Problem s ALTQ. Prosim pomozte. (Ladislav Jerabek)

Stefan Kremen piftik at yhman.tnuni.sk
Thu Jan 15 15:49:50 CET 2004

Previous message: Problem s ALTQ. Prosim pomozte. (Ladislav Jerabek)
Next message: ztrata dat na UFS + FreeBSD 5.1
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 15 Jan 2004 13:53:50 +0100, Jeřábek Ladislav wrote
> Dobrý den.
> 
>             Ja jsem do ted zadny skript napsany nemel. Jen jsem 
> testoval co pfctl vsechno umi a cetl jsem si odzacatku dokumentaci a 
> zkousel všechny funkce. A u CBQ jsem se zarazil. Nechce mi fungovat. 
> Tak jsem si z dokumentace zkopíroval skript a ten Vám tady zkopíruji,
>  který mi také nechce fungovat:

Neviem ako si pochopil princip, ale ja mam dojem, ze primarnu funkciu si dal
prikazu "pfctl" no a sekundarnu konfiguraku "/etc/pf.conf", lenze ono je to
prave naopak.

Ked startuje PF, precita si konfigurak. Ak v nom nenajde chyby, PF zacne
fungovat. Lenze konfigurak, ktory ste sem pastol, JE NEUPLNY, a predpokladam,
ze ani nie je nastaveny na tvoj konretny system. Pravdepodobne si asi necital
dokumentaciu dost pozorne. V uvedenom priklade je vysvetleny iba princip ALTQ,
lenze na svoju uplnu funkcnost potrebuje aj spravne nastavene filtrovacie
pravidla (to je ta sekcia, kde nasleduje "pass" a "block"). Minimalne ti to
nepojde asi preto, lebo nazvy sietovych zariadeni s velkou pravdepodobnostou
nebudu sediet s nazvami zariadeni tvojho konkretneho systemu.

tvojim voditkom nech sa pre zaciatok stanu prikazy "dmesg" a "ifconfig -a"

Zatial iba tolko. PiFtiK

> 
> # filter rules for fxp0 inbound
> block in on xl0 all
> 
> # filter rules for xl0 outbound
> block out on xl0 all
> pass  out on xl0 inet proto tcp from (xl0) to any flags S/SA \
>     keep state queue(std_out, tcp_ack_out)
> pass  out on xl0 inet proto { udp icmp } from (xl0) to any keep state
> pass  out on xl0 inet proto { tcp udp } from (xl0) to any port 
> domain \
>     keep state queue dns_out
> pass  out on xl0 inet proto tcp from (xl0) to any port $ssh_ports \
>     flags S/SA keep state queue(std_out, ssh_im_out)
> pass  out on xl0 inet proto tcp from (xl0) to any port $im_ports \
>     flags S/SA keep state queue(ssh_im_out, tcp_ack_out)
> 
> # filter rules for wi1 inbound
> block in on wi1 all
> pass  in on wi1 from $local_net
> 
> # filter rules for wi1 outbound
> block out on wi1 all
> pass  out on wi1 from any to $local_net
> pass  out on wi1 proto { tcp udp } from any port domain to 
> $local_net \
>     queue dns_in
> pass  out on wi1 proto tcp from any port $ssh_ports to $local_net \
>     queue(std_in, ssh_im_in)
> pass  out on wi1 proto tcp from any port $im_ports to $local_net \
>     queue ssh_im_in
> pass  out on wi1 from any to $bob queue bob_in


------------------------------------------------------
Tuto postu Vam prinasa Yhman a OpenWebmail.
This mail is brought to you by Yhman and OpenWebmail.

Previous message: Problem s ALTQ. Prosim pomozte. (Ladislav Jerabek)
Next message: ztrata dat na UFS + FreeBSD 5.1
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users-l mailing list