Добрый день всем
Столкнулся с проблемой необхоимо сделать ограничение скорости интернет для пользователей
Делаю через pipe freebsd 9.2
Проверяю через iftop показывает что качает на полной скорости. Пробавл и после и перед diver ставить не помогает. Синтаксис как в мане вродебы. набрел на тему у чела такая же проблема так и не решили (
Посмотрите может кто что заметит
rc.conf
sshd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="NO"
#rusconsole
keymap="ru.koi8-r"
font8x8="cp866-8x8"
font8x14="cp866-8x14"
font8x16="cp866b-8x16"
scrnmap="koi8-r2cp866"
cursor="destructive"
#
gateway_enable="YES"
natd_enable="YES"
natd_interface="em0"
natd_flags="-dynamic -m"
named_enable="YES"
firewall_enable="YES"
#firewall_type="open"
firewall_script="/etc/firewall.conf"
firewall_logging="YES"
dummynet_enable="YES"
#
squid_enable="YES"
clear_tmp_enable="YES"
rinetd_enable="YES"
proftpd_enable="YES"
firewall.conf
!/bin/sh
cmd="ipfw -q add"
skip="skipto 500"
pif="em0"
ks="keep-state"
good_tcpo="21,22,23,25,37,43,53,80,443,110,3389"
goodip202="10.180.xx.0/24{139,119,20,132,136,157,159,16,161,181,194,21,228,230,
natdip="10.180.xx.0/24{99,119,159,16,47,181}"
natdicmp="10.180.xx.0/24{20,159,16,47,181,95,99}"
down1024="10.180.xx.0/24{47}"
up512="10.180.xx.0/24{47}"
ipfw -q -f flush
ipfw -f pipe flush
#
################################################################################
$cmd 100 allow all from $goodip202 to any via xl0
$cmd 110 allow all from any to any via lo0
$cmd 111 allow tcp from xxx.info to me 3390 in via $pif setup $ks
$cmd 111 allow tcp from xxx.com to me 3389 in via $pif setup $ks
$cmd 111 allow tcp from xxxx.com to me 1433 in via $pif setup $ks
#
#NAT IN
$cmd 200 divert natd ip from any to any in via $pif
$cmd 210 check-state
#limit
################################################################################
ipfw add 220 pipe 1 ip from any to $1024 out via xl0 #download
ipfw add 230 pipe 2 ip from $512 to any in via xl0 #up
ipfw pipe 1 config bw 256Kbit/s
ipfw pipe 2 config bw 256Kbit/s
################################################################################
#out
################################################################################
#dns for LAN
$cmd 300 $skip udp from any to any 53 out via $pif $ks
$cmd 310 $skip tcp from any to any 53 out via $pif setup $ks
#DNS for Server
$cmd 300 allow udp from any to any 53 out via $pif $ks
$cmd 310 allow tcp from any to any 53 out via $pif setup $ks
#internet for LAN
$cmd 320 $skip tcp from $natdip to any $good_tcpo out via $pif setup $ks
#icmp for lan
$cmd 330 $skip icmp from $natdicmp to any out via $pif $is
#Internet for SERVER
$cmd 340 allow icmp from xxxxxx to any out via $pif $ks
$cmd 340 allow all from me to any out via $pif setup $ks
###############################################################################
################################################################################
#dns for LAN
$cmd 300 $skip udp from any to any 53 out via $pif $ks
$cmd 310 $skip tcp from any to any 53 out via $pif setup $ks
#DNS for Server
$cmd 300 allow udp from any to any 53 out via $pif $ks
$cmd 310 allow tcp from any to any 53 out via $pif setup $ks
#internet for LAN
$cmd 320 $skip tcp from $natdip to any $good_tcpo out via $pif setup $ks
#icmp for lan
$cmd 330 $skip icmp from $natdicmp to any out via $pif $ks
#Internet for SERVER
$cmd 340 allow icmp from xxxxxxxx to any out via $pif $ks
$cmd 340 allow all from me to any out via $pif setup $ks
###############################################################################
#in
################################################################################
#ping na server
$cmd 400 allow icmp from any to xxxxxxxxx in via $pif limit src-addr 2
#ssh in
$cmd 410 allow tcp from any to me 22 in via $pif setup limit src-addr 2
#ftp in
$cmd 420 allow tcp from any to me 21 in via $pif setup
$cmd 430 allow tcp from me 20 to any out via $pif setup
#Passive ftp
#$cmd 451 allow tcp from any to any 49152-65534 in via $pif setup #randomports
#
$cmd 499 deny log all from any to any
#NAT OUT
$cmd 500 divert natd ip from any to any out via $pif
$cmd 510 allow ip from any to any
# ipfw show
00100 5244 2811582 allow ip from 10.180.xxx.0/24{16,20,21,37,47,69,76,78,95,99,119,132,136,139,157,159,161,181,194,228,230,239,246} to any via xl0
00110 0 0 allow ip from any to any via lo0
00111 1519 750014 allow tcp from 77.34.88.205 to me dst-port 3390 in via em0 setup keep-state
00111 0 0 allow tcp from 77.35.157.150 to me dst-port 3389 in via em0 setup keep-state
00111 0 0 allow tcp from 77.35.157.150 to me dst-port 1433 in via em0 setup keep-state
00200 1106 92861 divert 8668 ip from any to any in via em0
00210 0 0 check-state
00220 0 0 pipe 1 ip from any to 0.0.0.20 out via xl0
00230 0 0 pipe 2 ip from 0.0.0.12 to any in via xl0
00300 94 16366 skipto 500 udp from any to any dst-port 53 out via em0 keep-state
00300 0 0 allow udp from any to any dst-port 53 out via em0 keep-state
00310 0 0 skipto 500 tcp from any to any dst-port 53 out via em0 setup keep-state
00310 0 0 allow tcp from any to any dst-port 53 out via em0 setup keep-state
00320 514 80255 skipto 500 tcp from 10.180.xxx.0/24{16,47,99,119,159,181} to any dst-port 21,22,23,25,37,43,53,80,443,110,3389 out via em0 setup keep-state
00330 2442 146520 skipto 500 icmp from 10.180.xxx.0/24{16,20,47,95,99,159,181} to any out via em0 keep-state
00340 0 0 allow icmp from xxxxxxx to any out via em0 keep-state
00340 2507 1950437 allow ip from me to any out via em0 setup keep-state
00400 0 0 allow icmp from any to xxxxxxx in via em0 limit src-addr 2
00410 915 160356 allow tcp from any to me dst-port 22 in via em0 setup limit src-addr 2
00420 0 0 allow tcp from any to me dst-port 21 in via em0 setup
00430 0 0 allow tcp from me 20 to any out via em0 setup
00499 11896 1073981 deny log logamount 100 ip from any to any
00500 1036 76469 divert 8668 ip from any to any out via em0
00510 3050 243141 allow ip from any to any
00999 0 0 deny log logamount 100 ip from any to any
65535 34 2862 allow ip from any to any
ipfw pipe show
00001: 256.000 Kbit/s 0 ms burst 0
q131073 50 sl. 0 flows (1 buckets) sched 65537 weight 0 lmax 0 pri 0 droptail
sched 65537 type FIFO flags 0x0 0 buckets 0 active
00002: 256.000 Kbit/s 0 ms burst 0
q131074 50 sl. 0 flows (1 buckets) sched 65538 weight 0 lmax 0 pri 0 droptail
sched 65538 type FIFO flags 0x0 0 buckets 0 active
Вариант для распечатки
(ok) on 16-Апр-14, 20:22 
