30 other.single 15 other.multiple 30 }
set timeout { frag 30 interval 10 }
set limit { states 50000 frags 25000 }
set optimization aggressive
set loginterface $ext_if
set loginterface $int_if
set block-policy return
set require-order yes
scrub all fragment reassemble random-id no-df

###############################################################
# CONTROLE DE UPLOAD E DOWNLOAD
###############################################################
altq on $int_if cbq bandwidth 2048Kb queue { d_32 d_64 d_128 d_256 d_512 }
altq on $ext_if cbq bandwidth 2048Kb queue { up_32 up_64 up_128 up_256 }
queue up_32 bandwidth 32Kb cbq(default)
queue up_64 bandwidth 64Kb priority 4
queue up_128 bandwidth 128Kb priority 4
queue up_256 bandwidth 256Kb priority 4
queue d_32 bandwidth 32Kb cbq(default)
queue d_64 bandwidth 64Kb priority 4
queue d_128 bandwidth 128Kb priority 4
queue d_256 bandwidth 256Kb priority 4
queue d_512 bandwidth 512Kb priority 4

###############################################################
# FAZENDO NAT
###############################################################
nat on $ext_if from $ip_rede to any -> $ext_if

###############################################################
# REDIRECIONAMENTO
###############################################################
rdr on $ext_if proto tcp from any to any port 8080 -> $server2 port 8080
rdr on $int_if proto tcp from any to any port 21 -> $server1 port 8021
rdr on $ext_if proto tcp from any to any port 6667 -> $server2 port 6667
rdr on $ext_if proto tcp from any to any port 6891 -> $server2 port 6891
rdr on $ext_if proto tcp from any to any port 6893 -> $server2 port 6893
rdr on $ext_if proto tcp from any to any port 6900 -> $server2 port 6900
rdr on $ext_if proto tcp from any to any port 5900 -> $server2 port 5900
rdr on $ext_if proto tcp from any to any port 1213 -> $server2 port 1213
rdr on $ext_if proto tcp from any to any port 1214 -> $server2 port 1214
rdr on $ext_if proto tcp from any to any port 1832 -> $server2 port 1832
rdr on $ext_if proto tcp from any to any port 3094 -> $server2 port 3094
rdr on $ext_if proto tcp from any to any port 3622 -> $server2 port 3622
rdr on $ext_if proto udp from any to any port 1213 -> $server2 port 1213
rdr on $ext_if proto udp from any to any port 1214 -> $server2 port 1214
rdr on $ext_if proto udp from any to any port 1832 -> $server2 port 1832
rdr on $ext_if proto udp from any to any port 3094 -> $server2 port 3094
rdr on $ext_if proto udp from any to any port 3622 -> $server2 port 3622
#rdr on $int_if proto tcp from any to any port 80 -> $server1 port 3128
#rdr on $int_if proto udp from any to any port 80 -> $server1 port 3128

# blockeando tudo por default
block in log on $int_if all
block out log on $int_if all

# bloqueando spoof
antispoof for { $ext_if } inet

# bloqueando scanners
block drop in quick on { $ext_if } from any os { NMAP }

# bloqueando trafego ipv6
block log quick inet6

#Liberando loopback
pass quick on lo0 all

# liberando ping/traceroute
pass out log on $ext_if inet proto icmp all icmp-type 8 code 0 keep state
pass in log on $ext_if inet proto icmp all icmp-type 8 code 0 keep state

# Liberando portas
#INCOMING
#TCP
pass in quick on $ext_if inet proto tcp from any to $ext_if port $TCP_IN \
flags S/SA keep state
#UDP
#pass in quick on $ext_if inet proto udp from any to $ext_if port $UDP_IN \
keep state
#PING
pass in quick on $ext_if inet proto icmp from any to $ext_if icmp-type $PING \
keep state

pass in on $ext_if inet proto { tcp udp } from any to any port 22
pass in on $ext_if inet proto { tcp udp } from any to any port 21
pass in on $ext_if inet proto { tcp udp } from any to any port 20
pass in on $ext_if inet proto { tcp udp } from any to any port 25
pass in on $ext_if inet proto { tcp udp } from any to any port 53
pass in on $ext_if inet proto { tcp udp } from any to any port 80
pass in on $ext_if inet proto { tcp udp } from any to any port 443
pass in on $ext_if inet proto { tcp udp } from any to any port 110
pass in on $ext_if inet proto { tcp udp } from any to any port 8080
pass in on $ext_if inet proto { tcp udp } from any to any port 6667
pass in on $ext_if inet proto { tcp udp } from any to any port 6891
pass in on $ext_if inet proto { tcp udp } from any to any port 6893
pass in on $ext_if inet proto { tcp udp } from any to any port 6900
pass in on $ext_if inet proto { tcp udp } from any to any port 1213
pass in on $ext_if inet proto { tcp udp } from any to any port 1214
pass in on $ext_if inet proto { tcp udp } from any to any port 1832
pass in on $ext_if inet proto { tcp udp } from any to any port 3094
pass in on $ext_if inet proto { tcp udp } from any to any port 3622
pass in on $ext_if inet proto { tcp udp } from any to any port 2216
pass in on $ext_if inet proto tcp from port 20 to $ext_if \
user proxy flags S/SA keep state

#OUTGOING
#EXTERNAL INTERFACE

#TCP
pass out quick on $ext_if inet proto tcp from $ext_if to any port $TCP_OUT \
flags S/SA keep state

#UDP
pass out quick on $ext_if inet proto udp from $ext_if to any port $UDP_OUT \
keep state

#ICMP
pass out quick on $ext_if inet proto icmp from $ext_if to any icmp-type $PING \
keep state

# Liberando acesso
###############################################################
# CONTROLE DE DOWNLOAD
###############################################################
pass out log on $int_if from any to $teste3 queue d_64
pass out log on $int_if from any to $miguel queue d_64
pass out log on $int_if from any to $marco queue d_64
pass out log on $int_if from any to $irmaomiguel queue d_64
pass out log on $int_if from any to $atendimento queue d_64
pass out log on $int_if from any to $aguinaldo queue d_64
pass out log on $int_if from any to $harumi queue d_64
pass out log on $int_if from any to $adeval queue d_64
pass out log on $int_if from any to $everson queue d_64
pass out log on $int_if from any to $fabio queue d_128

###############################################################
# CONTROLE DE UPLOAD
###############################################################
pass in log on $int_if from $teste3 to any queue up_32
pass in log on $int_if from $miguel to any queue up_32
pass in log on $int_if from $marco to any queue up_32
pass in log on $int_if from $irmaomiguel to any queue up_32
pass in log on $int_if from $atendimento to any queue up_32
pass in log on $int_if from $aguinaldo to any queue up_32
pass in log on $int_if from $harumi to any queue up_32
pass in log on $int_if from $adeval to any queue up_32
pass in log on $int_if from $everson to any queue up_32
pass in log on $int_if from $fabio to any queue up_64

coolburn_br · 16-12-2006, 00:58

O que esta acontecendo na verdade é que quando eu tenho uns 10 clientes navegando simultaneamente no servidor ele fica lento demais. os pings para o servidor sobem para 2000ms. Alguem sabem o q pode ser? Eu estou usando FreeBSD 6.1 / Squid / NATD e Apache p/ MRTG.

Alguem sabe me dizer o q pode esta causando essa lentidão?
Se é firewall / squid / natd ou apache mal configurado?
Se alguem puder me ajudar em agradeço.

**etherlinkii** · 16-02-2007, 20:12

acho que seria melhor vc tira o controle de banda do pf+altq e usa o ipfw+dummynet
porque o pf+altq come muita memoria.. tenho um servidor com 100 host usando ipfw+dummynet tranquilamente..pf+altq so Qos.

**GrayFox** · 20-02-2007, 21:26

Nao tem cara de ser problema nos recursos do servidor em si, tem cara de ser configuracao do QoS OU a rede nao está legal.

**etherlinkii** · 22-02-2007, 15:26

Poder ser...ou ate mesmo a placa rede ou porta do hub que pode esta com problemas acho que ele nem testou tambem.

**CEP** · 23-02-2007, 22:15

Ja tive problemas semelhantes ao seu com servidores FreeBSD e depois de ralar muito descobrir que meu problema era Hub. Resolvi o problema trocando todos os hubs por switch 3Com. Fica a dica.

Servidor FreeBSD Lento

Ferramentas de Tópicos

Servidor FreeBSD Lento

Lentidão

Servidor lento.

Servidor lento