estou implementando um controle de banda para uma micro empresa que terão aproximadamente 50 hosts. o layout de rede está na imagem, e as configurações abaixo.
funcionou quase perfeitamente usando simple queue com add por script do dhcp server.
quase, por que este controle de banda também se aplica no trafego interno entre hosts (copaindo arquivo de hosta para outro) gostaria que este controle se aplicasse apenas ao trafego do NAT (saida pra internet, ether1)
--------------------------------------------------------------------------------------------------------------------------------------------
# ADDRESS NETWORK INTERFACE
0 ;;; fast ethernet
192.168.0.1/24 192.168.0.0 ether3
1 ;;; wireless
192.168.2.1/24 192.168.2.0 ether5
2 D 192.168.20.111/24 192.168.20.0 ether1
--------------------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------------------------
# FIREWALL NAT
0 chain=srcnat action=masquerade out-interface=ether1 log=no log-prefix=""
--------------------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------------------------
# SIMPLE QUEUE
0 name="controle-geral" target=192.168.0.0/22 parent=none packet-marks="" priority=8/8 queue=default-small/default-small limit-at=0/0 max-limit=2M/20M burst-limit=0/0 burst-threshold=0/0
burst-time=0s/0s bucket-size=0.1/0.1
1 name="controle-iface-a" target=192.168.0.0/24 parent=controle-geral packet-marks="" priority=8/8 queue=default-small/default-small limit-at=1M/10M max-limit=2M/20M burst-limit=0/0 burst-threshold=0/0
burst-time=0s/0s bucket-size=0.1/0.1
2 name="controle-iface-b" target=192.168.2.0/24 parent=controle-geral packet-marks="" priority=8/8 queue=default-small/default-small limit-at=1M/10M max-limit=2M/20M burst-limit=0/0 burst-threshold=0/0
burst-time=0s/0s bucket-size=0.1/0.1
//GERADO POR SCRIPT NO DHCP SERVER
3 ;;; 5C:AF:06:1A:1B:FE
name="queue55" target=192.168.2.251/32 parent=controle-iface-b packet-marks="" priority=8/8 queue=default-small/default-small limit-at=500k/4M max-limit=2M/20M burst-limit=0/0 burst-threshold=0/0
burst-time=0s/0s bucket-size=0.1/0.1
4 ;;; 00:19:21:08:67:C5
name="queue57" target=192.168.0.254/32 parent=controle-iface-a packet-marks="" priority=8/8 queue=default-small/default-small limit-at=500k/4M max-limit=2M/20M burst-limit=0/0 burst-threshold=0/0
burst-time=0s/0s bucket-size=0.1/0.1
5 ;;; 98:83:89:09:ED:23
name="queue59" target=192.168.2.247/32 parent=controle-iface-b packet-marks="" priority=8/8 queue=default-small/default-small limit-at=500k/4M max-limit=2M/20M burst-limit=0/0 burst-threshold=0/0
burst-time=0s/0s bucket-size=0.1/0.1
--------------------------------------------------------------------------------------------------------------------------------------------
--------------------------------------------------------------------------------------------------------------------------------------------
# SCRIPT DO DHCP SERVER (ETHER3 E ETHER 5) QUE GERA QUEUES
if ($leaseBound=1) do={
/queue simple add max-limit=2M/20M limit-at=500k/4M target=$leaseActIP parent="controle-iface-a" comment=$leaseActMAC
} else={
/queue simple remove [find comment=$leaseActMAC]
}
--------------------------------------------------------------------------------------------------------------------------------------------
basico.pdf