Re: Problemas HTB

To: "Reinaldo Carvalho" <reinaldoc@gmail.com>, leandro@leandromoreira.eti.br, "Lista Debian" <debian-user-portuguese@lists.debian.org>
Subject: Re: Problemas HTB
From: "Diogo Borsoi" <diogoborsoi@yahoo.com.br>
Date: Thu, 14 Sep 2006 09:52:09 -0300
Message-id: <[🔎] 54fedc8b0609140552u9db18c6rbe1c7a72dab8ea5a@mail.gmail.com>
Reply-to: diogoborsoi@yahoo.com.br
In-reply-to: <4a5881460609131725r75e17b3ah7df01a6f94896d98@mail.gmail.com>
References: <[🔎] 54fedc8b0609131212q25c3242fl59bcb230beee2c60@mail.gmail.com> <4a5881460609131725r75e17b3ah7df01a6f94896d98@mail.gmail.com>

Caros estou mandando em anexo minhas conf's de firewall e qos (HTB), e
estarei lendo as dicas dos amigos.

Grato

2006/9/13, Reinaldo Carvalho <reinaldoc@gmail.com>:

Você não pode fazer controle de upload caso esteja fazendo Nat no Netfilter.
http://www.nautilus.com.br/~rei/artigo-tcc.pdf

Os pings podem estar subindo por causa da suas proprias regras,
mande-as para dar uma olhada.


On 9/13/06, Diogo Borsoi <diogoborsoi@yahoo.com.br> wrote:
> Caros estou com um problemao, é o seguinte qdo eu ativo o htb a rede
> fica lenta inclusive o server, os pings sobem demais, eu desativo o
> htb os pings voltam ao normal e td fica bem, e digo mais, qdo eu
> desativo a classe DEFAULT de "upload" (eth0 -- WAN) os pings ficam
> bons tbm, notei q nao estou conseguindo controlar upload :( , alg
> saberia me dizer o q pode ser?
>
> --
> Att.
> Diogo Borsoi
>
>


--
Reinaldo Carvalho
Debian Sarge 3.1 - Linux User: #238310
Prodepa - rei@prodepa.gov.br



--
Att.
Diogo Borsoi

#!/bin/sh
#
# by Diogo Borsoi - www.deepinformatica.com.br
#

IPTABLES=/usr/local/sbin/iptables
INT_IF=eth1
EXT_IF=eth0
LOCAL_NETWORK=10.201.201.0/24
WAN=200.x.x.x.x

# É assumido um sistema usando kmod para carga automática dos módulos usados por
# esta configuração do firewall:
# ipt_filter
# ipt_nat
# ipt_conntrack
# ipt_mangle
# ipt_TOS
# ipt_MASQUERADE
# ipt_LOG

# Se você tem um kernel modularizado que não utiliza o kmod, será necessário
# carregar estes módulos via modprobe, insmod ou iptables --modprobe=modulo

# Limpa regras
$IPTABLES -F
$IPTABLES -X
$IPTABLES -Z
$IPTABLES -t nat -F
$IPTABLES -t nat -X
$IPTABLES -t nat -Z
$IPTABLES -t mangle -F
$IPTABLES -t mangle -X
$IPTABLES -t mangle -Z

##### Definição de Policiamento #####
echo 'Loading chains...'

# Tabela filter
$IPTABLES -t filter -P INPUT DROP
$IPTABLES -t filter -P OUTPUT ACCEPT
$IPTABLES -t filter -P FORWARD DROP

# Tabela nat
$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t nat -P OUTPUT ACCEPT
$IPTABLES -t nat -P POSTROUTING DROP

# Tabela mangle
$IPTABLES -t mangle -P PREROUTING ACCEPT
$IPTABLES -t mangle -P OUTPUT ACCEPT


##### Proteção contra IP Spoofing #####
for i in /proc/sys/net/ipv4/conf/*/rp_filter; do
  echo 1 >$i
 done

##### Proteção contra Syncookies #####
if [ -e /proc/sys/net/ipv4/tcp_syncookies ]
  then
  echo 1 > /proc/sys/net/ipv4/tcp_syncookies
fi

##### Ativamos o redirecionamento de pacotes (requerido para NAT) #####
echo "1" > /proc/sys/net/ipv4/ip_forward

#echo "8192" > /proc/sys/net/ipv4/ip_conntrack_max


###############################################################
#                      Tabela filter                          #
###############################################################

##### Chain INPUT #####
# Criamos um chain que será usado para tratar o tráfego vindo da Rede Interna e outra Internet
$IPTABLES -N local-input
$IPTABLES -N eth0-input

# Aceita todo o tráfego vindo do loopback e indo pro loopback
$IPTABLES -A INPUT -i lo -j ACCEPT

# Todo tráfego vindo da rede interna também é aceito
#$IPTABLES -A INPUT -i $INT_IF -j ACCEPT

# Conexões vindas da interface $INT_IF são tratadas pelo chain local-input
$IPTABLES -A INPUT -s $LOCAL_NETWORK -i $INT_IF -j local-input

# Conexões vindas da interface $EXT_IF são tratadas pelo chain eth0-input
$IPTABLES -A INPUT -i $EXT_IF -j eth0-input

# Permite conexão com o DHCPD vindo somente da $INT_IF
$IPTABLES -A INPUT -p tcp -i $INT_IF --dport 67:68 -j ACCEPT
$IPTABLES -A INPUT -p udp -i $INT_IF --dport 67:68 -j ACCEPT

# Qualquer outra conexão desconhecida é imediatamente registrada e derrubada
$IPTABLES -A INPUT -j LOG --log-prefix "FIREWALL: INPUT "
$IPTABLES -A INPUT -j DROP


##### Chain FORWARD ####
# Permite redirecionamento de conexões entre as interfaces locais
# especificadas abaixo. Qualquer tráfego vindo/indo para outras
# interfaces será bloqueado neste passo

### Controle de ip por lista
#for i in $(cat /etc/rc.d/clientes.fw);do $IPTABLES -A FORWARD -d $i -i $EXT_IF -o $INT_IF -j ACCEPT;done
#for i in $(cat /etc/rc.d/clientes.fw);do $IPTABLES -A FORWARD -s $i -i $INT_IF -o $EXT_IF -j ACCEPT;done

### Regra de bloqueio de portas ###
$IPTABLES -A FORWARD -p tcp -s 10.201.201.128 --dport 3662:6672 -i $INT_IF -o $EXT_IF -j DROP
$IPTABLES -A FORWARD -p udp -s 10.201.201.128 --dport 3662:6672 -i $INT_IF -o $EXT_IF -j DROP

### Script que atrela IP ao MAC Address ###
/etc/rc.d/clientes.fw

$IPTABLES -A FORWARD -d $LOCAL_NETWORK -i $EXT_IF -o $INT_IF -j ACCEPT
#$IPTABLES -A FORWARD -s $LOCAL_NETWORK -i $INT_IF -o $EXT_IF -j ACCEPT
$IPTABLES -A FORWARD -j LOG --log-prefix "FIREWALL: FORWARD "
$IPTABLES -A FORWARD -j DROP


##### Chain local-input ####
# Aceitamos todas as mensagens icmp vindas de $INT_IF com certa limitação
# O tráfego de pacotes icmp que superar este limite será bloqueado
# pela regra "...! ESTABLISHED,RELATED -j DROP" no final do
# chain local-input
# Trata todo o tráfego vindo da $LOCAL_NETWORK na $INT_IF e bloqueia o que não estiver
# expressamente descrito.

$IPTABLES -A local-input -p icmp -m limit --limit 2/s -j ACCEPT

# Primeiro aceitamos o tráfego vindo da Rede Interna com destino aos serviços abaixo

# www
$IPTABLES -A local-input -p tcp --dport 80 -j ACCEPT

# ssh
$IPTABLES -A local-input -p tcp --dport 2222 -j ACCEPT

# Permite conexão com o DNS (Bind)  somente a rede interna
$IPTABLES -A local-input -p tcp --dport 53 -j ACCEPT
$IPTABLES -A local-input -p udp --dport 53 -j ACCEPT

# Bloqueia qualquer tentativa de nova conexão da rede interna para esta máquina
$IPTABLES -A local-input -m state --state ! ESTABLISHED,RELATED -j LOG --log-prefix "FIREWALL: local-in "
$IPTABLES -A local-input -m state --state ! ESTABLISHED,RELATED -j DROP

#$IPTABLES -A local-input -j DROP
$IPTABLES -A local-input -j ACCEPT


##### Chain eth0-input ####
# Aceitamos todas as mensagens icmp vindas de $EXT_IF com certa limitação
# O tráfego de pacotes icmp que superar este limite será bloqueado
# pela regra "...! ESTABLISHED,RELATED -j DROP" no final do
# chain eth0-input
#
$IPTABLES -A eth0-input -p icmp -m limit --limit 2/s -j ACCEPT

# Primeiro aceitamos o tráfego vindo da Internet com destino aos serviços abaixo
# www
#$IPTABLES -A eth0-input -p tcp --dport 8888 -j ACCEPT

# ssh
$IPTABLES -A eth0-input -p tcp --dport 2222 -j ACCEPT

# ftp
#$IPTABLES -A eth0-input -p tcp --dport 21 -j ACCEPT

# A tentativa de acesso externo a estes serviços serão registrados no syslog
# do sistema e serão bloqueados pela última regra abaixo.
$IPTABLES -A eth0-input -p tcp --dport 21 -j LOG --log-prefix "FIREWALL: ftp "
$IPTABLES -A eth0-input -p tcp --dport 25 -j LOG --log-prefix "FIREWALL: smtp "
$IPTABLES -A eth0-input -p udp --dport 53 -j LOG --log-prefix "FIREWALL: dns "
$IPTABLES -A eth0-input -p tcp --dport 110 -j LOG --log-prefix "FIREWALL: pop3 "
$IPTABLES -A eth0-input -p tcp --dport 113 -j LOG --log-prefix "FIREWALL: identd "
$IPTABLES -A eth0-input -p udp --dport 111 -j LOG --log-prefix "FIREWALL: rpc"
$IPTABLES -A eth0-input -p tcp --dport 111 -j LOG --log-prefix "FIREWALL: rpc"
$IPTABLES -A eth0-input -p tcp --dport 137:139 -j LOG --log-prefix "FIREWALL: samba "
$IPTABLES -A eth0-input -p udp --dport 137:139 -j LOG --log-prefix "FIREWALL: samba "

# Bloqueia qualquer tentativa de nova conexão de fora para esta máquina
$IPTABLES -A eth0-input -m state --state ! ESTABLISHED,RELATED -j LOG --log-prefix "FIREWALL: eth0-in "
$IPTABLES -A eth0-input -m state --state ! ESTABLISHED,RELATED -j DROP

$IPTABLES -A eth0-input -j ACCEPT


#######################################################
#                   Tabela nat                        #
#######################################################

##### Chain PREROUTING #####
#$IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 2121 -j DNAT --to 10.201.201.2:2121
#$IPTABLES -A FORWARD -p tcp -d 10.201.201.2 --dport 2121 -j ACCEPT

$IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 8181 -i $EXT_IF -j DNAT --to 10.201.201.194:80
$IPTABLES -A FORWARD -p tcp -d 10.201.201.194 --dport 80 -i $EXT_IF -o $INT_IF -j ACCEPT

$IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 9180 -i $EXT_IF -j DNAT --to 10.201.201.5:9180
$IPTABLES -A FORWARD -p tcp -d 10.201.201.5 --dport 9180 -i $EXT_IF -o $INT_IF -j ACCEPT

$IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 9080 -i $EXT_IF -j DNAT --to 10.201.201.5:9080
$IPTABLES -A FORWARD -p tcp -d 10.201.201.5 --dport 80 -i $EXT_IF -o $INT_IF -j ACCEPT

$IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 5900 -i $EXT_IF -j DNAT --to 10.201.201.2:5900
$IPTABLES -A FORWARD -p tcp -d 10.201.201.2 --dport 5900 -i $EXT_IF -j ACCEPT

$IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 2121 -i $EXT_IF -j DNAT --to 10.201.201.2:2121
$IPTABLES -A FORWARD -p tcp -d 10.201.201.2 --dport 2121 -i $EXT_IF -o $INT_IF -j ACCEPT

$IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 8080 -i $EXT_IF -j DNAT --to 10.201.201.106:8080
$IPTABLES -A FORWARD -p tcp -d 10.201.201.106 --dport 8080 -i $EXT_IF -o $INT_IF -j ACCEPT

$IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 22 -i $EXT_IF -j DNAT --to 10.201.201.106:22
$IPTABLES -A FORWARD -p tcp -d 10.201.201.106 --dport 22 -i $EXT_IF -o $INT_IF -j ACCEPT

$IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 4044 -i $EXT_IF -j DNAT --to 10.201.201.106:4044
$IPTABLES -A FORWARD -p tcp -d 10.201.201.106 --dport 4044 -i $EXT_IF -o $INT_IF -j ACCEPT

$IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 5800 -i $EXT_IF -j DNAT --to 10.201.201.131:5800
$IPTABLES -A FORWARD -p tcp -d 10.201.201.131 --dport 5800 -i $EXT_IF -o $INT_IF -j ACCEPT

$IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 5901 -i $EXT_IF -j DNAT --to 10.201.201.131:5901
$IPTABLES -A FORWARD -p tcp -d 10.201.201.131 --dport 5901 -i $EXT_IF -o $INT_IF -j ACCEPT

$IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 80 -i $EXT_IF -j DNAT --to 10.201.201.132:80
$IPTABLES -A FORWARD -p tcp -d 10.201.201.132 --dport 80 -i $EXT_IF -o $INT_IF -j ACCEPT

$IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 9090 -i $EXT_IF -j DNAT --to 10.201.201.132:9090
$IPTABLES -A FORWARD -p tcp -d 10.201.201.132 --dport 9090 -i $EXT_IF -o $INT_IF -j ACCEPT

$IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 1433 -i $EXT_IF -j DNAT --to 10.201.201.132:1433
$IPTABLES -A FORWARD -p tcp -d 10.201.201.132 --dport 1433 -i $EXT_IF -o $INT_IF -j ACCEPT

$IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 3389 -i $EXT_IF -j DNAT --to 10.201.201.132:3389
$IPTABLES -A FORWARD -p tcp -d 10.201.201.132 --dport 3389 -i $EXT_IF -o $INT_IF -j ACCEPT

$IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 2000 -i $EXT_IF -j DNAT --to 10.201.201.132:2000
$IPTABLES -A FORWARD -p tcp -d 10.201.201.132 --dport 2000 -i $EXT_IF -o $INT_IF -j ACCEPT

$IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 1422 -i $EXT_IF -j DNAT --to 10.201.201.132:1422
$IPTABLES -A FORWARD -p tcp -d 10.201.201.132 --dport 1422 -i $EXT_IF -o $INT_IF -j ACCEPT

$IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 5900 -i $EXT_IF -j DNAT --to 10.201.201.132:5900
$IPTABLES -A FORWARD -p tcp -d 10.201.201.132 --dport 5900 -i $EXT_IF -o $INT_IF -j ACCEPT

$IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 4672 -i $EXT_IF -j DNAT --to 10.201.201.145:4672
$IPTABLES -A FORWARD -p tcp -d 10.201.201.145 --dport 4672 -i $EXT_IF -o $INT_IF -j ACCEPT

$IPTABLES -t nat -A PREROUTING -p tcp -d $WAN --dport 4662 -i $EXT_IF -j DNAT --to 10.201.201.145:4662
$IPTABLES -A FORWARD -p tcp -d 10.201.201.145 --dport 4662 -i $EXT_IF -o $INT_IF -j ACCEPT

##### Chain POSTROUTING #####
# Permite qualquer conexão vinda com destino a lo e rede local para eth1
$IPTABLES -t nat -A POSTROUTING -o lo -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -s $LOCAL_NETWORK -o $INT_IF -j ACCEPT

# É feito masquerading dos outros serviços da rede interna indo para a interface $EXT_IF
# todas as portas
#$IPTABLES -t nat -A POSTROUTING -s $LOCAL_NETWORK -j MASQUERADE
#$IPTABLES -t nat -A POSTROUTING -s $LOCAL_NETWORK -o $EXT_IF -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -s $LOCAL_NETWORK -o $EXT_IF -j SNAT --to $WAN

# Qualquer outra origem de tráfego desconhecida indo para $INT_IF (conexões vindas
# de $EXT_IF) são bloqueadas aqui
$IPTABLES -t nat -A POSTROUTING -o $EXT_IF -d $LOCAL_NETWORK -j LOG --log-prefix "FIREWALL: SNAT unknown"
#$IPTABLES -t nat -A POSTROUTING -o $EXT_IF -d $LOCAL_NETWORK -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -o $EXT_IF -d $LOCAL_NETWORK -j DROP

# Libera o MASQUERADE E PREROUTING
$IPTABLES -t nat -A POSTROUTING -o $EXT_IF -j ACCEPT
$IPTABLES -t nat -A POSTROUTING -d $LOCAL_NETWORK -o $INT_IF -j ACCEPT

# Registra e bloqueia qualquer outro tipo de tráfego desconhecido
$IPTABLES -t nat -A POSTROUTING -j LOG --log-prefix "FIREWALL: SNAT "
$IPTABLES -t nat -A POSTROUTING -j DROP

###############################################
#                Tabela mangle                #
###############################################

##### Chain OUTPUT #####
# Define mínimo de espera para os serviços ftp, telnet, irc e DNS, isto
# dará uma melhor sensação de conexão em tempo real e diminuirá o tempo
# de espera para conexões que requerem resolução de nomes.
$IPTABLES -t mangle -A OUTPUT -o $EXT_IF -p tcp --dport 21 -j TOS --set-tos 0x10
$IPTABLES -t mangle -A OUTPUT -o $EXT_IF -p tcp --dport 23 -j TOS --set-tos 0x10
$IPTABLES -t mangle -A OUTPUT -o $EXT_IF -p tcp --dport 6665:6668 -j TOS --set-tos 0x10
$IPTABLES -t mangle -A OUTPUT -o $EXT_IF -p udp --dport 53 -j TOS --set-tos 0x10

echo 'Firewall started!!'

# Arquivo de configuracao do sistema de controle de Banda via HTB
#
# Diogo Borsoi - 26/06/2006 (DEEP INFORMATICA)
#
###########################################################################
#
# o default 30 significa q todo trafego nao especificado vai para a classe 1:30
#
# Upload (WAN)
tc qdisc del dev eth0 root handle 1: htb default 30 r2q 1
tc qdisc add dev eth0 root handle 1: htb default 30 r2q 1

# Download (LAN)
tc qdisc del dev eth1 root handle 2: htb default 30 r2q 1
tc qdisc add dev eth1 root handle 2: htb default 30 r2q 1

#
#
# Alocar 2000 kbit / ceil= 3000Kbit para banda garantida = BG
#        1000 kbit / ceil= 3000Kbit para banda compartilhada = BC

# cria a classe raiz 1:1 com taxa de 500Kbit
tc class add dev eth0 parent 1: classid 1:1 htb rate 504kbit ceil 504kbit
tc class add dev eth1 parent 2: classid 2:1 htb rate 504kbit ceil 504kbit
#tc class add dev eth0 parent 1: classid 1:1 htb rate 1024kbit ceil 1024kbit
#tc class add dev eth1 parent 2: classid 2:1 htb rate 1024kbit ceil 1024kbit

# cria a classe BG = 1:10 filha de 1:1 com taxa de 490Kbit ceil 500Kbit
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 480kbit ceil 504kbit
tc class add dev eth1 parent 2:1 classid 2:10 htb rate 480kbit ceil 504kbit
#tc class add dev eth0 parent 1:1 classid 1:10 htb rate 480kbit ceil 1024kbit
#tc class add dev eth1 parent 2:1 classid 2:10 htb rate 480kbit ceil 1024kbit

# cria a classe BC = 1:20 filha de 1:1 com taxa de 200Kbit ceil 3000Kbit
##tc class add dev eth0 parent 1:1 classid 1:20 htb rate 200kbit ceil 2000kbit
##tc class add dev eth1 parent 2:1 classid 2:20 htb rate 200kbit ceil 2000kbit

# cria a classe DEFAULT = 1:30 filha de 1:1 com taxa de 100Kbit ceil 100Kbit
tc class add dev eth0 parent 1:1 classid 1:30 htb rate 128kbit ceil 480kbit
tc class add dev eth1 parent 2:1 classid 2:30 htb rate 16kbit ceil 64kbit

echo "criadas classes fundamentais"

#################################################################################
#
#                    * * * BANDA    G A R A N T I D A * * *
#
# Aqui estao todas as classes de banda garantida filhas de
#
# BGU = 1:10   <--- Banda Garantida Upload  : vai pra internet
# BGD = 2:10   <--- Banda Garantida Download: vem da internet
#
#-----------------------------------------------------------------------------
# Nota :
# Para a classe BANDA GARANTIDA - BGU e BGD :
#   Criar uma classe filha para cada cliente com a velocidade contratada
#   BGU somente usar "src, sport"
#   BGD somente usar "dst, dport"
################################################################################
# definicao de macros :
#

CLU="tc class add dev eth0 parent 1:10 classid"
CLD="tc class add dev eth1 parent 2:10 classid"
BGU="tc filter add dev eth0 protocol ip prio 1 parent 1:0 u32 match ip src"
BGD="tc filter add dev eth1 protocol ip prio 1 parent 2:0 u32 match ip dst"

BWG8="htb rate 8kbit ceil 8kbit"
BWG8_32="htb rate 8kbit ceil 32kbit"
BWG8_64="htb rate 8kbit ceil 64kbit"
BWG8_96="htb rate 8kbit ceil 96kbit"

BWG16="htb rate 16kbit ceil 16kbit"
BWG16_96="htb rate 16kbit ceil 96kbit"
BWG16_128="htb rate 16kbit ceil 128kbit"
BWG16_256="htb rate 16kbit ceil 256kbit"

BWG32="htb rate 32kbit ceil 32kbit"
BWG32_64="htb rate 32kbit ceil 64kbit"
BWG32_96="htb rate 32kbit ceil 96kbit"
BWG32_128="htb rate 32kbit ceil 128kbit"
BWG32_200="htb rate 32kbit ceil 200kbit"

BWG64="htb rate 64kbit ceil 64kbit"
BWG64_128="htb rate 64kbit ceil 128kbit"
BWG64_200="htb rate 64kbit ceil 200kbit"

BWG96="htb rate 96kbit ceil 96kbit"
BWG96_200="htb rate 96kbit ceil 200kbit"
BWG96_304="htb rate 96kbit ceil 304kbit"
BWG96_512="htb rate 96kbit ceil 512kbit"

BWG128="htb rate 128kbit ceil 128kbit"
BWG128_200="htb rate 128kbit ceil 200kbit"
BWG128_256="htb rate 128kbit ceil 256kbit"
BWG128_384="htb rate 128kbit ceil 384kbit"
BWG128_512="htb rate 128kbit ceil 512kbit"

BWG192="htb rate 192kbit ceil 192kbit"
BWG192_512="htb rate 192kbit ceil 512kbit"

BWG200="htb rate 200kbit ceil 200kbit"

BWG256="htb rate 256kbit ceil 256kbit"
BWG256_304="htb rate 256kbit ceil 304kbit"
BWG256_512="htb rate 256kbit ceil 512kbit"

BWG304="htb rate 304kbit ceil 304kbit"

BWG384="htb rate 384kbit ceil 384kbit"
BWG384_512="htb rate 384kbit ceil 512kbit"

BWG512="htb rate 512kbit ceil 512kbit"
BWG512_640="htb rate 512kbit ceil 640kbit"
BWG512_768="htb rate 512kbit ceil 768kbit"
BWG512_1024="htb rate 512kbit ceil 1024kbit"

BWG768="htb rate 768kbit ceil 768kbit"
BWG768_1024="htb rate 768kbit ceil 1024kbit"

BWG1024="htb rate 1000kbit ceil 1000kbit"

BWG1250="htb rate 1250kbit ceil 1250kbit"

BWG3000="htb rate 3096kbit ceil 3096kbit"

EQUAL_UP="tc qdisc add dev eth0 parent"

EQUAL_DOWN="tc qdisc add dev eth1 parent"

#------------------------------------------------------------------------------
# ARTE GRILL = 200Kbit
#------------------------------------------------------------------------------
$CLU 1:101 $BWG16_96
$CLD 2:101 $BWG16_128
$BGU 10.201.201.105 flowid 1:101
$BGD 10.201.201.105 flowid 2:101

$EQUAL_UP 1:101 handle 101: sfq perturb 10
$EQUAL_DOWN 2:101 handle 101: sfq perturb 10

#------------------------------------------------------------------------------
# BEBELO = 200Kbit
#------------------------------------------------------------------------------
$CLU 1:102 $BWG16_96
$CLD 2:102 $BWG16_128
$BGU 10.201.201.108 flowid 1:102
$BGD 10.201.201.108 flowid 2:102

$EQUAL_UP 1:102 handle 102: sfq perturb 10
$EQUAL_DOWN 2:102 handle 102: sfq perturb 10

#------------------------------------------------------------------------------
# EMAX 002 = 200Kbit
#------------------------------------------------------------------------------
$CLU 1:103 $BWG16_96
$CLD 2:103 $BWG16_128
$BGU 10.201.201.109 flowid 1:103
$BGD 10.201.201.109 flowid 2:103

$EQUAL_UP 1:103 handle 103: sfq perturb 10
$EQUAL_DOWN 2:103 handle 103: sfq perturb 10

#------------------------------------------------------------------------------
# EMAX 003 = 200Kbit
#------------------------------------------------------------------------------
$CLU 1:104 $BWG16_96
$CLD 2:104 $BWG16_128
$BGU 10.201.201.111 flowid 1:104
$BGD 10.201.201.111 flowid 2:104

$EQUAL_UP 1:104 handle 104: sfq perturb 10
$EQUAL_DOWN 2:104 handle 104: sfq perturb 10

#------------------------------------------------------------------------------
#CPC MARCATO = 300Kbit
#------------------------------------------------------------------------------
$CLU 1:105 $BWG16_96
$CLD 2:105 $BWG16_128
$BGU 10.201.201.104 flowid 1:105
$BGD 10.201.201.104 flowid 2:105

$EQUAL_UP 1:105 handle 105: sfq perturb 10
$EQUAL_DOWN 2:105 handle 105: sfq perturb 10

#------------------------------------------------------------------------------
# ADM FERNANDO COSTA = 200Kbit
#------------------------------------------------------------------------------
$CLU 1:108 $BWG16_96
$CLD 2:108 $BWG16_128
$BGU 10.201.201.120 flowid 1:108
$BGD 10.201.201.120 flowid 2:108

$EQUAL_UP 1:108 handle 108: sfq perturb 10
$EQUAL_DOWN 2:108 handle 108: sfq perturb 10

#------------------------------------------------------------------------------
# FLOR DE IP = 200Kbit
#------------------------------------------------------------------------------
$CLU 1:110 $BWG16_96
$CLD 2:110 $BWG16_128
$BGU 10.201.201.131 flowid 1:110
$BGD 10.201.201.131 flowid 2:110

$EQUAL_UP 1:110 handle 110: sfq perturb 10
$EQUAL_DOWN 2:110 handle 110: sfq perturb 10

#------------------------------------------------------------------------------
# TOYO = 200Kbit
#------------------------------------------------------------------------------
$CLU 1:111 $BWG16_96
$CLD 2:111 $BWG16_128
$BGU 10.201.201.132 flowid 1:111
$BGD 10.201.201.132 flowid 2:111

$EQUAL_UP 1:111 handle 111: sfq perturb 10
$EQUAL_DOWN 2:111 handle 111: sfq perturb 10

#------------------------------------------------------------------------------
# IVD1 CURSOS = 200Kbit
#------------------------------------------------------------------------------
$CLU 1:112 $BWG16_96
$CLD 2:112 $BWG16_128
$BGU 10.201.201.134 flowid 1:112
$BGD 10.201.201.134 flowid 2:112

$EQUAL_UP 1:112 handle 112: sfq perturb 10
$EQUAL_DOWN 2:112 handle 112: sfq perturb 10

#------------------------------------------------------------------------------
# VICENTE = 200Kbit
#------------------------------------------------------------------------------
$CLU 1:113 $BWG16_96
$CLD 2:113 $BWG16_128
$BGU 10.201.201.135 flowid 1:113
$BGD 10.201.201.135 flowid 2:113

$EQUAL_UP 1:113 handle 113: sfq perturb 10
$EQUAL_DOWN 2:113 handle 113: sfq perturb 10

#------------------------------------------------------------------------------
# IVD2 CURSOS = 200Kbit
#------------------------------------------------------------------------------
$CLU 1:114 $BWG16_96
$CLD 2:114 $BWG16_96
$BGU 10.201.201.136 flowid 1:114
$BGD 10.201.201.136 flowid 2:114

$EQUAL_UP 1:114 handle 114: sfq perturb 10
$EQUAL_DOWN 2:114 handle 114: sfq perturb 10

#------------------------------------------------------------------------------
# IVD3 CURSOS = 200Kbit
#------------------------------------------------------------------------------
$CLU 1:115 $BWG16_96
$CLD 2:115 $BWG16_96
$BGU 10.201.201.137 flowid 1:115
$BGD 10.201.201.137 flowid 2:115

$EQUAL_UP 1:115 handle 115: sfq perturb 10
$EQUAL_DOWN 2:115 handle 115: sfq perturb 10

#------------------------------------------------------------------------------
# IVD4 CURSOS = 200Kbit
#------------------------------------------------------------------------------
$CLU 1:116 $BWG16_96
$CLD 2:116 $BWG16_96
$BGU 10.201.201.139 flowid 1:116
$BGD 10.201.201.139 flowid 2:116

$EQUAL_UP 1:116 handle 116: sfq perturb 10
$EQUAL_DOWN 2:116 handle 116: sfq perturb 10

#------------------------------------------------------------------------------
# EMAX 001 = 200Kbit
#------------------------------------------------------------------------------
$CLU 1:117 $BWG16_96
$CLD 2:117 $BWG16_128
$BGU 10.201.201.145 flowid 1:117
$BGD 10.201.201.145 flowid 2:117

$EQUAL_UP 1:117 handle 117: sfq perturb 10
$EQUAL_DOWN 2:117 handle 117: sfq perturb 10

#------------------------------------------------------------------------------
# SANTO AVENTUREIRO = 200Kbit
#------------------------------------------------------------------------------
$CLU 1:118 $BWG16_96
$CLD 2:118 $BWG16_128
$BGU 10.201.201.140 flowid 1:118
$BGD 10.201.201.140 flowid 2:118

$EQUAL_UP 1:118 handle 118: sfq perturb 10
$EQUAL_DOWN 2:118 handle 118: sfq perturb 10

#------------------------------------------------------------------------------
# IVD CURSOS IGOR = 200Kbit
#------------------------------------------------------------------------------
$CLU 1:119 $BWG16_96
$CLD 2:119 $BWG16_128
$BGU 10.201.201.141 flowid 1:119
$BGD 10.201.201.141 flowid 2:119

$EQUAL_UP 1:119 handle 119: sfq perturb 10
$EQUAL_DOWN 2:119 handle 119: sfq perturb 10

#------------------------------------------------------------------------------
# LAN HOUSE = 500Kbit
#------------------------------------------------------------------------------
$CLU 1:120 $BWG32_200
$CLD 2:120 $BWG96_304
$BGU 10.201.201.142 flowid 1:120
$BGD 10.201.201.142 flowid 2:120

$EQUAL_UP 1:120 handle 120: sfq perturb 10
$EQUAL_DOWN 2:120 handle 120: sfq perturb 10

#------------------------------------------------------------------------------
# IEDA COTRIM = 200Kbit
#------------------------------------------------------------------------------
$CLU 1:121 $BWG16_96
$CLD 2:121 $BWG16_128
$BGU 10.201.201.106 flowid 1:121
$BGD 10.201.201.106 flowid 2:121

$EQUAL_UP 1:121 handle 121: sfq perturb 10
$EQUAL_DOWN 2:121 handle 121: sfq perturb 10

#------------------------------------------------------------------------------
# PROI = 200Kbit
#------------------------------------------------------------------------------
$CLU 1:122 $BWG16_96
$CLD 2:122 $BWG16_128
$BGU 10.201.201.125 flowid 1:122
$BGD 10.201.201.125 flowid 2:122

$EQUAL_UP 1:122 handle 122: sfq perturb 10
$EQUAL_DOWN 2:122 handle 122: sfq perturb 10

#------------------------------------------------------------------------------
# ACADEMIA MULHER = 200Kbit
#------------------------------------------------------------------------------
$CLU 1:124 $BWG16_96
$CLD 2:124 $BWG16_128
$BGU 10.201.201.128 flowid 1:124
$BGD 10.201.201.128 flowid 2:124

$EQUAL_UP 1:124 handle 124: sfq perturb 10
$EQUAL_DOWN 2:124 handle 124: sfq perturb 10

#------------------------------------------------------------------------------
# LINKSTONE = 200Kbit
#------------------------------------------------------------------------------
$CLU 1:125 $BWG16_96
$CLD 2:125 $BWG16_128
$BGU 10.201.201.146 flowid 1:125
$BGD 10.201.201.146 flowid 2:125

$EQUAL_UP 1:125 handle 125: sfq perturb 10
$EQUAL_DOWN 2:125 handle 125: sfq perturb 10

#------------------------------------------------------------------------------
# VERA PARODI = 200Kbit
#------------------------------------------------------------------------------
$CLU 1:126 $BWG16_96
$CLD 2:126 $BWG16_128
$BGU 10.201.201.148 flowid 1:126
$BGD 10.201.201.148 flowid 2:126

$EQUAL_UP 1:126 handle 126: sfq perturb 10
$EQUAL_DOWN 2:126 handle 126: sfq perturb 10

#------------------------------------------------------------------------------
# BOUTIQUE CANINA = 200Kbit
#------------------------------------------------------------------------------
$CLU 1:130 $BWG16_96
$CLD 2:130 $BWG16_128
$BGU 10.201.201.153 flowid 1:130
$BGD 10.201.201.153 flowid 2:130
$EQUAL_UP 1:130 handle 130: sfq perturb 10
$EQUAL_DOWN 2:130 handle 130: sfq perturb 10

#------------------------------------------------------------------------------
# HIP 1263 = 200Kbit
#------------------------------------------------------------------------------
$CLU 1:131 $BWG16_96
$CLD 2:131 $BWG16_128
$BGU 10.201.201.152 flowid 1:131
$BGD 10.201.201.152 flowid 2:131

$EQUAL_UP 1:131 handle 131: sfq perturb 10
$EQUAL_DOWN 2:131 handle 131: sfq perturb 10

#------------------------------------------------------------------------------
# IMOBILIARIA = 200Kbit
#------------------------------------------------------------------------------
$CLU 1:132 $BWG16_96
$CLD 2:132 $BWG16_128
$BGU 10.201.201.154 flowid 1:132
$BGD 10.201.201.154 flowid 2:132

$EQUAL_UP 1:132 handle 132: sfq perturb 10
$EQUAL_DOWN 2:132 handle 132: sfq perturb 10

#------------------------------------------------------------------------------
# CAFE AROMA = 200Kbit
#------------------------------------------------------------------------------
$CLU 1:133 $BWG16_96
$CLD 2:133 $BWG16_128
$BGU 10.201.201.155 flowid 1:133
$BGD 10.201.201.155 flowid 2:133

$EQUAL_UP 1:133 handle 133: sfq perturb 10
$EQUAL_DOWN 2:133 handle 133: sfq perturb 10

#------------------------------------------------------------------------------
# STOMPFIT = 200Kbit
#------------------------------------------------------------------------------
$CLU 1:134 $BWG16_96
$CLD 2:134 $BWG16_128
$BGU 10.201.201.156 flowid 1:134
$BGD 10.201.201.156 flowid 2:134

$EQUAL_UP 1:134 handle 134: sfq perturb 10
$EQUAL_DOWN 2:134 handle 134: sfq perturb 10

#------------------------------------------------------------------------------
#CPC MARCATO2 = 300Kbit
#------------------------------------------------------------------------------
$CLU 1:135 $BWG16_96
$CLD 2:135 $BWG16_128
$BGU 10.201.201.121 flowid 1:135
$BGD 10.201.201.121 flowid 2:135

$EQUAL_UP 1:136 handle 136: sfq perturb 10
$EQUAL_DOWN 2:136 handle 136: sfq perturb 10

Reply to:

Follow-Ups:
- Re: Problemas HTB
  - From: "Reinaldo Carvalho" <reinaldoc@gmail.com>

References:
- Problemas HTB
  - From: "Diogo Borsoi" <diogoborsoi@yahoo.com.br>

Prev by Date: Re: Servidor de arquivos Debian P4 3.2 ou Dual core 2.8
Next by Date: Re: Problemas HTB
Previous by thread: Re: Problemas HTB
Next by thread: Re: Problemas HTB
Index(es):
- Date
- Thread