Имеем сеть: Роутер (Freebsd 7.3, IPFW, DHCP) HTTP server (Freebsd 7.3, apache 2.7, PHP5, Mysql.) Сеть примерно из 30 машин (Интернет , игрушки кароче тупо нет с ограничением скорости)
У всех пользователей прописаные IP адреса в DHCP.conf поэтому они получают одни и теже ip . Имеется ограничение скорости в 4 МБита\с .
С недавних пор возникла проблема:
Скорость соединения у всех пользователей упала до 1 МБита\с.
Что послужило причиной не могу знать с чем и обращаюсь к вам знатоки!
Конфиг IPFW :
Код: Выделить всё
#!/bin/sh
fwcmd="/sbin/ipfw"
${fwcmd} -f flush
${fwcmd} -f pipe flush
${fwcmd} -f queue flush
${fwcmd} add 1040 allow ip from any to any via ste0
${fwcmd} add 1020 allow tcp from any to any ssh
${fwcmd} add 1030 allow tcp from any ssh to any
${fwcmd} add 1050 deny ip from any to 192.168.0.0/16 in recv alc0
${fwcmd} add 1060 deny ip from 192.168.0.0/16 to any in recv alc0
${fwcmd} add 1070 deny ip from any to 172.16.0.0/12 in recv alc0
${fwcmd} add 1080 deny ip from 172.16.0.0/12 to any in recv alc0
${fwcmd} add 1090 deny ip from any to 10.0.0.0/8 in recv alc0
${fwcmd} add 10100 deny ip from 10.0.0.0/8 to any in recv alc0
${fwcmd} add 10110 deny ip from any to 169.254.0.0/16 in recv alc0
${fwcmd} add 10120 deny ip from 169.254.0.0/16 to any in recv alc0
${fwcmd} pipe 1 config bw 10Mbit/s queue 60 gred 0.002/10/30/0.1
${fwcmd} queue 1 config pipe 1 mask src-ip 0xffffffff queue 60 gred 0.002/10/30/0.1
${fwcmd} pipe 2 config bw 3Mbit/s queue 60 gred 0.002/10/30/0.1
${fwcmd} queue 2 config pipe 2 mask dst-ip 0xffffffff queue 60 gred 0.002/10/30/0.1
${fwcmd} nat 1 config log if alc0 reset same_ports redirect_port tcp XX.XX.XX.XX:6881 6881 redirect_port udp XX.XX.XX.XX:4444 4444
${fwcmd} add 10130 skipto 10160 ip from 192.168.1.221 to any
${fwcmd} add 10140 skipto 10160 ip from any to 192.168.1.221
${fwcmd} add 10131 skipto 10160 ip from 192.168.1.222 to any
${fwcmd} add 10141 skipto 10160 ip from any to 192.168.1.222
${fwcmd} add 10150 queue 1 ip from any to any out xmit alc0
${fwcmd} add 10160 nat 1 ip from any to any via alc0
${fwcmd} add 10161 allow ip from 192.168.1.221 to any
${fwcmd} add 10162 allow ip from any to 192.168.1.221
${fwcmd} add 10163 allow ip from 192.168.1.222 to any
${fwcmd} add 10164 allow ip from any to 192.168.1.222
${fwcmd} add 10170 queue 2 ip from any to any in recv alc0
${fwcmd} add 10180 allow all from any to any
${fwcmd} add 10230 allow all from any to any
${fwcmd} add 65534 deny all from any to any Код: Выделить всё
00001: 10.000 Mbit/s 0 ms 60 sl. 0 queues (1 buckets)
GRED w_q 0.001999 min_th 10 max_th 30 max_p 0.099991
00002: 3.000 Mbit/s 0 ms 60 sl. 0 queues (1 buckets)
GRED w_q 0.001999 min_th 10 max_th 30 max_p 0.099991
q00001: weight 1 pipe 1 60 sl. 12 queues (64 buckets)
GRED w_q 0.001999 min_th 10 max_th 30 max_p 0.099991
mask: 0x00 0xffffffff/0x0000 -> 0x00000000/0x0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp
16 ip 192.168.1.220/0 0.0.0.0/0 33979 2148439 0 0 0
27 ip 94.251.99.112/0 0.0.0.0/0 114 210326 0 0 0
36 ip 192.168.1.230/0 0.0.0.0/0 318139 346719363 0 0 5
40 ip 192.168.1.224/0 0.0.0.0/0 124089 12542337 0 0 0
42 ip 192.168.1.225/0 0.0.0.0/0 18939 2304553 0 0 0
46 ip 192.168.1.227/0 0.0.0.0/0 27131 1834468 0 0 0
50 ip 192.168.1.205/0 0.0.0.0/0 82296 5897385 0 0 0
52 ip 192.168.1.238/0 0.0.0.0/0 205494 204818936 0 0 394
56 ip 192.168.1.200/0 0.0.0.0/0 760 63276 0 0 0
58 ip 192.168.1.201/0 0.0.0.0/0 9 3105 0 0 0
60 ip 192.168.1.234/0 0.0.0.0/0 2882 279474 0 0 0
62 ip 192.168.1.203/0 0.0.0.0/0 6906 321331 0 0 0
q00002: weight 1 pipe 2 60 sl. 20 queues (64 buckets)
GRED w_q 0.001999 min_th 10 max_th 30 max_p 0.099991
mask: 0x00 0x00000000/0x0000 -> 0xffffffff/0x0000
BKT Prot ___Source IP/port____ ____Dest. IP/port____ Tot_pkt/bytes Pkt/Byte Drp
0 ip 0.0.0.0/0 255.255.255.255/0 454 77037 0 0 0
1 ip 0.0.0.0/0 224.0.0.1/0 4 112 0 0 0
6 ip 0.0.0.0/0 94.251.99.112/0 69208 4130715 0 0 0
9 ip 0.0.0.0/0 94.251.99.255/0 2868 295656 0 0 0
12 ip 0.0.0.0/0 192.168.1.220/0 54995 76280025 0 0 166
24 ip 0.0.0.0/0 192.168.1.200/0 24492 20428908 0 0 216
25 ip 0.0.0.0/0 192.168.1.201/0 3309 2208652 0 0 26
26 ip 0.0.0.0/0 192.168.1.202/0 1641 825764 0 0 0
27 ip 0.0.0.0/0 192.168.1.203/0 11759 1948690 0 0 0
29 ip 0.0.0.0/0 192.168.1.205/0 219623 268908256 7 6386 9145
48 ip 0.0.0.0/0 192.168.1.224/0 119868 15185327 0 0 0
49 ip 0.0.0.0/0 192.168.1.225/0 26542 32268042 0 0 1425
51 ip 0.0.0.0/0 192.168.1.227/0 24861 6019805 0 0 0
54 ip 0.0.0.0/0 192.168.1.230/0 287268 239740494 29 39608 1223
56 ip 0.0.0.0/0 192.168.1.232/0 48312 57500883 0 0 368
57 ip 0.0.0.0/0 192.168.1.233/0 10962 8344755 0 0 108
58 ip 0.0.0.0/0 192.168.1.234/0 6269 2370089 0 0 0
59 ip 0.0.0.0/0 192.168.1.235/0 73 15611 0 0 0
61 ip 0.0.0.0/0 192.168.1.237/0 1 149 0 0 0
62 ip 0.0.0.0/0 192.168.1.238/0 176518 138426804 0 0 5713
Код: Выделить всё
limiting icmp unreach response from 230 to 200 packets / sв файл /etc/sysctl.conf :
Код: Выделить всё
net.inet.tcp.blackhole=2
net.inet.udp.blackhole=1
net.inet.icmp.drop_redirect=1
net.inet.icmp.maskrepl=0
net.inet.icmp.icmplim=100
net.icmp.bmcastecho=0
Код: Выделить всё
# ipfw show
01020 3669 272181 allow tcp from any to any dst-port 22
01030 7126 1327324 allow tcp from any 22 to any
01040 2898058 2042226321 allow ip from any to any via ste0
01050 0 0 deny ip from any to 192.168.0.0/16 in recv alc0
01060 26 728 deny ip from 192.168.0.0/16 to any in recv alc0
01070 0 0 deny ip from any to 172.16.0.0/12 in recv alc0
01080 0 0 deny ip from 172.16.0.0/12 to any in recv alc0
01090 0 0 deny ip from any to 10.0.0.0/8 in recv alc0
10100 0 0 deny ip from 10.0.0.0/8 to any in recv alc0
10110 0 0 deny ip from any to 169.254.0.0/16 in recv alc0
10120 0 0 deny ip from 169.254.0.0/16 to any in recv alc0
10130 146570 87415426 skipto 10160 ip from 192.168.1.221 to any
10131 0 0 skipto 10160 ip from 192.168.1.222 to any
10140 0 0 skipto 10160 ip from any to 192.168.1.221
10141 0 0 skipto 10160 ip from any to 192.168.1.222
10150 1300768 757885667 queue 1 ip from any to any out xmit alc0
10160 3019858 2074919672 nat 1 ip from any to any via alc0
10161 0 0 allow ip from 192.168.1.221 to any
10162 81182 7953151 allow ip from any to 192.168.1.221
10163 0 0 allow ip from 192.168.1.222 to any
10164 0 0 allow ip from any to 192.168.1.222
10170 1490321 1222719518 queue 2 ip from any to any in recv alc0
10180 2910553 2038883527 allow ip from any to any
10230 0 0 allow ip from any to any
65534 0 0 deny ip from any to any
65535 361 26525 deny ip from any to any
Мне остается грешиить только на мои кривые руки.... Ибо опыта маловато....
Ткни носом где пример посмотреть?