QoS e Proxy

Home Comunidade Brasileira Endian Firewall Endian Firewall Endian Firewall – Suporte QoS e Proxy

Marcado: 

Visualizando 3 respostas da discussão
  • Autor
    Posts
    • abril 28, 2010 às 6:51 pm #219
      Albaney Baylão
      Participante

      Apesar dos problemas do endian no QoS consegui configurar bastante bem o QoS. Agora o meu problema é o seguinte: Eu consigo fazer com que o QoS limite o tráfego de internet de um equipamento desde que ele não use o proxy. Se eu colocar o proxy para ele o resultado é que ele navega como se nenhum limite houvesse. Como resolver isso?

      Exemplo: Eu tenho um equipamento com o IP 10.18.1.3 que fica vendo filme na Internet. Para permitir que ele continuasse navegando mas não se animasse a ver os filmes criei a regra de QoS a seguir

      10.18.1.3 <ANY> <ANY> <ANY> Uplink main – Low Priority

      Mas enquanto eu não desabilitei o proxy transparente para ele o QoS não pegou nenhum pacote desta máquina, apesar de ela estar navegando direto.


      Wireguard_webadmin

      Sistema gratuito (Open Source) para gestão de VPN's WireGuard com uma Web interface intuitiva e fácil de usar.

      Principais funcionalidades:

      - Sistema de Firewall completo e flexível.
      - Encaminhamento de portas
      - Suporte a multi usuário com níveis diferentes de acesso
      - Múltiplas instâncias do Wireguard
      - Crypto key routing para configuração de VPN site-to-site

      O projeto é Open Source, fácil de instalar e está disponível em wireguard_webadmin

    • abril 28, 2010 às 7:15 pm #4326
      Albaney Baylão
      Participante

      Eu disse que estava funcionando, mas não está… sniff, sniff

      A minha máquina tem o IP 10.2.0.0

      O restartqos.py –debug retorna o seguinte

      root@efwadm:~ # restartqos.py –debug

      2010-04-28 16:11:16,843 – restartqos.py[10164] – ERROR – Migration has to be fixed!!!

      2010-04-28 16:11:16,846 – restartqos.py[10164] – INFO – Loading configuration

      2010-04-28 16:11:16,856 – restartqos.py[10164] – DEBUG – Substituted var UPLINK:main -> eth1

      2010-04-28 16:11:16,901 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -N QOS 2> /dev/null]

      2010-04-28 16:11:16,906 – restartqos.py[10164] – ERROR – RETURNCODE [iptables -t mangle -N QOS 2> /dev/null] 1

      2010-04-28 16:11:16,947 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -F QOS]

      2010-04-28 16:11:17,049 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -D POSTROUTING -j QOS 2> /dev/null]

      2010-04-28 16:11:17,126 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A POSTROUTING -j QOS 2> /dev/null]

      2010-04-28 16:11:17,137 – restartqos.py[10164] – DEBUG – Substituted var PHYSDEV:eth0 -> eth0

      2010-04-28 16:11:17,142 – restartqos.py[10164] – DEBUG – Substituted var GREEN -> br0

      2010-04-28 16:11:17,157 – restartqos.py[10164] – INFO – Setting QOS of device: eth1 [UPLOAD=5000, DOWNLOAD=5000]

      2010-04-28 16:11:17,302 – restartqos.py[10164] – DEBUG – RUNNING [ip link 2> /dev/null]

      2010-04-28 16:11:17,310 – restartqos.py[10164] – DEBUG – STDOUT [ip link 2> /dev/null]

      1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue

      link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

      2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000

      link/ether 00:0c:29:26:f0:62 brd ff:ff:ff:ff:ff:ff

      3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc hfsc qlen 1000

      link/ether 00:0c:29:26:f0:6c brd ff:ff:ff:ff:ff:ff

      4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue

      link/ether 00:0c:29:26:f0:62 brd ff:ff:ff:ff:ff:ff

      5: tap0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 100

      link/ether 00:ff:6e:3f:1a:82 brd ff:ff:ff:ff:ff:ff

      2010-04-28 16:11:17,405 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -N QOS_ETH1 2> /dev/null]

      2010-04-28 16:11:17,409 – restartqos.py[10164] – ERROR – RETURNCODE [iptables -t mangle -N QOS_ETH1 2> /dev/null] 1

      2010-04-28 16:11:17,461 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -F QOS_ETH1]

      2010-04-28 16:11:17,512 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -D QOS -o eth1 -j QOS_ETH1 2> /dev/null]

      2010-04-28 16:11:17,514 – restartqos.py[10164] – ERROR – RETURNCODE [iptables -t mangle -D QOS -o eth1 -j QOS_ETH1 2> /dev/null] 1

      2010-04-28 16:11:17,546 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS -o eth1 -j QOS_ETH1]

      2010-04-28 16:11:17,599 – restartqos.py[10164] – DEBUG – RUNNING [tc qdisc del dev eth1 root 2> /dev/null]

      2010-04-28 16:11:17,656 – restartqos.py[10164] – DEBUG – RUNNING [tc qdisc add dev eth1 root handle 2: hfsc default 5]

      2010-04-28 16:11:17,683 – restartqos.py[10164] – DEBUG – RUNNING [tc class add dev eth1 parent 2: classid 2:1 hfsc sc rate 5000kbit ul rate 5000kbit]

      2010-04-28 16:11:17,720 – restartqos.py[10164] – DEBUG – RUNNING [tc class add dev eth1 parent 2:1 classid 2:2 hfsc sc umax 1500b dmax 25ms rate 2900kbit ul rate 5000kbit]

      2010-04-28 16:11:17,788 – restartqos.py[10164] – DEBUG – RUNNING [tc qdisc add dev eth1 parent 2:2 handle 202: sfq perturb 10 ]

      2010-04-28 16:11:17,877 – restartqos.py[10164] – DEBUG – RUNNING [tc class add dev eth1 parent 2:1 classid 2:3 hfsc sc umax 1500b dmax 100ms rate 1500kbit ul rate 5000kbit]

      2010-04-28 16:11:17,961 – restartqos.py[10164] – DEBUG – RUNNING [tc qdisc add dev eth1 parent 2:3 handle 203: sfq perturb 10 ]

      2010-04-28 16:11:18,047 – restartqos.py[10164] – DEBUG – RUNNING [tc class add dev eth1 parent 2:1 classid 2:4 hfsc sc umax 1500b dmax 175ms rate 500kbit ul rate 500kbit]

      2010-04-28 16:11:18,103 – restartqos.py[10164] – DEBUG – RUNNING [tc qdisc add dev eth1 parent 2:4 handle 204: sfq perturb 10 ]

      2010-04-28 16:11:18,163 – restartqos.py[10164] – DEBUG – RUNNING [tc class add dev eth1 parent 2:1 classid 2:5 hfsc sc umax 1500b dmax 225ms rate 100kbit ul rate 100kbit]

      2010-04-28 16:11:18,177 – restartqos.py[10164] – DEBUG – RUNNING [tc qdisc add dev eth1 parent 2:5 handle 205: sfq perturb 10 ]

      2010-04-28 16:11:18,205 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –source 10.18.1.3 -j CLASSIFY –set-class 2:4]

      2010-04-28 16:11:18,252 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –source 10.18.1.2 -j CLASSIFY –set-class 2:5]

      2010-04-28 16:11:18,319 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –source 10.2.0.0/16 -j CLASSIFY –set-class 2:5]

      2010-04-28 16:11:18,387 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –proto icmp -j CLASSIFY –set-class 2:2]

      2010-04-28 16:11:18,470 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –proto icmp -j CLASSIFY –set-class 2:2]

      2010-04-28 16:11:18,556 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –proto tcp –destination-port 21 -j CLASSIFY –set-class 2:2]

      2010-04-28 16:11:18,628 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –proto tcp –destination-port 25 -j CLASSIFY –set-class 2:2]

      2010-04-28 16:11:18,690 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –proto tcp –destination-port 80 -j CLASSIFY –set-class 2:2]

      2010-04-28 16:11:18,786 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –proto tcp –destination-port 110 -j CLASSIFY –set-class 2:2]

      2010-04-28 16:11:18,886 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –proto tcp –destination-port 123 -j CLASSIFY –set-class 2:2]

      2010-04-28 16:11:18,934 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –proto tcp –destination-port 143 -j CLASSIFY –set-class 2:2]

      2010-04-28 16:11:19,062 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –proto tcp –destination-port 443 -j CLASSIFY –set-class 2:2]

      2010-04-28 16:11:19,094 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –proto tcp –destination-port 993 -j CLASSIFY –set-class 2:2]

      2010-04-28 16:11:19,148 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –proto tcp –destination-port 995 -j CLASSIFY –set-class 2:2]

      2010-04-28 16:11:19,196 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –proto tcp –destination-port 3456 -j CLASSIFY –set-class 2:2]

      2010-04-28 16:11:19,270 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –proto udp –destination-port 21 -j CLASSIFY –set-class 2:2]

      2010-04-28 16:11:19,328 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –proto udp –destination-port 25 -j CLASSIFY –set-class 2:2]

      2010-04-28 16:11:19,368 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –proto udp –destination-port 80 -j CLASSIFY –set-class 2:2]

      2010-04-28 16:11:19,457 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –proto udp –destination-port 110 -j CLASSIFY –set-class 2:2]

      2010-04-28 16:11:19,540 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –proto udp –destination-port 123 -j CLASSIFY –set-class 2:2]

      2010-04-28 16:11:19,608 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –proto udp –destination-port 143 -j CLASSIFY –set-class 2:2]

      2010-04-28 16:11:19,660 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –proto udp –destination-port 443 -j CLASSIFY –set-class 2:2]

      2010-04-28 16:11:19,693 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –proto udp –destination-port 993 -j CLASSIFY –set-class 2:2]

      2010-04-28 16:11:19,775 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –proto udp –destination-port 995 -j CLASSIFY –set-class 2:2]

      2010-04-28 16:11:19,835 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –proto udp –destination-port 3456 -j CLASSIFY –set-class 2:2]

      2010-04-28 16:11:19,904 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –source 172.16.201.0/24 -j CLASSIFY –set-class 2:2]

      2010-04-28 16:11:19,976 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –destination 172.16.201.0/24 -j CLASSIFY –set-class 2:2]

      2010-04-28 16:11:20,059 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –proto tcp –destination-port 2082 -j CLASSIFY –set-class 2:3]

      2010-04-28 16:11:20,139 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –proto tcp –destination-port 2095 -j CLASSIFY –set-class 2:3]

      2010-04-28 16:11:20,208 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –proto udp –destination-port 2082 -j CLASSIFY –set-class 2:3]

      2010-04-28 16:11:20,286 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –proto udp –destination-port 2095 -j CLASSIFY –set-class 2:3]

      2010-04-28 16:11:20,358 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –proto tcp –destination-port 10443 -j CLASSIFY –set-class 2:3]

      2010-04-28 16:11:20,458 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –proto tcp –destination-port 3001 -j CLASSIFY –set-class 2:3]

      2010-04-28 16:11:20,531 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –proto udp –destination-port 10443 -j CLASSIFY –set-class 2:3]

      2010-04-28 16:11:20,611 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –proto udp –destination-port 3001 -j CLASSIFY –set-class 2:3]

      2010-04-28 16:11:20,690 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –in-interface eth0 -j CLASSIFY –set-class 2:5]

      2010-04-28 16:11:20,819 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –in-interface br0 -j CLASSIFY –set-class 2:5]

      2010-04-28 16:11:20,926 – restartqos.py[10164] – DEBUG – RUNNING [iptables -t mangle -A QOS_ETH1 -o eth1 –source 10.0.0.0/8 -j CLASSIFY –set-class 2:5]

    • abril 28, 2010 às 7:20 pm #4327
      Albaney Baylão
      Participante

      Como a regra que envolve a minha máquina neste teste coloca um limite de 100kbit/s, eu não deveria baixar nada a mais do que isso e no entanto estou baixando via torrent a 800kbit/s.

    • maio 3, 2010 às 9:11 am #4328
      Eduardo Silva
      Participante

      Albaney, em relação a pergunta inicial do post:

      O QoS por máquina não vai funcionar para as conexões que passam através de proxy. Sugiro que você edite o arquivo de template do squid para configurar o delay_pools.

      Isto pode ajuda-lo a limitar a navegação para uma máquina em específico.

      []’s

  • Autor
    Posts
Visualizando 3 respostas da discussão
  • O tópico ‘QoS e Proxy’ está fechado para novas respostas.