Instalei o shaperd para fazer o controle de banda da rede aqui da
repartição onde trabalho. No mesmo servidor o squid + dansgaurdian
faz bloqueio a extensões e sites proibidos. Preferi controlar a
banda pelo shaperd pelo fato de ele possuir o recurso de liberar a
banda excedente quando houver menor tráfego na rede. Acontece que
depois de instalado e se configurado segundo o tutorial disponível
em http://wiki.consoli.org.br/~wiki/index.php/QOS_no_Debian_Lenny_com_Shaper
o shaper não inicializa após o comando /etc/init.d/shaperd start ,
pois não há nenhum daemon ativo com este nome e a banda fica
completamente sem limite na rede.
Não sei qual possa ser o problema, possuo um script firewall que
bloqueia acesso a algumas portas e libera o nat para o mac de apenas
uma máquina que necessita de acesso direto para um dos sistemas da
Caixa Economica Federal. As outras máquinas na rede acessam via
proxy já configurado previamente nos computadores.
Na pasta /etc/shaperd possuo os arquivos:
cbq-0002.-in
DEVICE=eth1,512Kbit,55Kbit
RATE=150Kbit
WEIGHT=15Kbit
PRIO=5
RULE=192.168.1.0/24
BOUNDED=yes
ISOLATED=yes
cbq-0002.-out
DEVICE=eth1,100Mbit,10Mbit
RATE=150Kbit
WEIGHT=15Kbit
PRIO=5
RULE=192.168.1.0/24,
BOUNDED=yes
ISOLATED=yes
shaperd.conf
# example.1.conf: shape echo server's output to measure
performance
#
# send a SIGHUP to reload this file with the command killall -HUP
shaperd
# this is an "internal" log level (all logs are sent with facility
daemon,
# priority info; see the syslog manpage for more information).
# valid levels are:
# alert (1)
# error (2)
# warning (3)
# info (4)
# debug1 (5)
# debug2 (6)
# log levels beggining from warning (3) will log unmatched packets
log level = info
# this is a required option. note that shaperd must have been
built with
# the correct forwarding mechanism(s) in order for these to work
# see the README for further details.
# packet forwarding = ipq
# packet forwarding = divert # check "divert port" and "divert
reinjection"
packet forwarding = ipq
# for divert sockets, you must also specify a port number:
# this number should be the same value you use in the firewall
rules
# divert port = 1111
# this is useful for debugging
# shaperd will run detached if set to "yes"
daemon = yes
# full path to shaperd's pidfile
# it'll be generated in daemon mode only
pidfile = /var/run/shaperd.pid
class local_echo {
# shape every tcp packet from 127.0.0.1, port=7 (echo)
ipv4 classifier proto=tcp saddr=127.0.0.1 sport=7
# valid suffixes: mbyte/s mbit/s kbyte/s kbit/s byte/s
bit/s
bandwidth = 100.0 kbyte/s
# maximum queue size
# shaperd will drop packets when the queue is full
# valid suffixes: mbyte, mb, kbyte, kb, byte, bytes
# 0 means "unlimited" (both for bytes and amount of
packets)
# - the first limit, bytes, is mainly for divert sockets
(because
# it forwards entire datagrams of arbitraty sizes)
# - the second limit, packets, is intended for use under
kernel 2.4,
# because linux will trigger an error when the number of
# outstanting packets is greater than /proc/net/ip_queue
queue limits = 100 kb 100 packets
# (divert only)
# divert reinjection = inbound|outbound
# as a rule of thumb:
# packets for this host -> inbound
# forwarded packets -> inbound
# packets from this host -> outbound
# these are locally generated packets, so we'll reinject
them in the
# outbound direction
#
# divert reinjection = outbound
}
Alguém pode me ajudar a fazer o shaper funcionar?
|