[FUG-BR] PF com falha ICMP

Renata Dias renatchinha em gmail.com
Sexta Março 19 10:37:25 BRT 2010 

Caros,

    Encontrei varias discussões a respeito da minha dúvida, porém nenhuma
com solução!

Eu ativo o pf e a rede passa a responder com "No buffer space available".
Testei algumas opções que encontrei na internet, como: set limit { states
1000000000, src-nodes 1000000000, frags 50000000 } , porém sem sucesso.

Segue meu pf.conf

if_wan_upload="em0"
if_lan_download="em1"

table <rede_interna> { 192.168.0.0/24, 10.0.10.0/24 }

altq on $if_wan_upload hfsc bandwidth 100% queue total_out
 queue total_out bandwidth 34Mb hfsc(upperlimit 34Mb) { ping_out voip_out
dns_out http-https_out pop_out smtp_out ssh_out outros_out p2p_out }
  queue ping_out bandwidth 6% priority 9 hfsc(upperlimit 100% realtime 6%
ecn red)
  queue voip_out bandwidth 5% priority 8 hfsc(upperlimit 100% realtime 5%
ecn red)
  queue dns_out bandwidth 2% priority 7 hfsc(upperlimit 100% realtime 2% ecn
red)
  queue http-https_out bandwidth 60% priority 6 hfsc(upperlimit 100%
realtime 60% ecn red)
  queue ssh_out bandwidth 2% priority 5 hfsc(upperlimit 100% realtime 2% ecn
red)
  queue smtp_out bandwidth 5% priority 4 hfsc(upperlimit 100% realtime 5%
ecn red)
  queue pop_out bandwidth 5% priority 3 hfsc(upperlimit 100% realtime 5% ecn
red)
  queue outros_out bandwidth 10% priority 2 hfsc(upperlimit 95% realtime 10%
ecn red default)
  queue p2p_out bandwidth 5% priority 1 hfsc(upperlimit 80% realtime 5% ecn
red)

altq on $if_lan_download hfsc bandwidth 100Mb queue total
 queue total bandwidth 34Mb hfsc(upperlimit 34Mb) { ping voip dns http-https
ssh smtp pop outros p2p }
  queue ping bandwidth 6% priority 9 hfsc(upperlimit 100% realtime 6% ecn
red)
  queue voip bandwidth 5% priority 8 hfsc(upperlimit 100% realtime 5% ecn
red)
  queue dns bandwidth 2% priority 7 hfsc(upperlimit 100% realtime 2% ecn
red)
  queue http-https bandwidth 60% priority 6 hfsc(upperlimit 100% realtime
60% ecn red)
  queue ssh bandwidth 2% priority 5 hfsc(upperlimit 100% realtime 2% ecn
red)
  queue smtp bandwidth 5% priority 4 hfsc(upperlimit 100% realtime 5% ecn
red)
  queue pop bandwidth 5% priority 3 hfsc(upperlimit 100% realtime 5% ecn
red)
  queue outros bandwidth 10% priority 2 hfsc(upperlimit 95% realtime 10% ecn
red default)
  queue p2p bandwidth 5% priority 1 hfsc(upperlimit 80% realtime 5% ecn red)

pass in quick on $if_wan_upload proto icmp from <rede_interna> to any keep
state queue ping_out
pass in quick on $if_lan_download proto icmp from <rede_interna> to any keep
state queue ping

pass in quick on $if_wan_upload proto { tcp, udp } from <rede_interna> to
any port 53 keep state queue dns_out
pass in quick on $if_lan_download proto { tcp, udp } from <rede_interna> to
any port 53 keep state queue dns

pass in quick on $if_wan_upload proto tcp from <rede_interna> to any port {
80, 443 } keep state queue http-https_out
pass in quick on $if_lan_download proto tcp from <rede_interna> to any port
{ 80, 443 } keep state queue http-https

pass in quick on $if_wan_upload proto tcp from <rede_interna> to any port
110 keep state queue pop_out
pass in quick on $if_lan_download proto tcp from <rede_interna> to any port
110 keep state queue pop

pass in quick on $if_wan_upload proto tcp from <rede_interna> to any port 25
keep state queue smtp_out
pass in quick on $if_lan_download proto tcp from <rede_interna> to any port
25 keep state queue smtp

pass in quick on $if_wan_upload proto tcp from <rede_interna> to any port 22
keep state queue ssh_out
pass in quick on $if_lan_download proto tcp from <rede_interna> to any port
22 keep state queue ssh



-- 
Renata Dias

Mais detalhes sobre a lista de discussão freebsd