[Den_LocalNet]

Это ужас какой-то....

 

Купили новый сервер 2 месяца назад. Вот конфа:

Мать - Intel S5000VSA4DIMM

CPU - 2xXeon 5130 (2Ghz)

RAM - 2x2GB FBDIMM

HDD - 2x250GB SATAII

 

Все было просто прекрасно. Но недельку назад начал дохнуть по чуть-чуть сервер.

Сначала начался небольшой(1%) пакетлост на него пакетами 32 байт

Через 3-4 дня это уже было 5%. Со всех сетевых интерфейсов.

Заметели что такие проблемы как правило вчасы пик. Трафик до 200Мбит .... частично нат, частично роутинг. pps - 7000-10000 на интерфейс.

Иногда это не пакетлост а просто вот такой пинг:
Ответ от 10.10.10.1: число байт=32 время=5мс TTL=64
Ответ от 10.10.10.1: число байт=32 время=11мс TTL=64
Ответ от 10.10.10.1: число байт=32 время=11мс TTL=64
Ответ от 10.10.10.1: число байт=32 время=13мс TTL=64
Ответ от 10.10.10.1: число байт=32 время=18мс TTL=64
Ответ от 10.10.10.1: число байт=32 время=17мс TTL=64
Ответ от 10.10.10.1: число байт=32 время=14мс TTL=64
Ответ от 10.10.10.1: число байт=32 время=14мс TTL=64
Ответ от 10.10.10.1: число байт=32 время=9мс TTL=64
Ответ от 10.10.10.1: число байт=32 время=4мс TTL=64
Ответ от 10.10.10.1: число байт=32 время=32мс TTL=64
Ответ от 10.10.10.1: число байт=32 время=27мс TTL=64
Ответ от 10.10.10.1: число байт=32 время=13мс TTL=64
Ответ от 10.10.10.1: число байт=32 время=11мс TTL=64

В то время как когда все нормально пинг меньше 1мс

 

в это же время по топу:

last pid: 14035;  load averages:  1.41,  1.28,  1.16                                                                                  up 0+01:08:51  23:54:27
107 processes: 7 running, 88 sleeping, 12 waiting
CPU states:  1.5% user,  0.0% nice,  2.8% system, 35.7% interrupt, 59.9% idle
Mem: 592M Active, 798M Inact, 152M Wired, 12K Cache, 112M Buf, 962M Free
Swap: 4096M Total, 4096M Free

  PID USERNAME  THR PRI NICE   SIZE    RES STATE  C   TIME   WCPU COMMAND
   14 root        1 -44 -163     0K     8K CPU2   3  53:41 94.43% swi1: net
   13 root        1 171   52     0K     8K RUN    0  39:27 69.78% idle: cpu0
   10 root        1 171   52     0K     8K RUN    3  49:54 56.64% idle: cpu3
   12 root        1 171   52     0K     8K CPU1   1  34:49 55.57% idle: cpu1
   11 root        1 171   52     0K     8K RUN    2  50:19 53.81% idle: cpu2
   15 root        1 -32 -151     0K     8K CPU0   3  22:01 29.88% swi4: clock
   23 root        1 -68 -187     0K     8K WAIT   1   6:42 10.74% irq19: em1
   22 root        1 -68 -187     0K     8K WAIT   0   3:55  5.52% irq18: em0
6322 root        1   8  -15   419M   418M nanslp 1   2:32  2.83% perl5.8.8
14035 root        1   4    0  3524K  3108K sbwait 3   0:00  1.00% sshd
5407 root        8  20  -15   110M   109M kserel 0   5:55  0.00% ipcad
5401 mysql       9  20    0 58288K 30528K kserel 1   1:38  0.00% mysqld
5206 bind        1  96    0 12536K 11700K select 2   0:17  0.00% named
   17 root        1 -16    0     0K     8K -      1   0:10  0.00% yarrow
5421 root        1  96    0  3524K  2724K select 2   0:04  0.00% sshd
   31 root        1 171   52     0K     8K pgzero 1   0:02  0.00% pagezero
   26 root        1 -64 -183     0K     8K WAIT   2   0:02  0.00% irq20: atapci1
   19 root        1 -24 -143     0K     8K WAIT   2   0:01  0.00% swi6: task queue

 

systat -v 1

 

   1 users    Load  1.75  1.39  1.21                  Nov 19 23:55

Mem:KB    REAL            VIRTUAL                     VN PAGER  SWAP PAGER
        Tot   Share      Tot    Share    Free         in  out     in  out
Act  619244    9400   685588    10968  982124 count
All 1580176   12264247401588    14364         pages
                                                                 Interrupts
Proc:r  p  d  s  w    Csw  Trp  Sys  Int  Sof  Flt     93 cow   22367 total
           1 67  1  42288 10561706747453   12  240 155232 wire   6655 18: em0
                                                   606728 act    7688 19: em1
1.3%Sys  36.1%Intr  1.5%User  0.0%Nice 61.1%Idl   820348 inact       20: ata
|    |    |    |    |    |    |    |    |    |         12 cache  2006 cpu0: time
=++++++++++++++++++                                982112 free   2006 cpu1: time
                                                          daefr  2006 cpu2: time
Namei         Name-cache    Dir-cache                 162 prcfr  2006 cpu3: time
    Calls     hits    %     hits    %                     react
      290      290  100                                   pdwake
                                       86 zfod            pdpgs
Disks   ad4   ad6   ar0                85 ozfod           intrn
KB/t   0.00  0.00  0.00                98 %slo-z   114464 buf
tps       0     0     0               207 tfree       273 dirtybuf
MB/s   0.00  0.00  0.00                            100000 desiredvnodes
% busy    0     0     0                              2250 numvnodes
                                                     1049 freevnodes

systat -if 1

                   /0   /1   /2   /3   /4   /5   /6   /7   /8   /9   /10
     Load Average   |||||||

      Interface           Traffic               Peak                Total


        vlan200  in    346.185 KB/s          1.055 MB/s          332.167 MB
                 out    14.351 KB/s         51.047 KB/s           25.251 MB

        vlan193  in     11.513 MB/s         13.457 MB/s            3.870 GB
                 out     6.579 MB/s          8.161 MB/s            1.779 GB

        vlan191  in    432.495 KB/s        588.515 KB/s            1.505 GB
                 out   522.547 KB/s        600.848 KB/s            2.909 GB

            lo0  in      0.000 KB/s          1.099 MB/s          184.367 MB
                 out     0.000 KB/s          1.099 MB/s          184.367 MB

            em1  in     11.427 MB/s         13.636 MB/s          781.676 MB
                 out    16.168 MB/s         18.515 MB/s            1.010 GB

            em0  in     12.324 MB/s         14.519 MB/s            1.941 GB
                 out     7.150 MB/s          8.728 MB/s          981.666 MB

В файрволе 200-300 правил+шейпер на 350-400 правил

 

gw# uname -a
FreeBSD 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Wed Sep 26 22:30:43 UTC 2007     root@:/usr/src/sys/i386/compile/MY2  i386

 

а это вообще гониво:

gw# ping localhost
PING localhost.lan.com.ua (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=30.241 ms
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=33.089 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=39.496 ms
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=27.866 ms
64 bytes from 127.0.0.1: icmp_seq=4 ttl=64 time=20.460 ms
^C
--- localhost.lan.com.ua ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 20.460/30.230/39.496/6.246 ms

systat -ip 1

                    /0   /1   /2   /3   /4   /5   /6   /7   /8   /9   /10
     Load Average   |||||||||

          IP Input                           IP Output
    26802 total packets received       14981 total packets sent
        0 - with bad checksums           135 - generated locally
        0 - too short for header           0 - output drops
        0 - too short for data             0 output fragments generated
        0 - with invalid hlen              0 - fragmentation failed
        0 - with invalid length            0 destinations unreachable
        0 - with invalid version           0 packets output via raw IP
        0 - jumbograms
        0 total fragments received           UDP Statistics
        0 - fragments dropped             27 total input packets
        0 - fragments timed out            0 - too short for header
        0 - packets reassembled ok         0 - invalid checksum
    14846 packets forwarded                0 - no checksum
        2 - unreachable dests              0 - invalid length
       32 - redirects generated            6 - no socket for dest port
        0 option errors                    1 - no socket for broadcast
        0 unwanted multicasts              0 - socket buffer full
      106 delivered to upper layer        16 total output packets

 

em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=b<RXCSUM,TXCSUM,VLAN_MTU>
        inet ***.***.***.*** netmask 0xffffffff broadcast ***.***.***.***
        ether 00:03:47:e3:37:0c
        media: Ethernet autoselect (1000baseTX <full-duplex>)
        status: active
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=b<RXCSUM,TXCSUM,VLAN_MTU>
        inet 10.10.10.1 netmask 0xff000000 broadcast 10.255.255.255
        inet ***.***.***.*** netmask 0xffffffe0 broadcast ***.***.***.***
        inet ***.***.***.*** netmask 0xffffff80 broadcast ***.***.***.***
        inet ***.***.***.*** netmask 0xffffff00 broadcast ***.***.***.***
        ether 00:15:17:2a:6e:49
        media: Ethernet autoselect (1000baseTX <full-duplex>)
        status: active
pfsync0: flags=0<> mtu 2020
        syncpeer: 224.0.0.240 maxupd: 128
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet 127.0.0.1 netmask 0xff000000
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33208
vlan191: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet ***.***.***.*** netmask 0xfffffffc broadcast ***.***.***.***
        ether 00:03:47:e3:37:0c
        media: Ethernet autoselect (1000baseTX <full-duplex>)
        status: active
        vlan: 191 parent interface: em0
vlan193: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet ***.***.***.*** netmask 0xfffffffc broadcast ***.***.***.***
        ether 00:03:47:e3:37:0c
        media: Ethernet autoselect (1000baseTX <full-duplex>)
        status: active
        vlan: 193 parent interface: em0
vlan200: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet ***.***.***.*** netmask 0xfffffffc broadcast ***.***.***.***
        ether 00:03:47:e3:37:0c
        media: Ethernet autoselect (1000baseTX <full-duplex>)
        status: active
        vlan: 200 parent interface: em0
vlan201: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet ***.***.***.*** netmask 0xfffffffc broadcast ***.***.***.***
        ether 00:15:17:2a:6e:49
        media: Ethernet autoselect (1000baseTX <full-duplex>)
        status: active
        vlan: 201 parent interface: em1

может кто сталкивался - хелп....

Заранее спасибо!

[Lexasoft]

Конфиг фаерволла и конец dmesg покажи

[Den_LocalNet]

Конфиг фаерволла и конец dmesg покажи

ipfw: ouch!, skip past end of rules, denying packet

ipfw: ouch!, skip past end of rules, denying packet

ipfw: ouch!, skip past end of rules, denying packet

ipfw: ouch!, skip past end of rules, denying packet

ipfw: ouch!, skip past end of rules, denying packet

фаервол

00002 count ip from any to any out via vlan193

00003 count ip from any to any in via vlan193

00004 count ip from any to any out via vlan191

00005 count ip from any to any in via vlan191

00006 count ip from any to any out via vlan200

00007 count ip from any to any in via vlan200

00008 count ip from any to ***.**.*6.90,***.**.*6.216/29,***.**.*6.224/28

00009 count ip from ***.**.*6.90,***.**.*6.216/29,***.**.*6.224/28 to any

00010 count ip from any to ***.**.*6.83,***.*.**.192/27,***.*.**.224/28

00011 count ip from ***.**.*6.83,***.*.**.192/27,***.*.**.224/28 to any

00012 count ip from any to ***.*.**.30

00013 count ip from ***.*.**.30 to any

00014 count ip from any to ***.*.**.2

00015 count ip from ***.*.**.2 to any

00016 count ip from any to ***.*.**.14

00017 count ip from ***.*.**.14 to any

00049 allow ip from 10.0.0.0/8 to ***.**.*4.0/22

00049 allow ip from ***.**.*4.0/22 to 10.0.0.0/8

00049 allow ip from ***.**.*4.0/22 to ***.*.**.0/24

00049 allow ip from ***.*.**.0/24 to ***.**.*4.0/22

00050 allow ip from any to me

00050 allow ip from me to any

00051 pipe 2323 ip from any to any in via vlan200

00051 pipe 2424 ip from any to any out via vlan200

00101 allow ip from me to any

00101 allow ip from any to me

00110 allow ip from any to me

00110 allow ip from me to any

00118 allow ip from any to 192.168.0.0/16

00118 allow ip from 192.168.0.0/16 to any

00123 allow ip from any to ***.**.*6.103

00123 allow ip from ***.**.*6.103 to any

00150 allow ip from 192.168.0.0/16 to 192.168.0.0/16

00503 pipe 32 ip from any to 10.10.3.4 in via vlan191

00503 pipe 33 ip from 10.10.3.4 to not table(2)

00504 pipe 1550 ip from any to 10.10.11.8 in via vlan191

00504 pipe 1551 ip from 10.10.11.8 to not table(2)

00504 pipe 1550 ip from any to 10.10.1.37 in via vlan191

00504 pipe 1551 ip from 10.10.1.37 to not table(2)

00504 pipe 64 ip from any to 10.10.11.16 in via vlan191

00504 pipe 65 ip from 10.10.11.16 to not table(2)

00504 pipe 75 ip from any to 10.10.30.2 in via vlan191

00504 pipe 76 ip from 10.10.30.2 to not table(2)

00504 pipe 75 ip from any to 10.10.39.7 in via vlan191

00504 pipe 76 ip from 10.10.39.7 to not table(2)

00504 pipe 100 ip from any to 10.10.1.49 in via vlan191

00504 pipe 101 ip from 10.10.1.49 to not table(2)

00504 pipe 100 ip from any to 10.10.9.23 in via vlan191

00504 pipe 101 ip from 10.10.9.23 to not table(2)

00504 pipe 100 ip from any to 10.10.9.27 in via vlan191

00504 pipe 101 ip from 10.10.9.27 to not table(2)

00504 pipe 100 ip from any to 10.10.11.10 in via vlan191

00504 pipe 101 ip from 10.10.11.10 to not table(2)

00504 pipe 100 ip from any to 10.10.11.20 in via vlan191

00504 pipe 101 ip from 10.10.11.20 to not table(2)

00504 pipe 100 ip from any to 10.10.11.21 in via vlan191

00504 pipe 101 ip from 10.10.11.21 to not table(2)

00504 pipe 100 ip from any to 10.10.11.24 in via vlan191

00504 pipe 101 ip from 10.10.11.24 to not table(2)

00504 pipe 100 ip from any to 10.10.11.25 in via vlan191

00504 pipe 101 ip from 10.10.11.25 to not table(2)

00504 pipe 100 ip from any to 10.10.14.7 in via vlan191

00504 pipe 101 ip from 10.10.14.7 to not table(2)

00504 pipe 100 ip from any to 10.10.14.10 in via vlan191

00504 pipe 101 ip from 10.10.14.10 to not table(2)

00504 pipe 100 ip from any to 10.10.15.19 in via vlan191

00504 pipe 101 ip from 10.10.15.19 to not table(2)

00504 pipe 100 ip from any to 10.10.15.31 in via vlan191

00504 pipe 101 ip from 10.10.15.31 to not table(2)

00504 pipe 100 ip from any to 10.10.15.37 in via vlan191

00504 pipe 101 ip from 10.10.15.37 to not table(2)

00504 pipe 100 ip from any to 10.10.16.20 in via vlan191

00504 pipe 101 ip from 10.10.16.20 to not table(2)

00504 pipe 100 ip from any to 10.10.16.21 in via vlan191

00504 pipe 101 ip from 10.10.16.21 to not table(2)

00504 pipe 100 ip from any to 10.10.29.1 in via vlan191

00504 pipe 101 ip from 10.10.29.1 to not table(2)

00504 pipe 100 ip from any to 10.10.37.7 in via vlan191

00504 pipe 101 ip from 10.10.37.7 to not table(2)

00504 pipe 100 ip from any to 10.10.38.9 in via vlan191

00504 pipe 101 ip from 10.10.38.9 to not table(2)

00504 pipe 100 ip from any to 10.10.39.2 in via vlan191

00504 pipe 101 ip from 10.10.39.2 to not table(2)

00504 pipe 100 ip from any to 10.10.39.9 in via vlan191

00504 pipe 101 ip from 10.10.39.9 to not table(2)

00504 pipe 100 ip from any to 10.10.47.2 in via vlan191

00504 pipe 101 ip from 10.10.47.2 to not table(2)

00504 pipe 100 ip from any to 10.10.47.1 in via vlan191

00504 pipe 101 ip from 10.10.47.1 to not table(2)

00504 pipe 100 ip from any to 10.10.48.5 in via vlan191

00504 pipe 101 ip from 10.10.48.5 to not table(2)

00504 pipe 100 ip from any to 10.10.51.1 in via vlan191

00504 pipe 101 ip from 10.10.51.1 to not table(2)

00504 pipe 100 ip from any to 10.10.54.1 in via vlan191

00504 pipe 101 ip from 10.10.54.1 to not table(2)

00504 pipe 100 ip from any to 10.10.54.2 in via vlan191

00504 pipe 101 ip from 10.10.54.2 to not table(2)

00504 pipe 100 ip from any to 10.10.57.3 in via vlan191

00504 pipe 101 ip from 10.10.57.3 to not table(2)

00504 pipe 100 ip from any to 10.10.59.2 in via vlan191

00504 pipe 101 ip from 10.10.59.2 to not table(2)

00504 pipe 100 ip from any to 10.10.60.1 in via vlan191

00504 pipe 101 ip from 10.10.60.1 to not table(2)

00505 pipe 32 ip from any to 10.10.12.5 in via vlan191

00506 pipe 33 ip from 10.10.12.5 to not table(2)

00509 pipe 32 ip from any to 10.10.13.9 in via vlan191

00509 pipe 33 ip from 10.10.13.9 to not table(2)

00509 pipe 32 ip from any to 10.10.18.2 in via vlan191

00509 pipe 33 ip from 10.10.18.2 to not table(2)

00509 pipe 100 ip from any to 10.10.7.17 in via vlan191

00509 pipe 101 ip from 10.10.7.17 to not table(2)

00509 pipe 100 ip from any to 10.10.7.100 in via vlan191

00509 pipe 101 ip from 10.10.7.100 to not table(2)

00512 pipe 32 ip from any to ***.**.*6.91 in via vlan191

00512 pipe 33 ip from ***.**.*6.91 to any out via vlan191

00513 pipe 64 ip from any to 10.10.9.11 in via vlan191

00513 pipe 65 ip from 10.10.9.11 to not table(2)

00513 pipe 64 ip from any to 10.10.9.16 in via vlan191

00513 pipe 65 ip from 10.10.9.16 to not table(2)

00513 pipe 64 ip from any to 10.10.9.21 in via vlan191

00513 pipe 65 ip from 10.10.9.21 to not table(2)

00514 pipe 64 ip from any to 10.10.12.12 in via vlan191

00514 pipe 65 ip from 10.10.12.12 to not table(2)

00516 pipe 32 ip from any to 10.10.18.4 in via vlan191

00516 pipe 33 ip from 10.10.18.4 to not table(2)

00516 pipe 64 ip from any to 10.10.0.3 in via vlan191

00516 pipe 65 ip from 10.10.0.3 to not table(2)

00516 pipe 64 ip from any to ***.*.**.82 in via vlan191

00516 pipe 65 ip from ***.*.**.82 to any out via vlan191

00516 pipe 64 ip from any to 10.10.0.15 in via vlan191

00516 pipe 65 ip from 10.10.0.15 to not table(2)

00516 pipe 64 ip from any to 10.10.0.100 in via vlan191

00516 pipe 65 ip from 10.10.0.100 to not table(2)

00516 pipe 64 ip from any to 10.10.1.12 in via vlan191

00516 pipe 65 ip from 10.10.1.12 to not table(2)

00516 pipe 64 ip from any to 10.10.1.13 in via vlan191

00516 pipe 65 ip from 10.10.1.13 to not table(2)

00516 pipe 64 ip from any to 10.10.2.3 in via vlan191

00516 pipe 65 ip from 10.10.2.3 to not table(2)

00516 pipe 64 ip from any to 10.10.5.4 in via vlan191

00516 pipe 65 ip from 10.10.5.4 to not table(2)

00516 pipe 64 ip from any to 10.10.7.4 in via vlan191

00516 pipe 65 ip from 10.10.7.4 to not table(2)

00516 pipe 64 ip from any to 10.10.7.10 in via vlan191

00516 pipe 65 ip from 10.10.7.10 to not table(2)

00516 pipe 64 ip from any to 10.10.9.5 in via vlan191

00516 pipe 65 ip from 10.10.9.5 to not table(2)

00516 pipe 64 ip from any to 10.10.13.22 in via vlan191

00516 pipe 65 ip from 10.10.13.22 to not table(2)

00516 pipe 1164 ip from any to 10.10.13.26 in via vlan191

00516 pipe 1165 ip from 10.10.13.26 to not table(2)

00516 pipe 1164 ip from any to 10.10.13.27 in via vlan191

00516 pipe 1165 ip from 10.10.13.27 to not table(2)

00516 pipe 64 ip from any to 10.10.16.5 in via vlan191

00516 pipe 65 ip from 10.10.16.5 to not table(2)

00516 pipe 64 ip from any to 10.10.18.1 in via vlan191

00516 pipe 65 ip from 10.10.18.1 to not table(2)

00516 pipe 64 ip from any to 10.10.18.5 in via vlan191

00516 pipe 65 ip from 10.10.18.5 to not table(2)

00516 pipe 64 ip from any to 10.10.19.2 in via vlan191

00516 pipe 65 ip from 10.10.19.2 to not table(2)

00516 pipe 64 ip from any to 10.10.22.3 in via vlan191

00516 pipe 65 ip from 10.10.22.3 to not table(2)

00516 pipe 64 ip from any to ***.**.*6.76 in via vlan191

00516 pipe 65 ip from ***.**.*6.76 to any out via vlan191

00516 pipe 75 ip from any to 10.10.0.36 in via vlan191

00516 pipe 76 ip from 10.10.0.36 to not table(2)

00516 pipe 75 ip from any to 10.10.3.3 in via vlan191

00516 pipe 76 ip from 10.10.3.3 to not table(2)

00516 pipe 75 ip from any to ***.*.**.76 in via vlan191

00516 pipe 76 ip from ***.*.**.76 to any out via vlan191

00516 pipe 75 ip from any to ***.**.*6.81 in via vlan191

00516 pipe 76 ip from ***.**.*6.81 to any out via vlan191

00516 pipe 100 ip from any to 10.10.0.33 in via vlan191

00516 pipe 101 ip from 10.10.0.33 to not table(2)

00516 pipe 100 ip from any to 10.10.0.39 in via vlan191

00516 pipe 101 ip from 10.10.0.39 to not table(2)

00516 pipe 100 ip from any to 10.10.0.41 in via vlan191

00516 pipe 101 ip from 10.10.0.41 to not table(2)

00516 pipe 100 ip from any to 10.10.1.11 in via vlan191

00516 pipe 101 ip from 10.10.1.11 to not table(2)

00516 pipe 100 ip from any to 10.10.1.25 in via vlan191

00516 pipe 101 ip from 10.10.1.25 to not table(2)

00516 pipe 100 ip from any to 10.10.1.33 in via vlan191

00516 pipe 101 ip from 10.10.1.33 to not table(2)

00516 pipe 100 ip from any to 10.10.1.34 in via vlan191

00516 pipe 101 ip from 10.10.1.34 to not table(2)

00516 pipe 100 ip from any to 10.10.1.44 in via vlan191

00516 pipe 101 ip from 10.10.1.44 to not table(2)

00516 pipe 100 ip from any to 10.10.1.47 in via vlan191

00516 pipe 101 ip from 10.10.1.47 to not table(2)

00516 pipe 100 ip from any to ***.*.**.48 in via vlan191

00516 pipe 101 ip from ***.*.**.48 to any out via vlan191

00516 pipe 100 ip from any to 10.10.2.4 in via vlan191

00516 pipe 101 ip from 10.10.2.4 to not table(2)

00516 pipe 100 ip from any to 10.10.2.5 in via vlan191

00516 pipe 101 ip from 10.10.2.5 to not table(2)

00516 pipe 100 ip from any to 10.10.2.8 in via vlan191

00516 pipe 101 ip from 10.10.2.8 to not table(2)

00516 pipe 100 ip from any to 10.10.2.11 in via vlan191

00516 pipe 101 ip from 10.10.2.11 to not table(2)

00516 pipe 100 ip from any to 10.10.3.8 in via vlan191

00516 pipe 101 ip from 10.10.3.8 to not table(2)

00516 pipe 100 ip from any to 10.10.6.4 in via vlan191

00516 pipe 101 ip from 10.10.6.4 to not table(2)

00516 pipe 100 ip from any to 10.10.6.6 in via vlan191

00516 pipe 101 ip from 10.10.6.6 to not table(2)

00516 pipe 100 ip from any to ***.*.**.31 in via vlan191

00516 pipe 101 ip from ***.*.**.31 to any out via vlan191

00516 pipe 100 ip from any to 10.10.13.7 in via vlan191

00516 pipe 101 ip from 10.10.13.7 to not table(2)

00516 pipe 100 ip from any to 10.10.13.30 in via vlan191

00516 pipe 101 ip from 10.10.13.30 to not table(2)

00516 pipe 100 ip from any to 10.10.13.34 in via vlan191

00516 pipe 101 ip from 10.10.13.34 to not table(2)

00516 pipe 100 ip from any to 10.10.13.15 in via vlan191

00516 pipe 101 ip from 10.10.13.15 to not table(2)

00516 pipe 100 ip from any to ***.*.**.40 in via vlan191

00516 pipe 101 ip from ***.*.**.40 to any out via vlan191

00516 pipe 100 ip from any to ***.*.**.59 in via vlan191

00516 pipe 101 ip from ***.*.**.59 to any out via vlan191

00516 pipe 100 ip from any to 10.10.17.1 in via vlan191

00516 pipe 101 ip from 10.10.17.1 to not table(2)

00516 pipe 100 ip from any to ***.*.**.77 in via vlan191

00516 pipe 101 ip from ***.*.**.77 to any out via vlan191

00516 pipe 100 ip from any to 10.10.21.4 in via vlan191

00516 pipe 101 ip from 10.10.21.4 to not table(2)

00516 pipe 100 ip from any to 10.10.22.5 in via vlan191

00516 pipe 101 ip from 10.10.22.5 to not table(2)

00516 pipe 100 ip from any to 10.10.23.2 in via vlan191

00516 pipe 101 ip from 10.10.23.2 to not table(2)

00516 pipe 100 ip from any to ***.*.**.85 in via vlan191

00516 pipe 101 ip from ***.*.**.85 to any out via vlan191

00516 pipe 100 ip from any to 10.10.24.2 in via vlan191

00516 pipe 101 ip from 10.10.24.2 to not table(2)

00516 pipe 100 ip from any to ***.*.**.37 in via vlan191

00516 pipe 101 ip from ***.*.**.37 to any out via vlan191

00516 pipe 100 ip from any to ***.*.**.44 in via vlan191

00516 pipe 101 ip from ***.*.**.44 to any out via vlan191

00516 pipe 100 ip from any to ***.*.**.72 in via vlan191

00516 pipe 101 ip from ***.*.**.72 to any out via vlan191

00516 pipe 100 ip from any to ***.**.*6.92 in via vlan191

00516 pipe 101 ip from ***.**.*6.92 to any out via vlan191

00516 pipe 128 ip from any to ***.*.**.4 in via vlan191

00516 pipe 129 ip from ***.*.**.4 to any out via vlan191

00516 pipe 12812 ip from any to ***.*.**.75 in via vlan191

00516 pipe 12912 ip from ***.*.**.75 to any out via vlan191

00516 pipe 12812 ip from any to ***.*.**.114 in via vlan191

00516 pipe 12912 ip from ***.*.**.114 to any out via vlan191

00516 pipe 128 ip from any to ***.*.**.113 in via vlan191

00516 pipe 129 ip from ***.*.**.113 to any out via vlan191

00517 pipe 100 ip from any to 10.10.0.2 in via vlan191

00517 pipe 101 ip from 10.10.0.2 to not table(2)

00517 pipe 100 ip from any to 10.10.8.7 in via vlan191

00517 pipe 101 ip from 10.10.8.7 to not table(2)

00517 pipe 128 ip from any to 10.10.0.12 in via vlan191

00517 pipe 129 ip from 10.10.0.12 to not table(2)

00518 pipe 128 ip from any to 10.10.13.8 in via vlan191

00518 pipe 128 ip from 10.10.13.8 to not table(2)

00518 pipe 128 ip from any to 10.10.13.29 in via vlan191

00518 pipe 128 ip from 10.10.13.29 to not table(2)

00518 pipe 128 ip from any to ***.**.*6.77 in via vlan191

00518 pipe 129 ip from ***.**.*6.77 to any out via vlan191

00519 pipe 128 ip from any to ***.*.**.50 in via vlan191

00519 pipe 129 ip from ***.*.**.50 to any out via vlan191

00519 pipe 128 ip from any to 10.10.9.31 in via vlan191

00519 pipe 129 ip from 10.10.9.31 to not table(2)

00519 pipe 128 ip from any to ***.*.**.98 in via vlan191

00519 pipe 129 ip from ***.*.**.98 to any out via vlan191

00519 pipe 12813 ip from any to 10.10.13.1 in via vlan191

00519 pipe 12913 ip from 10.10.13.1 to not table(2)

00519 pipe 12813 ip from any to ***.*.**.24 in via vlan191

00519 pipe 12913 ip from ***.*.**.24 to any out via vlan191

00519 pipe 128 ip from any to ***.*.**.57 in via vlan191

00519 pipe 129 ip from ***.*.**.57 to any out via vlan191

00519 pipe 128 ip from any to ***.*.**.43 in via vlan191

00519 pipe 129 ip from ***.*.**.43 to any out via vlan191

00519 pipe 128 ip from any to ***.*.**.52 in via vlan191

00519 pipe 129 ip from ***.*.**.52 to any out via vlan191

00520 pipe 75 ip from any to 10.10.0.8 in via vlan191

00520 pipe 76 ip from 10.10.0.8 to not table(2)

00520 pipe 75 ip from any to 10.10.6.2 in via vlan191

00520 pipe 76 ip from 10.10.6.2 to not table(2)

00520 pipe 75 ip from any to 10.10.7.19 in via vlan191

00520 pipe 76 ip from 10.10.7.19 to not table(2)

00520 pipe 75 ip from any to 10.10.12.5 in via vlan191

00520 pipe 76 ip from 10.10.12.5 to not table(2)

00520 pipe 75 ip from any to 10.10.12.100 in via vlan191

00520 pipe 76 ip from 10.10.12.100 to not table(2)

00520 pipe 75 ip from any to 10.10.12.15 in via vlan191

00520 pipe 76 ip from 10.10.12.15 to not table(2)

00520 pipe 75 ip from any to 10.10.15.26 in via vlan191

00520 pipe 76 ip from 10.10.15.26 to not table(2)

00520 pipe 75 ip from any to 10.10.16.17 in via vlan191

00520 pipe 76 ip from 10.10.16.17 to not table(2)

00520 pipe 75 ip from any to 10.10.29.2 in via vlan191

00520 pipe 76 ip from 10.10.29.2 to not table(2)

00520 pipe 75 ip from any to 10.10.44.1 in via vlan191

00520 pipe 76 ip from 10.10.44.1 to not table(2)

00520 pipe 100 ip from any to 10.10.34.4 in via vlan191

00520 pipe 101 ip from 10.10.34.4 to not table(2)

00520 pipe 128 ip from any to 10.10.0.31 in via vlan191

00520 pipe 129 ip from 10.10.0.31 to not table(2)

00520 pipe 128 ip from any to 10.10.2.2 in via vlan191

00520 pipe 129 ip from 10.10.2.2 to not table(2)

00520 pipe 1560 ip from any to 10.10.2.7 in via vlan191

00520 pipe 1561 ip from 10.10.2.7 to not table(2)

00520 pipe 1560 ip from any to 10.10.2.100 in via vlan191

00520 pipe 1561 ip from 10.10.2.100 to not table(2)

00520 pipe 128 ip from any to 10.10.5.2 in via vlan191

00520 pipe 129 ip from 10.10.5.2 to not table(2)

00520 pipe 128 ip from any to 10.10.5.3 in via vlan191

00520 pipe 129 ip from 10.10.5.3 to not table(2)

00520 pipe 128 ip from any to 10.10.7.22 in via vlan191

00520 pipe 129 ip from 10.10.7.22 to not table(2)

00520 pipe 128 ip from any to 10.10.8.5 in via vlan191

00520 pipe 129 ip from 10.10.8.5 to not table(2)

00520 pipe 128 ip from any to 10.10.9.13 in via vlan191

00520 pipe 129 ip from 10.10.9.13 to not table(2)

00520 pipe 128 ip from any to 10.10.11.22 in via vlan191

00520 pipe 129 ip from 10.10.11.22 to not table(2)

00520 pipe 128 ip from any to 10.10.14.6 in via vlan191

00520 pipe 129 ip from 10.10.14.6 to not table(2)

00520 pipe 128 ip from any to 10.10.15.27 in via vlan191

00520 pipe 129 ip from 10.10.15.27 to not table(2)

00520 pipe 128 ip from any to 10.10.16.3 in via vlan191

00520 pipe 129 ip from 10.10.16.3 to not table(2)

00520 pipe 128 ip from any to ***.*.**.70 in via vlan191

00520 pipe 129 ip from ***.*.**.70 to not table(2)

00520 pipe 128 ip from any to 10.10.16.23 in via vlan191

00520 pipe 129 ip from 10.10.16.23 to not table(2)

00520 pipe 128 ip from any to 10.10.27.3 in via vlan191

00520 pipe 129 ip from 10.10.27.3 to not table(2)

00520 pipe 128 ip from any to 10.10.28.1 in via vlan191

00520 pipe 129 ip from 10.10.28.1 to not table(2)

00520 pipe 128 ip from any to 10.10.31.1 in via vlan191

00520 pipe 129 ip from 10.10.31.1 to not table(2)

00520 pipe 256 ip from any to 10.10.34.3 in via vlan191

00520 pipe 257 ip from 10.10.34.3 to not table(2)

00520 pipe 256 ip from any to 77.87.151.2 in via vlan191

00520 pipe 257 ip from 77.87.151.2 to any out via vlan191

00520 pipe 128 ip from any to 10.10.40.1 in via vlan191

00520 pipe 129 ip from 10.10.40.1 to not table(2)

00520 pipe 128 ip from any to ***.*.**.32 in via vlan191

00520 pipe 129 ip from ***.*.**.32 to any out via vlan191

00520 pipe 128 ip from any to 10.10.44.2 in via vlan191

00520 pipe 129 ip from 10.10.44.2 to not table(2)

00520 pipe 128 ip from any to 10.10.45.1 in via vlan191

00520 pipe 129 ip from 10.10.45.1 to not table(2)

00520 pipe 128 ip from any to 10.10.57.1 in via vlan191

00520 pipe 129 ip from 10.10.57.1 to not table(2)

00520 pipe 128 ip from any to ***.**.*6.69 in via vlan191

00520 pipe 129 ip from ***.**.*6.69 to any out via vlan191

00520 pipe 256 ip from any to 10.10.42.5 in via vlan191

00520 pipe 257 ip from 10.10.42.5 to not table(2)

00521 pipe 100 ip from any to ***.*.**.23 in via vlan191

00521 pipe 101 ip from ***.*.**.23 to any out via vlan191

00521 pipe 128 ip from any to ***.**.*6.73 in via vlan191

00521 pipe 129 ip from ***.**.*6.73 to any out via vlan191

00521 pipe 128 ip from any to ***.**.*6.84 in via vlan191

00521 pipe 129 ip from ***.**.*6.84 to any out via vlan191

00521 pipe 256 ip from any to ***.*.**.60 in via vlan191

00521 pipe 256 ip from ***.*.**.60 to any out via vlan191

00521 pipe 384 ip from any to ***.*.**.74 in via vlan191

00521 pipe 385 ip from ***.*.**.74 to any out via vlan191

00522 pipe 1554 ip from any to 10.10.26.1 in via vlan191

00522 pipe 1555 ip from 10.10.26.1 to not table(2)

00522 pipe 1554 ip from any to 10.10.26.2 in via vlan191

00522 pipe 1555 ip from 10.10.26.2 to not table(2)

00522 pipe 100 ip from any to 10.10.27.5 in via vlan191

00522 pipe 101 ip from 10.10.27.5 to not table(2)

00522 pipe 100 ip from any to 10.10.28.3 in via vlan191

00522 pipe 101 ip from 10.10.28.3 to not table(2)

00522 pipe 256 ip from any to 10.10.1.17 in via vlan191

00522 pipe 257 ip from 10.10.1.17 to not table(2)

00522 pipe 256 ip from any to 10.10.8.6 in via vlan191

00522 pipe 257 ip from 10.10.8.6 to not table(2)

00522 pipe 512 ip from any to ***.*.**.5 in via vlan191

00522 pipe 513 ip from ***.*.**.5 to any out via vlan191

00522 pipe 512 ip from any to ***.*.**.92 in via vlan191

00522 pipe 513 ip from ***.*.**.92 to any out via vlan191

00522 pipe 514 ip from any to ***.**.*6.68 in via vlan191

00522 pipe 515 ip from ***.**.*6.68 to any out via vlan191

00522 pipe 514 ip from any to ***.**.*6.86 in via vlan191

00522 pipe 515 ip from ***.**.*6.86 to any out via vlan191

00522 pipe 514 ip from any to ***.**.*6.87 in via vlan191

00522 pipe 515 ip from ***.**.*6.87 to any out via vlan191

00522 pipe 514 ip from any to ***.**.*6.80 in via vlan191

00522 pipe 515 ip from ***.**.*6.80 to any out via vlan191

00523 pipe 20000 ip from any to ***.**.*6.83 in via vlan193

00523 pipe 20001 ip from ***.**.*6.83 to any out via vlan193

00523 pipe 20000 ip from any to ***.*.**.192/27 in via vlan193

00523 pipe 20001 ip from ***.*.**.192/27 to any out via vlan193

00523 pipe 20000 ip from any to ***.*.**.224/28 in via vlan193

00523 pipe 20001 ip from ***.*.**.224/28 to any out via vlan193

00523 pipe 20000 ip from any to ***.*.**.160/27 in via vlan193

00523 pipe 20001 ip from ***.*.**.160/27 to any out via vlan193

00523 pipe 2005 ip from any to ***.**.*6.83 in via vlan191

00523 pipe 2006 ip from ***.**.*6.83 to any out via vlan191

00523 pipe 2005 ip from any to ***.*.**.192/27 in via vlan191

00523 pipe 2006 ip from ***.*.**.192/27 to any out via vlan191

00523 pipe 2005 ip from any to ***.*.**.224/28 in via vlan191

00523 pipe 2006 ip from ***.*.**.224/28 to any out via vlan191

00523 pipe 2005 ip from any to ***.*.**.160/27 in via vlan191

00523 pipe 2006 ip from ***.*.**.160/27 to any out via vlan191

00523 pipe 5005 ip from any to ***.*.**.55 in via vlan191

00523 pipe 5006 ip from ***.*.**.55 to any out via vlan191

00523 pipe 5005 ip from any to ***.**.*6.216/29 in via vlan191

00523 pipe 5006 ip from ***.**.*6.216/29 to any out via vlan191

00523 pipe 5005 ip from any to ***.**.*6.224/28 in via vlan191

00523 pipe 5006 ip from ***.**.*6.224/28 to any out via vlan191

00523 pipe 5009 ip from any to ***.*.**.14 in via vlan191

00523 pipe 5010 ip from ***.*.**.14 to any out via vlan191

00523 pipe 5009 ip from any to ***.**.*6.8/29 in via vlan191

00523 pipe 5010 ip from ***.**.*6.8/29 to any out via vlan191

00523 pipe 5013 ip from any to ***.*.**.2 in via vlan191

00523 pipe 5014 ip from ***.*.**.2 to any out via vlan191

00523 pipe 5013 ip from any to ***.*.**.240/29 in via vlan191

00523 pipe 5014 ip from ***.*.**.240/29 to any out via vlan191

00523 pipe 5013 ip from any to ***.*.**.128/27 in via vlan191

00523 pipe 5014 ip from ***.*.**.128/27 to any out via vlan191

00523 pipe 5017 ip from any to ***.*.**.30 in via vlan191

00523 pipe 5018 ip from ***.*.**.30 to any out via vlan191

00524 pipe 30000 ip from any to ***.*.**.55 in via vlan193

00524 pipe 30001 ip from ***.*.**.55 to any out via vlan193

00524 pipe 30000 ip from any to ***.**.*6.216/29 in via vlan193

00524 pipe 30001 ip from ***.**.*6.216/29 to any out via vlan193

00524 pipe 30000 ip from any to ***.**.*6.224/28 in via vlan193

00524 pipe 30001 ip from ***.**.*6.224/28 to any out via vlan193

00524 pipe 5007 ip from any to ***.*.**.14 in via vlan193

00524 pipe 5008 ip from ***.*.**.14 to any out via vlan193

00524 pipe 5007 ip from any to ***.**.*6.8/29 in via vlan193

00524 pipe 5008 ip from ***.**.*6.8/29 to any out via vlan193

00524 pipe 5011 ip from any to ***.*.**.2 in via vlan193

00524 pipe 5012 ip from ***.*.**.2 to any out via vlan193

00524 pipe 5011 ip from any to ***.*.**.240/29 in via vlan193

00524 pipe 5012 ip from ***.*.**.240/29 to any out via vlan193

00524 pipe 5011 ip from any to ***.*.**.128/27 in via vlan193

00524 pipe 5012 ip from ***.*.**.128/27 to any out via vlan193

00524 pipe 5015 ip from any to ***.*.**.30 in via vlan193

00524 pipe 5016 ip from ***.*.**.30 to any out via vlan193

00526 pipe 9998 ip from any to 10.10.3.8 in via vlan193

00526 pipe 9999 ip from 10.10.3.8 to table(2)

00526 pipe 9998 ip from any to 10.10.12.6 in via vlan193

00526 pipe 9999 ip from 10.10.12.6 to table(2)

00526 pipe 9998 ip from any to 10.10.0.32 in via vlan193

00526 pipe 9999 ip from 10.10.0.32 to table(2)

00526 pipe 9998 ip from any to 10.10.53.1 in via vlan193

00526 pipe 9999 ip from 10.10.53.1 to table(2)

00526 pipe 9998 ip from any to 10.10.15.34 in via vlan193

00526 pipe 9999 ip from 10.10.15.34 to table(2)

00526 pipe 9998 ip from any to 10.10.13.1 in via vlan193

00526 pipe 9999 ip from 10.10.13.1 to table(2)

00526 pipe 9998 ip from any to 10.10.0.8 in via vlan193

00526 pipe 9999 ip from 10.10.0.8 to table(2)

00526 pipe 9998 ip from any to 10.10.45.2 in via vlan193

00526 pipe 9999 ip from 10.10.12.6 to table(2)

00526 pipe 9998 ip from any to 10.10.38.6 in via vlan193

00526 pipe 9999 ip from 10.10.38.6 to table(2)

00526 pipe 9998 ip from any to 10.10.26.3 in via vlan193

00526 pipe 9999 ip from 10.10.26.3 to table(2)

00526 pipe 9998 ip from any to 10.10.16.15 in via vlan193

00526 pipe 9999 ip from 10.10.16.15 to table(2)

00526 pipe 9998 ip from any to 10.10.19.2 in via vlan193

00526 pipe 9999 ip from 10.10.19.2 to table(2)

00526 pipe 9998 ip from any to 10.10.54.2 in via vlan193

00526 pipe 9999 ip from 10.10.54.2 to table(2)

00526 pipe 9998 ip from any to 10.10.29.5 in via vlan193

00526 pipe 9999 ip from 10.10.29.5 to table(2)

00526 pipe 9998 ip from any to 10.10.7.8 in via vlan193

00526 pipe 9999 ip from 10.10.7.8 to table(2)

00526 pipe 9998 ip from any to 10.10.6.8 in via vlan193

00526 pipe 9999 ip from 10.10.6.8 to table(2)

00526 pipe 9998 ip from any to 10.10.7.15 in via vlan193

00526 pipe 9999 ip from 10.10.7.15 to table(2)

00526 pipe 9998 ip from any to 10.10.4.5 in via vlan193

00526 pipe 9999 ip from 10.10.4.5 to table(2)

00526 pipe 9998 ip from any to 10.10.29.4 in via vlan193

00526 pipe 9999 ip from 10.10.29.4 to table(2)

00526 pipe 9998 ip from any to 10.10.24.2 in via vlan193

00526 pipe 9999 ip from 10.10.24.2 to table(2)

00526 pipe 9998 ip from any to 10.10.4.4 in via vlan193

00526 pipe 9999 ip from 10.10.4.4 to table(2)

00526 pipe 9998 ip from any to 10.10.5.4 in via vlan193

00526 pipe 9999 ip from 10.10.5.4 to table(2)

00526 pipe 9998 ip from any to 10.10.15.32 in via vlan193

00526 pipe 9999 ip from 10.10.15.32 to table(2)

00526 pipe 9998 ip from any to 10.10.1.13 in via vlan193

00526 pipe 9999 ip from 10.10.1.13 to table(2)

00526 pipe 9998 ip from any to 10.10.1.20 in via vlan193

00526 pipe 9999 ip from 10.10.1.20 to table(2)

00526 pipe 9998 ip from any to 10.10.40.2 in via vlan193

00526 pipe 9999 ip from 10.10.40.2 to table(2)

00526 pipe 9998 ip from any to 10.10.2.2 in via vlan193

00526 pipe 9999 ip from 10.10.2.2 to table(2)

00526 pipe 9998 ip from any to 10.10.2.3 in via vlan193

00526 pipe 9999 ip from 10.10.2.3 to table(2)

00526 pipe 9998 ip from any to 10.10.3.7 in via vlan193

00526 pipe 9999 ip from 10.10.3.7 to table(2)

00526 pipe 9998 ip from any to 10.10.13.30 in via vlan193

00526 pipe 9999 ip from 10.10.13.30 to table(2)

00599 pipe 9998 ip from any to 10.10.1.18 in via vlan193

00599 pipe 9999 ip from 10.10.1.18 to table(2)

00599 pipe 9998 ip from any to 10.10.0.27 in via vlan193

00599 pipe 9999 ip from 10.10.0.27 to table(2)

00599 pipe 9998 ip from any to 10.10.30.1 in via vlan193

00599 pipe 9999 ip from 10.10.30.1 to table(2)

00599 pipe 9998 ip from any to 10.10.1.17 in via vlan193

00599 pipe 9999 ip from 10.10.1.17 to table(2)

00599 pipe 9998 ip from any to 10.10.13.7 in via vlan193

00599 pipe 9999 ip from 10.10.13.7 to table(2)

00599 pipe 9998 ip from any to 10.10.13.10 in via vlan193

00599 pipe 9999 ip from 10.10.13.10 to table(2)

00599 pipe 9998 ip from any to 10.10.18.5 in via vlan193

00599 pipe 9999 ip from 10.10.18.5 to table(2)

00599 pipe 9998 ip from any to 10.10.15.1 in via vlan193

00599 pipe 9999 ip from 10.10.15.1 to table(2)

00599 pipe 9998 ip from any to 10.10.5.2 in via vlan193

00599 pipe 9999 ip from 10.10.5.2 to table(2)

00599 pipe 9998 ip from any to 10.10.15.4 in via vlan193

00599 pipe 9999 ip from 10.10.15.4 to table(2)

00599 pipe 9998 ip from any to 10.10.15.2 in via vlan193

00599 pipe 9999 ip from 10.10.15.2 to table(2)

00599 pipe 9998 ip from any to 10.10.0.15 in via vlan193

00599 pipe 9999 ip from 10.10.0.15 to table(2)

00599 pipe 9998 ip from any to 10.10.7.16 in via vlan193

00599 pipe 9999 ip from 10.10.7.16 to table(2)

00599 pipe 9998 ip from any to 10.10.9.11 in via vlan193

00599 pipe 9999 ip from 10.10.9.11 to table(2)

00599 pipe 9998 ip from any to 10.10.9.12 in via vlan193

00599 pipe 9999 ip from 10.10.9.12 to table(2)

00599 pipe 9998 ip from any to 10.10.9.23 in via vlan193

00599 pipe 9999 ip from 10.10.9.23 to table(2)

00599 pipe 9998 ip from any to 10.10.9.21 in via vlan193

00599 pipe 9999 ip from 10.10.9.21 to table(2)

00599 pipe 9998 ip from any to 10.10.14.4 in via vlan193

00599 pipe 9999 ip from 10.10.14.4 to table(2)

00599 pipe 9998 ip from any to 10.10.8.1 in via vlan193

00599 pipe 9999 ip from 10.10.8.1 to table(2)

00599 pipe 9998 ip from any to 10.10.8.4 in via vlan193

00599 pipe 9999 ip from 10.10.8.4 to table(2)

00599 pipe 9998 ip from any to 10.10.11.11 in via vlan193

00599 pipe 9999 ip from 10.10.11.11 to table(2)

00599 pipe 9998 ip from any to 10.10.11.6 in via vlan193

00599 pipe 9999 ip from 10.10.11.6 to table(2)

00599 pipe 9998 ip from any to 10.10.17.1 in via vlan193

00599 pipe 9999 ip from 10.10.17.1 to table(2)

00599 pipe 9998 ip from any to 10.10.11.3 in via vlan193

00599 pipe 9999 ip from 10.10.11.3 to table(2)

00599 pipe 9998 ip from any to 10.10.13.15 in via vlan193

00599 pipe 9999 ip from 10.10.13.15 to table(2)

00599 pipe 9998 ip from any to 10.10.16.2 in via vlan193

00599 pipe 9999 ip from 10.10.16.2 to table(2)

00599 pipe 9998 ip from any to 10.10.16.10 in via vlan193

00599 pipe 9999 ip from 10.10.16.10 to table(2)

00599 pipe 9998 ip from any to 10.10.16.8 in via vlan193

00599 pipe 9999 ip from 10.10.16.8 to table(2)

00599 pipe 9998 ip from any to 10.10.16.17 in via vlan193

00599 pipe 9999 ip from 10.10.16.17 to table(2)

00599 pipe 9998 ip from any to 10.10.37.5 in via vlan193

00599 pipe 9999 ip from 10.10.37.5 to table(2)

00599 pipe 9998 ip from any to 10.10.1.17 in via vlan193

00599 pipe 9999 ip from 10.10.1.17 to table(2)

00599 pipe 9998 ip from any to 10.10.9.4 in via vlan193

00599 pipe 9999 ip from 10.10.9.4 to table(2)

00599 pipe 9998 ip from any to 10.10.9.14 in via vlan193

00599 pipe 9999 ip from 10.10.9.14 to table(2)

00599 pipe 9998 ip from any to 10.10.13.9 in via vlan193

00599 pipe 9999 ip from 10.10.13.9 to table(2)

00599 pipe 9998 ip from any to 10.10.13.20 in via vlan193

00599 pipe 9999 ip from 10.10.13.20 to table(2)

00600 pipe 9998 ip from any to ***.**.*6.71 in via vlan193

00600 pipe 9999 ip from ***.**.*6.71 to any out via vlan193

00600 pipe 9998 ip from any to ***.**.*6.78 in via vlan193

00600 pipe 9999 ip from ***.**.*6.78 to any out via vlan193

00600 pipe 9998 ip from any to ***.**.*6.80 in via vlan193

00600 pipe 9999 ip from ***.**.*6.80 to any out via vlan193

00600 pipe 9998 ip from any to ***.**.*6.72 in via vlan193

00600 pipe 9999 ip from ***.**.*6.72 to any out via vlan193

00600 pipe 9998 ip from any to ***.**.*6.74 in via vlan193

00600 pipe 9999 ip from ***.**.*6.74 to any out via vlan193

00600 pipe 9998 ip from any to ***.**.*6.76 in via vlan193

00600 pipe 9999 ip from ***.**.*6.76 to any out via vlan193

00600 pipe 9998 ip from any to ***.**.*6.84 in via vlan193

00600 pipe 9999 ip from ***.**.*6.84 to any out via vlan193

00600 pipe 9998 ip from any to ***.*.**.5 in via vlan193

00600 pipe 9999 ip from ***.*.**.5 to any out via vlan193

00600 pipe 9998 ip from any to ***.*.**.98 in via vlan193

00600 pipe 9999 ip from ***.*.**.98 to any out via vlan193

00600 pipe 9998 ip from any to ***.*.**.71 in via vlan193

00600 pipe 9999 ip from ***.*.**.71 to any out via vlan193

00600 pipe 9998 ip from any to ***.*.**.81 in via vlan193

00600 pipe 9999 ip from ***.*.**.81 to any out via vlan193

00600 pipe 9998 ip from any to ***.*.**.78 in via vlan193

00600 pipe 9999 ip from ***.*.**.78 to any out via vlan193

00600 pipe 9998 ip from any to ***.*.**.72 in via vlan193

00600 pipe 9999 ip from ***.*.**.72 to any out via vlan193

00600 pipe 9998 ip from any to ***.*.**.73 in via vlan193

00600 pipe 9999 ip from ***.*.**.73 to any out via vlan193

00600 pipe 9998 ip from any to ***.*.**.44 in via vlan193

00600 pipe 9999 ip from ***.*.**.44 to any out via vlan193

00600 pipe 9998 ip from any to ***.*.**.70 in via vlan193

00600 pipe 9999 ip from ***.*.**.70 to any out via vlan193

00600 pipe 9998 ip from any to ***.*.**.94 in via vlan193

00600 pipe 9999 ip from ***.*.**.94 to any out via vlan193

00600 pipe 9998 ip from any to ***.*.**.95 in via vlan193

00600 pipe 9999 ip from ***.*.**.95 to any out via vlan193

00600 pipe 9998 ip from any to ***.*.**.54 in via vlan193

00600 pipe 9999 ip from ***.*.**.54 to any out via vlan193

00600 pipe 9998 ip from any to ***.*.**.7 in via vlan193

00600 pipe 9999 ip from ***.*.**.7 to any out via vlan193

00600 pipe 9998 ip from any to ***.*.**.64 in via vlan193

00600 pipe 9999 ip from ***.*.**.64 to any out via vlan193

00600 pipe 9998 ip from any to ***.*.**.52 in via vlan193

00600 pipe 9999 ip from ***.*.**.52 to any out via vlan193

00600 pipe 9998 ip from any to ***.*.**.56 in via vlan193

00600 pipe 9999 ip from ***.*.**.56 to any out via vlan193

00600 pipe 9998 ip from any to ***.*.**.46 in via vlan193

00600 pipe 9999 ip from ***.*.**.46 to any out via vlan193

00600 pipe 9998 ip from any to ***.*.**.16 in via vlan193

00600 pipe 9999 ip from ***.*.**.16 to any out via vlan193

00600 pipe 9998 ip from any to 10.10.1.33 in via vlan193

00600 pipe 9999 ip from 10.10.1.33 to any out via vlan193

00600 pipe 9998 ip from any to 10.10.16.11 in via vlan193

00600 pipe 9999 ip from 10.10.16.11 to any out via vlan193

00600 pipe 9998 ip from any to 10.10.22.3 in via vlan193

00600 pipe 9999 ip from 10.10.22.3 to any out via vlan193

00600 pipe 9998 ip from any to ***.*.**.24 in via vlan193

00600 pipe 9999 ip from ***.*.**.24 to any out via vlan193

00600 pipe 9998 ip from any to ***.*.**.26 in via vlan193

00600 pipe 9999 ip from ***.*.**.26 to any out via vlan193

00600 pipe 9998 ip from any to ***.*.**.4 in via vlan193

00600 pipe 9999 ip from ***.*.**.4 to any out via vlan193

00600 pipe 9990 ip from any to ***.**.*6.69 in via vlan193

00600 pipe 9999 ip from ***.**.*6.69 to any out via vlan193

00600 pipe 1558 ip from any to ***.**.*6.81 in via vlan193

00600 pipe 1559 ip from ***.**.*6.81 to any out via vlan193

00600 pipe 1558 ip from any to ***.*.**.20 in via vlan193

00600 pipe 1559 ip from ***.*.**.20 to any out via vlan193

00600 pipe 9998 ip from any to ***.*.**.29 in via vlan193

00600 pipe 9999 ip from ***.*.**.29 to any out via vlan193

00600 pipe 9998 ip from any to ***.*.**.23 in via vlan193

00600 pipe 9999 ip from ***.*.**.23 to any out via vlan193

00600 pipe 9998 ip from any to ***.*.**.62 in via vlan193

00600 pipe 9999 ip from ***.*.**.62 to any out via vlan193

00600 pipe 9998 ip from any to ***.*.**.37 in via vlan193

00600 pipe 9999 ip from ***.*.**.37 to any out via vlan193

00600 pipe 9998 ip from any to ***.*.**.60 in via vlan193

00600 pipe 9999 ip from ***.*.**.60 to any out via vlan193

00600 pipe 9998 ip from any to ***.*.**.63 in via vlan193

00600 pipe 9999 ip from ***.*.**.63 to any out via vlan193

00600 pipe 9998 ip from any to ***.*.**.64 in via vlan193

00600 pipe 9999 ip from ***.*.**.64 to any out via vlan193

00600 pipe 9998 ip from any to ***.*.**.76 in via vlan193

00600 pipe 9999 ip from ***.*.**.76 to any out via vlan193

00600 pipe 9998 ip from any to ***.*.**.75 in via vlan193

00600 pipe 9999 ip from ***.*.**.75 to any out via vlan193

00600 pipe 9998 ip from any to ***.*.**.114 in via vlan193

00600 pipe 9999 ip from ***.*.**.114 to any out via vlan193

00600 pipe 9998 ip from any to 10.10.3.5 in via vlan193

00600 pipe 9999 ip from 10.10.3.5 to table(2)

00600 pipe 9998 ip from any to 10.10.1.33 in via vlan193

00600 pipe 9999 ip from 10.10.1.33 to table(2)

00600 pipe 9998 ip from any to 10.10.1.27 in via vlan193

00600 pipe 9999 ip from 10.10.1.27 to table(2)

00600 pipe 9998 ip from any to 10.10.42.2 in via vlan193

00600 pipe 9999 ip from 10.10.42.2 to table(2)

00600 pipe 9998 ip from any to 10.10.45.1 in via vlan193

00600 pipe 9999 ip from 10.10.45.1 to table(2)

00600 pipe 9998 ip from any to 10.10.13.5 in via vlan193

00600 pipe 9999 ip from 10.10.13.5 to table(2)

00600 pipe 9998 ip from any to 10.10.7.6 in via vlan193

00600 pipe 9999 ip from 10.10.7.6 to table(2)

00600 pipe 9998 ip from any to 10.10.15.9 in via vlan193

00600 pipe 9999 ip from 10.10.15.9 to table(2)

00600 pipe 9998 ip from any to 10.10.15.11 in via vlan193

00600 pipe 9999 ip from 10.10.15.11 to table(2)

00600 pipe 9998 ip from any to 10.10.13.31 in via vlan193

00600 pipe 9999 ip from 10.10.13.31 to table(2)

00600 pipe 9998 ip from any to 10.10.15.14 in via vlan193

00600 pipe 9999 ip from 10.10.15.14 to table(2)

00600 pipe 9998 ip from any to 10.10.15.8 in via vlan193

00600 pipe 9999 ip from 10.10.15.8 to table(2)

00600 pipe 9998 ip from any to 10.10.15.17 in via vlan193

00600 pipe 9999 ip from 10.10.15.17 to table(2)

00600 pipe 9998 ip from any to 10.10.15.21 in via vlan193

00600 pipe 9999 ip from 10.10.15.21 to table(2)

00600 pipe 9998 ip from any to 10.10.12.5 in via vlan193

00600 pipe 9999 ip from 10.10.12.5 to table(2)

00600 pipe 9998 ip from any to 10.10.1.25 in via vlan193

00600 pipe 9999 ip from 10.10.1.25 to table(2)

00600 pipe 9998 ip from any to 10.10.0.14 in via vlan193

00600 pipe 9999 ip from 10.10.0.14 to table(2)

00600 pipe 9998 ip from any to 10.10.1.22 in via vlan193

00600 pipe 9999 ip from 10.10.1.22 to table(2)

00600 pipe 9998 ip from any to 10.10.8.5 in via vlan193

00600 pipe 9999 ip from 10.10.8.5 to table(2)

00600 pipe 9998 ip from any to 10.10.2.5 in via vlan193

00600 pipe 9999 ip from 10.10.2.5 to table(2)

00600 pipe 9998 ip from any to 10.10.13.6 in via vlan193

00600 pipe 9999 ip from 10.10.13.6 to table(2)

00600 pipe 9998 ip from any to 10.10.13.3 in via vlan193

00600 pipe 9999 ip from 10.10.13.3 to table(2)

00600 pipe 9998 ip from any to 10.10.11.9 in via vlan193

00600 pipe 9999 ip from 10.10.11.9 to table(2)

00600 pipe 9998 ip from any to 10.10.11.15 in via vlan193

00600 pipe 9999 ip from 10.10.11.15 to table(2)

00600 pipe 9998 ip from any to 10.10.0.37 in via vlan193

00600 pipe 9999 ip from 10.10.0.37 to table(2)

00600 pipe 9998 ip from any to 10.10.13.25 in via vlan193

00600 pipe 9999 ip from 10.10.13.25 to table(2)

00600 pipe 9998 ip from any to 10.10.13.14 in via vlan193

00600 pipe 9999 ip from 10.10.13.14 to table(2)

00600 pipe 9998 ip from any to 10.10.12.9 in via vlan193

00600 pipe 9999 ip from 10.10.12.9 to table(2)

00600 pipe 9998 ip from any to 10.10.0.10 in via vlan193

00600 pipe 9999 ip from 10.10.0.10 to table(2)

00600 pipe 9998 ip from any to 10.10.0.11 in via vlan193

00600 pipe 9999 ip from 10.10.0.11 to table(2)

00600 pipe 9998 ip from any to 10.10.0.24 in via vlan193

00600 pipe 9999 ip from 10.10.0.24 to table(2)

02000 allow ip from ***.**.*6.86 to any

02000 allow ip from any to ***.**.*6.86

02000 allow ip from ***.**.*6.87 to any

02000 allow ip from any to ***.**.*6.87

02000 allow ip from ***.**.*6.83 to any

02000 allow ip from any to ***.**.*6.83

02000 allow ip from ***.*.**.192/27 to any

02000 allow ip from any to ***.*.**.192/27

02000 allow ip from ***.*.**.224/28 to any

02000 allow ip from any to ***.*.**.224/28

02000 allow ip from ***.*.**.240/29 to any

02000 allow ip from any to ***.*.**.240/29

02000 allow ip from ***.*.**.128/29 to any

02000 allow ip from any to ***.*.**.128/29

02000 allow ip from ***.*.**.160/29 to any

02000 allow ip from any to ***.*.**.160/29

02000 allow ip from ***.**.*6.90 to any

02000 allow ip from any to ***.**.*6.90

02000 allow ip from ***.**.*6.8/29 to any

02000 allow ip from any to ***.**.*6.8/29

02000 allow ip from ***.**.*6.216/29 to any

02000 allow ip from any to ***.**.*6.216/29

02000 allow ip from ***.**.*6.8/29 to any

02000 allow ip from any to ***.**.*6.8/29

02000 allow ip from ***.**.*6.224/28 to any

02000 allow ip from any to ***.**.*6.224/28

02000 allow ip from ***.**.*6.80 to any

02000 allow ip from any to ***.**.*6.80

02000 allow ip from ***.**.*6.73 to any

02000 allow ip from any to ***.**.*6.73

02000 allow ip from ***.**.*6.66 to any

02000 allow ip from any to ***.**.*6.66

02000 allow ip from ***.**.*6.67 to any

02000 allow ip from any to ***.**.*6.67

02000 allow ip from ***.**.*6.85 to any

02000 allow ip from any to ***.**.*6.85

02000 allow ip from 10.10.50.51 to any

02000 allow ip from any to 10.10.50.51

02000 allow ip from 10.10.10.2 to any

02000 allow ip from any to 10.10.10.2

02000 allow ip from 10.10.10.3 to any

02000 allow ip from any to 10.10.10.3

02000 allow ip from 10.10.10.4 to any

02000 allow ip from any to 10.10.10.4

02000 allow ip from 10.10.10.5 to any

02000 allow ip from any to 10.10.10.5

02000 allow ip from 10.10.10.11 to any

02000 allow ip from any to 10.10.10.11

02000 allow ip from 10.10.10.12 to any

02000 allow ip from any to 10.10.10.12

02000 allow ip from 10.10.10.13 to any

02000 allow ip from any to 10.10.10.13

02000 allow ip from 10.10.10.25 to any

02000 allow ip from any to 10.10.10.25

02000 allow ip from ***.**.*6.88 to any

02000 allow ip from any to ***.**.*6.88

02000 allow ip from ***.**.*6.89 to any

02000 allow ip from any to ***.**.*6.89

02000 allow ip from ***.**.*6.94 to any

02000 allow ip from any to ***.**.*6.94

02000 allow ip from ***.*.**.3 to any

02000 allow ip from any to ***.*.**.3

02000 allow ip from ***.*.**.6 to any

02000 allow ip from any to ***.*.**.6

02000 allow ip from ***.*.**.10 to any

02000 allow ip from any to ***.*.**.10

02000 allow ip from table(2) to ***.*.**.100,***.*.**.101,***.*.**.102,***.*.**.103,***.*.**.104,***.*.**.105,**

*.*.**.106,***.*.**.107,***.*.**.108,***.*.**.

109

02000 allow ip from ***.*.**.100,***.*.**.101,***.*.**.102,***.*.**.103,***.*.**.104,***.*.**.105,**

*.*.**.106,***.*.**.107,***.*.**.108,***.*.**.109 to table

(2)

02520 count ip from ***.*.**.30 to table(2)

02521 count ip from table(2) to ***.*.**.30

40001 allow ip from ***.**.*6.77 to any

40001 allow ip from any to ***.**.*6.77

40002 allow ip from 10.10.13.1 to any

40002 allow ip from any to 10.10.13.1

40003 allow ip from 10.10.13.4 to any

40003 allow ip from any to 10.10.13.4

40004 allow ip from 10.10.15.29 to any

40004 allow ip from any to 10.10.15.29

40005 allow ip from 10.10.13.9 to any

40005 allow ip from any to 10.10.13.9

40006 allow ip from ***.**.*6.81 to any

40006 allow ip from any to ***.**.*6.81

40007 allow ip from ***.**.*6.83 to any

40007 allow ip from any to ***.**.*6.83

40008 allow ip from ***.**.*6.71 to any

40008 allow ip from any to ***.**.*6.71

40009 allow ip from ***.**.*6.78 to any

40009 allow ip from any to ***.**.*6.78

40010 allow ip from ***.**.*6.82 to any

40010 allow ip from any to ***.**.*6.82

40011 allow ip from ***.*.**.13 to any

40011 allow ip from any to ***.*.**.13

40012 allow ip from ***.**.*6.76 to any

40012 allow ip from any to ***.**.*6.76

40013 allow ip from ***.*.**.76 to any

40013 allow ip from any to ***.*.**.76

40015 allow ip from ***.*.**.41 to any

40015 allow ip from any to ***.*.**.41

40017 allow ip from 10.10.1.10 to any

40017 allow ip from any to 10.10.1.10

40018 allow ip from 10.10.11.25 to any

40018 allow ip from any to 10.10.11.25

40020 allow ip from 10.10.2.100 to any

40020 allow ip from any to 10.10.2.100

40021 allow ip from 10.10.16.11 to table(2)

40021 allow ip from table(2) to 10.10.16.11

40022 allow ip from 10.10.1.13 to any

40022 allow ip from any to 10.10.1.13

40026 allow ip from 10.10.31.2 to any

40026 allow ip from any to 10.10.31.2

40030 allow ip from ***.*.**.52 to any

40030 allow ip from any to ***.*.**.52

40031 allow ip from 10.10.38.6 to table(2)

40031 allow ip from table(2) to 10.10.38.6

40032 allow ip from 10.10.11.7 to any

40032 allow ip from any to 10.10.11.7

40034 allow ip from 10.10.15.30 to any

40034 allow ip from any to 10.10.15.30

40035 allow ip from 10.10.60.1 to any

40035 allow ip from any to 10.10.60.1

40039 allow ip from ***.*.**.70 to any

40039 allow ip from any to ***.*.**.70

40040 allow ip from 10.10.15.27 to any

40040 allow ip from any to 10.10.15.27

40041 allow ip from ***.*.**.192 to any

40041 allow ip from any to ***.*.**.192

40042 allow ip from 10.10.0.34 to any

40042 allow ip from any to 10.10.0.34

40043 allow ip from 10.10.14.2 to any

40043 allow ip from any to 10.10.14.2

40046 allow ip from ***.*.**.15 to any

40046 allow ip from any to ***.*.**.15

40050 allow ip from 10.10.1.38 to any

40050 allow ip from any to 10.10.1.38

40052 allow ip from ***.*.**.90 to any

40052 allow ip from any to ***.*.**.90

40053 allow ip from 10.10.27.2 to any

40053 allow ip from any to 10.10.27.2

40054 allow ip from 10.10.40.2 to table(2)

40054 allow ip from table(2) to 10.10.40.2

40057 allow ip from 10.10.44.2 to any

40057 allow ip from any to 10.10.44.2

40058 allow ip from 10.10.0.8 to any

40058 allow ip from any to 10.10.0.8

40060 allow ip from ***.*.**.34 to any

40060 allow ip from any to ***.*.**.34

40061 allow ip from ***.**.*6.87 to any

40061 allow ip from any to ***.**.*6.87

40063 allow ip from 10.10.34.2 to any

40063 allow ip from any to 10.10.34.2

40064 allow ip from ***.*.**.25 to any

40064 allow ip from any to ***.*.**.25

40066 allow ip from 10.10.0.5 to any

40066 allow ip from any to 10.10.0.5

40068 allow ip from 10.10.9.29 to any

40068 allow ip from any to 10.10.9.29

40069 allow ip from 10.10.38.3 to any

40069 allow ip from any to 10.10.38.3

40070 allow ip from 10.10.37.5 to table(2)

40070 allow ip from table(2) to 10.10.37.5

40071 allow ip from ***.**.*6.224 to any

40071 allow ip from any to ***.**.*6.224

40073 allow ip from 10.10.13.28 to table(2)

40073 allow ip from table(2) to 10.10.13.28

40074 allow ip from ***.*.**.81 to table(2)

40074 allow ip from table(2) to ***.*.**.81

40076 allow ip from 10.10.7.4 to any

40076 allow ip from any to 10.10.7.4

40077 allow ip from 77.87.151.2 to any

40077 allow ip from any to 77.87.151.2

40079 allow ip from ***.*.**.62 to any

40079 allow ip from any to ***.*.**.62

40080 allow ip from ***.**.*6.73 to any

40080 allow ip from any to ***.**.*6.73

40081 allow ip from 10.10.4.5 to any

40081 allow ip from any to 10.10.4.5

40082 allow ip from 10.10.37.3 to any

40082 allow ip from any to 10.10.37.3

40083 allow ip from ***.*.**.64 to any

40083 allow ip from any to ***.*.**.64

40085 allow ip from ***.*.**.89 to any

40085 allow ip from any to ***.*.**.89

40086 allow ip from ***.*.**.23 to any

40086 allow ip from any to ***.*.**.23

40089 allow ip from ***.*.**.60 to any

40089 allow ip from any to ***.*.**.60

40092 allow ip from 10.10.9.19 to any

40092 allow ip from any to 10.10.9.19

40093 allow ip from 10.10.2.5 to any

40093 allow ip from any to 10.10.2.5

40096 allow ip from 10.10.12.100 to any

40096 allow ip from any to 10.10.12.100

40099 allow ip from ***.**.*6.86 to any

40099 allow ip from any to ***.**.*6.86

40100 allow ip from 10.10.13.14 to table(2)

40100 allow ip from table(2) to 10.10.13.14

40101 allow ip from 10.10.1.23 to any

40101 allow ip from any to 10.10.1.23

40102 allow ip from 10.10.0.15 to any

40102 allow ip from any to 10.10.0.15

40103 allow ip from 10.10.11.9 to any

40103 allow ip from any to 10.10.11.9

40104 allow ip from 10.10.1.42 to any

40104 allow ip from any to 10.10.1.42

40105 allow ip from ***.*.**.57 to any

40105 allow ip from any to ***.*.**.57

40106 allow ip from ***.**.*6.69 to any

40106 allow ip from any to ***.**.*6.69

40107 allow ip from ***.**.*6.74 to any

40107 allow ip from any to ***.**.*6.74

40110 allow ip from 10.10.8.9 to any

40110 allow ip from any to 10.10.8.9

40112 allow ip from ***.**.*6.91 to any

40112 allow ip from any to ***.**.*6.91

40114 allow ip from 10.10.12.20 to table(2)

40114 allow ip from table(2) to 10.10.12.20

40115 allow ip from 10.10.24.2 to any

40115 allow ip from any to 10.10.24.2

40116 allow ip from 10.10.11.6 to any

40116 allow ip from any to 10.10.11.6

40117 allow ip from ***.**.*6.216 to any

40117 allow ip from any to ***.**.*6.216

40118 allow ip from ***.*.**.82 to any

40118 allow ip from any to ***.*.**.82

40119 allow ip from 10.10.33.4 to any

40119 allow ip from any to 10.10.33.4

40122 allow ip from ***.**.*6.68 to any

40122 allow ip from any to ***.**.*6.68

40123 allow ip from ***.*.**.72 to any

40123 allow ip from any to ***.*.**.72

40124 allow ip from 10.10.9.22 to any

40124 allow ip from any to 10.10.9.22

40128 allow ip from 10.10.1.11 to any

40128 allow ip from any to 10.10.1.11

40130 allow ip from 10.10.5.2 to any

40130 allow ip from any to 10.10.5.2

40131 allow ip from 10.10.13.32 to any

40131 allow ip from any to 10.10.13.32

40134 allow ip from 10.10.13.18 to any

40134 allow ip from any to 10.10.13.18

40135 allow ip from ***.*.**.2 to any

40135 allow ip from any to ***.*.**.2

40137 allow ip from ***.*.**.4 to any

40137 allow ip from any to ***.*.**.4

40138 allow ip from 10.10.16.5 to any

40138 allow ip from any to 10.10.16.5

40139 allow ip from ***.*.**.7 to any

40139 allow ip from any to ***.*.**.7

40140 allow ip from 10.10.1.6 to any

40140 allow ip from any to 10.10.1.6

40141 allow ip from ***.*.**.8 to any

40141 allow ip from any to ***.*.**.8

40142 allow ip from 10.10.10.83 to any

40142 allow ip from any to 10.10.10.83

40143 allow ip from ***.*.**.14 to any

40143 allow ip from any to ***.*.**.14

40144 allow ip from 10.10.13.22 to any

40144 allow ip from any to 10.10.13.22

40145 allow ip from ***.*.**.240 to any

40145 allow ip from any to ***.*.**.240

40146 allow ip from ***.*.**.24 to any

40146 allow ip from any to ***.*.**.24

40147 allow ip from ***.*.**.30 to any

40147 allow ip from any to ***.*.**.30

40149 allow ip from ***.*.**.224 to any

40149 allow ip from any to ***.*.**.224

40150 allow ip from ***.*.**.55 to any

40150 allow ip from any to ***.*.**.55

40151 allow ip from 10.10.1.37 to any

40151 allow ip from any to 10.10.1.37

40152 allow ip from 10.10.27.1 to any

40152 allow ip from any to 10.10.27.1

40153 allow ip from ***.*.**.36 to any

40153 allow ip from any to ***.*.**.36

40154 allow ip from 10.10.31.1 to any

40154 allow ip from any to 10.10.31.1

40155 allow ip from 10.10.29.2 to any

40155 allow ip from any to 10.10.29.2

40156 allow ip from 10.10.16.12 to any

40156 allow ip from any to 10.10.16.12

40157 allow ip from ***.**.*6.80 to any

40157 allow ip from any to ***.**.*6.80

40158 allow ip from ***.*.**.46 to any

40158 allow ip from any to ***.*.**.46

40159 allow ip from ***.*.**.56 to any

40159 allow ip from any to ***.*.**.56

40160 allow ip from ***.*.**.50 to any

40160 allow ip from any to ***.*.**.50

40161 allow ip from 10.10.42.2 to any

40161 allow ip from any to 10.10.42.2

40162 allow ip from ***.*.**.53 to any

40162 allow ip from any to ***.*.**.53

40163 allow ip from 10.10.8.1 to any

40163 allow ip from any to 10.10.8.1

40164 allow ip from 10.10.49.1 to any

40164 allow ip from any to 10.10.49.1

40165 allow ip from 10.10.32.1 to any

40165 allow ip from any to 10.10.32.1

40166 allow ip from 10.10.48.2 to any

40166 allow ip from any to 10.10.48.2

40167 allow ip from ***.*.**.66 to any

40167 allow ip from any to ***.*.**.66

40168 allow ip from ***.*.**.65 to any

40168 allow ip from any to ***.*.**.65

40169 allow ip from ***.*.**.67 to any

40169 allow ip from any to ***.*.**.67

40170 allow ip from ***.*.**.68 to any

40170 allow ip from any to ***.*.**.68

40171 allow ip from 10.10.36.1 to any

40171 allow ip from any to 10.10.36.1

40172 allow ip from ***.*.**.69 to any

40172 allow ip from any to ***.*.**.69

40173 allow ip from ***.*.**.71 to any

40173 allow ip from any to ***.*.**.71

40174 allow ip from 10.10.21.3 to any

40174 allow ip from any to 10.10.21.3

40175 allow ip from 10.10.5.8 to any

40175 allow ip from any to 10.10.5.8

40176 allow ip from ***.*.**.74 to any

40176 allow ip from any to ***.*.**.74

40177 allow ip from ***.*.**.75 to any

40177 allow ip from any to ***.*.**.75

40178 allow ip from ***.*.**.110 to any

40178 allow ip from any to ***.*.**.110

40179 allow ip from 10.10.45.4 to any

40179 allow ip from any to 10.10.45.4

40180 allow ip from 10.10.54.1 to any

40180 allow ip from any to 10.10.54.1

40181 allow ip from ***.*.**.112 to any

40181 allow ip from any to ***.*.**.112

40182 allow ip from ***.*.**.87 to any

40182 allow ip from any to ***.*.**.87

40183 allow ip from 10.10.51.2 to any

40183 allow ip from any to 10.10.51.2

40184 allow ip from ***.*.**.83 to any

40184 allow ip from any to ***.*.**.83

40185 allow ip from 10.10.0.42 to any

40185 allow ip from any to 10.10.0.42

40186 allow ip from ***.*.**.84 to any

40186 allow ip from any to ***.*.**.84

40187 allow ip from 10.10.49.2 to any

40187 allow ip from any to 10.10.49.2

40188 allow ip from ***.*.**.250 to any

40188 allow ip from any to ***.*.**.250

40189 allow ip from ***.*.**.92 to any

40189 allow ip from any to ***.*.**.92

40190 allow ip from 10.10.42.5 to any

40190 allow ip from any to 10.10.42.5

40191 allow ip from ***.*.**.97 to any

40191 allow ip from any to ***.*.**.97

40192 allow ip from 10.10.27.5 to any

40192 allow ip from any to 10.10.27.5

40193 allow ip from 10.10.37.7 to any

40193 allow ip from any to 10.10.37.7

40194 allow ip from ***.*.**.114 to any

40194 allow ip from any to ***.*.**.114

40195 allow ip from 10.10.7.22 to any

40195 allow ip from any to 10.10.7.22

40196 allow ip from ***.*.**.128 to any

40196 allow ip from any to ***.*.**.128

40197 allow ip from 10.10.22.5 to any

40197 allow ip from any to 10.10.22.5

40198 allow ip from ***.*.**.79 to table(2)

40198 allow ip from table(2) to ***.*.**.79

40199 allow ip from 10.10.6.10 to any

40199 allow ip from any to 10.10.6.10

40200 allow ip from 10.10.6.8 to any

40200 allow ip from any to 10.10.6.8

40201 allow ip from ***.*.**.45 to any

40201 allow ip from any to ***.*.**.45

40202 allow ip from 10.10.6.20 to any

40202 allow ip from any to 10.10.6.20

40203 allow ip from 10.10.45.3 to any

40203 allow ip from any to 10.10.45.3

40204 allow ip from 10.10.1.17 to any

40204 allow ip from any to 10.10.1.17

40206 allow ip from 10.10.14.8 to any

40206 allow ip from any to 10.10.14.8

40209 allow ip from 10.10.56.2 to any

40209 allow ip from any to 10.10.56.2

40211 allow ip from 10.10.21.1 to any

40211 allow ip from any to 10.10.21.1

40214 allow ip from 10.10.11.23 to any

40214 allow ip from any to 10.10.11.23

40217 allow ip from 10.10.1.48 to any

40217 allow ip from any to 10.10.1.48

40218 allow ip from 10.10.0.19 to any

40218 allow ip from any to 10.10.0.19

40219 allow ip from 10.10.11.22 to any

40219 allow ip from any to 10.10.11.22

40220 allow ip from ***.*.**.43 to any

40220 allow ip from any to ***.*.**.43

40221 allow ip from 10.10.16.23 to any

40221 allow ip from any to 10.10.16.23

40223 allow ip from 10.10.12.6 to any

40223 allow ip from any to 10.10.12.6

40225 allow ip from 10.10.12.15 to any

40225 allow ip from any to 10.10.12.15

40228 allow ip from 10.10.0.39 to any

40228 allow ip from any to 10.10.0.39

40229 allow ip from 10.10.57.1 to any

40229 allow ip from any to 10.10.57.1

40230 allow ip from ***.*.**.5 to any

40230 allow ip from any to ***.*.**.5

40232 allow ip from 10.10.11.20 to any

40232 allow ip from any to 10.10.11.20

40234 allow ip from 10.10.39.4 to any

40234 allow ip from any to 10.10.39.4

40237 allow ip from 10.10.15.14 to any

40237 allow ip from any to 10.10.15.14

40239 allow ip from 10.10.0.4 to any

40239 allow ip from any to 10.10.0.4

40240 allow ip from ***.*.**.99 to any

40240 allow ip from any to ***.*.**.99

40241 allow ip from 10.10.16.15 to any

40241 allow ip from any to 10.10.16.15

40242 allow ip from 10.10.26.3 to any

40242 allow ip from any to 10.10.26.3

40243 allow ip from ***.*.**.32 to any

40243 allow ip from any to ***.*.**.32

40244 allow ip from ***.*.**.26 to any

40244 allow ip from any to ***.*.**.26

40246 allow ip from ***.*.**.21 to any

40246 allow ip from any to ***.*.**.21

40247 allow ip from 10.10.15.11 to any

40247 allow ip from any to 10.10.15.11

40248 allow ip from 10.10.0.16 to table(2)

40248 allow ip from table(2) to 10.10.0.16

40250 allow ip from 10.10.6.4 to any

40250 allow ip from any to 10.10.6.4

40256 allow ip from 10.10.2.2 to any

40256 allow ip from any to 10.10.2.2

40257 allow ip from 10.10.3.1 to table(2)

40257 allow ip from table(2) to 10.10.3.1

40259 allow ip from 10.10.27.6 to table(2)

40259 allow ip from table(2) to 10.10.27.6

40261 allow ip from 10.10.0.33 to any

40261 allow ip from any to 10.10.0.33

40262 allow ip from ***.*.**.73 to table(2)

40262 allow ip from table(2) to ***.*.**.73

40263 allow ip from 10.10.7.23 to any

40263 allow ip from any to 10.10.7.23

40265 allow ip from 77.87.151.4 to any

40265 allow ip from any to 77.87.151.4

40266 allow ip from 10.10.8.5 to any

40266 allow ip from any to 10.10.8.5

40268

[ingress]

обновиться до 6-STABLE

 

наложить на сетевухи(если 73ие) патч из под доса, а то timeout будут вылезать

http://webfile.ru/1603579

 

попробовать DEVICE_POLLING

попробовать дрова от Яндекса на сетевухи без поллинга

Изменено 19 ноября, 2007 пользователем ingress

[jab]

попробовать DEVICE_POLLING

попробовать дрова от Яндекса на сетевухи без поллинга

polling поможет, но не сильно.

 

Они через последнее правило ipfw траффик гоняют... тут только цианиды в больших дозах помогут...

 

:-)

[Den_LocalNet]

обновиться до 6-STABLE

попробую

наложить на сетевухи(если 73ие) патч из под доса, а то timeout будут вылезать

http://webfile.ru/1603579

как это юзать? просто стартануть с дискеты/диска и подсунуть?

попробовать DEVICE_POLLING

попробовать дрова от Яндекса на сетевухи без поллинга

поллинг пробовал - больше 100 мбит не прокачивает

"дрова от Яндекса" это как?

 

Спасибо за помощь

 

Они через последнее правило ipfw траффик гоняют... тут только цианиды в больших дозах помогут...

 

:-)

Вы так высоко что я вас почти не вижу. Пожалуйста помогите мне решить этот вопрос.

Изменено 19 ноября, 2007 пользователем Den_LocalNet

[ingress]

как это юзать? просто стартануть с дискеты/диска и подсунуть?

да, это архив, распаковать - запустить

 

Дрова от яндекса - те которые они используют в своих боевых серверах

http://people.yandex-team.ru/~wawa/

полное описание в README.Yandex

 

основаны на драйверах которые были закомитчены в 6ую ветку.

Изменено 19 ноября, 2007 пользователем ingress

[jab]

Вы так высоко что я вас почти не вижу. Пожалуйста помогите мне решить этот вопрос.

Там еще и nat небось в pf'е на все эти 100 мегабит ?

[ingress]

Вы так высоко что я вас почти не вижу. Пожалуйста помогите мне решить этот вопрос.

Там еще и nat небось в pf'е на все эти 100 мегабит ?

у меня pf неплохо натит на таких скоростях, есть другие варианты(natd + libalias не предлагать) ? :)

[Den_LocalNet]

Там еще и nat небось в pf'е на все эти 100 мегабит ?

да, только не на 100.... до 50 в нате

 

 

Дело все в том что неделю назад все было отлично.

 

Дрова от яндекса - те которые они используют в своих боевых серверах

http://people.yandex-team.ru/~wawa/

полное описание в README.Yandex

достаточно их скинуть в /usr/src/sys/dev/em и пересобрать все в куче?

Изменено 19 ноября, 2007 пользователем Den_LocalNet

[Den_LocalNet]

вот что выходит. гугл внятного ничего не сказал

rm -f .newdep

/usr/obj/usr/src/make.i386/make -V CFILES -V SYSTEM_CFILES -V GEN_CFILES | MKDEP_CPP="cc -E" CC="cc" xargs mkdep -a -f .newdep -O -pipe -march=prescott -Wall -Wredundant-decls -Wnested-externs -Wstrict-prototypes -Wmissing-prototypes -Wpointer-arith -Winline -Wcast-qual -fformat-extensions -std=c99 -g -nostdinc -I- -I. -I/usr/src/sys -I/usr/src/sys/contrib/altq -I/usr/src/sys/contrib/ipfilter -I/usr/src/sys/contrib/pf -I/usr/src/sys/dev/ath -I/usr/src/sys/contrib/ngatm -I/usr/src/sys/dev/twa -D_KERNEL -DHAVE_KERNEL_OPTION_HEADERS -include opt_global.h -fno-common -finline-limit=8000 --param inline-unit-growth=100 --param large-function-growth=1000 -mno-align-long-strings -mpreferred-stack-boundary=2 -mno-mmx -mno-3dnow -mno-sse -mno-sse2 -ffreestanding

/usr/src/sys/dev/em/if_em.c:82:23: e1000_api.h: No such file or directory

/usr/src/sys/dev/em/if_em.c:83:25: e1000_82575.h: No such file or directory

/usr/src/sys/dev/em/if_em.c:84:19: if_em.h: No such file or directory

mkdep: compile failed

*** Error code 1

 

Stop in /usr/obj/usr/src/sys/MY2.

*** Error code 1

 

Stop in /usr/src.

*** Error code 1

 

Stop in /usr/src.

 

 

хотя файлики что он не видит лежат рядом

[ingress]

обновиться же надо, до стейбла

[jab]

Дело все в том что неделю назад все было отлично.

Неделю назад у Вас была другая конфигурация ipfw и профиль нагрузки на него...

 

Вообще - все это прекрасная иллюстрация, как не надо строить роутеры.

[Den_LocalNet]

и вот само сабой все кончилось

Ответ от 10.10.10.1: число байт=32 время<1мс TTL=64

Ответ от 10.10.10.1: число байт=32 время<1мс TTL=64

Ответ от 10.10.10.1: число байт=32 время<1мс TTL=64

Ответ от 10.10.10.1: число байт=32 время<1мс TTL=64

Ответ от 10.10.10.1: число байт=32 время<1мс TTL=64

Ответ от 10.10.10.1: число байт=32 время<1мс TTL=64

Ответ от 10.10.10.1: число байт=32 время<1мс TTL=64

Ответ от 10.10.10.1: число байт=32 время<1мс TTL=64

Ответ от 10.10.10.1: число байт=32 время<1мс TTL=64

Ответ от 10.10.10.1: число байт=32 время<1мс TTL=64

 

Дело все в том что неделю назад все было отлично.

Неделю назад у Вас была другая конфигурация ipfw и профиль нагрузки на него...

 

Вообще - все это прекрасная иллюстрация, как не надо строить роутеры.

В течении месяца менялось только добавленные пайпы для новых абонентов. Все копи-паст.

Пожалуйста укажите мне на мои ошибки.

Изменено 20 ноября, 2007 пользователем Den_LocalNet

[edwin]

Суть Ваше ощибки в том, что Вы не рачионально расположили правила firewall'a.

Вам необходимо сесть и оптимизировать их таким образом, что-бы каждое новое правило обрабатывало как можно меньше.

Кроме того не забываем про таблицы ......

[AlKov]

Что-то у Вас мне непонятна ситуация с памятью.. Судя по конфигу, у вас 4Гб, а вот top показывает что-то странное..

CPU states: 1.5% user, 0.0% nice, 2.8% system, 35.7% interrupt, 59.9% idle

Mem: 592M Active, 798M Inact, 152M Wired, 12K Cache, 112M Buf, 962M Free

Swap: 4096M Total, 4096M Free

Видит ли ядро у вас все 4Гб? И использование памяти какое-то "нерациональное".. Вообще-то, за Freebsd отвечать не буду, не юзаю, но Linux, например, старается использовать всю имеющуюся в наличии память и это считается как-бы "правилом хорошего тона". Вот мой top (машина почти аналогичная, только проц. 1 и памяти 2Гб.)

top - 09:55:09 up 29 days, 39 min,  1 user,  load average: 1.12, 0.41, 0.29
Tasks: 170 total,   1 running, 169 sleeping,   0 stopped,   0 zombie
Cpu(s):  2.2%us,  0.4%sy,  0.0%ni, 97.1%id,  0.1%wa,  0.0%hi,  0.1%si,  0.0%st
Mem:   2069608k total,  1891844k used,   177764k free,   194128k buffers
Swap:  8193140k total,      120k used,  8193020k free,   993368k cached

Может быть у вас ядро не видит всю память? Подобная ситуация у меня была, пришлось пересобрать ядро.

P.S. Не уверен, что все вышенаписанное может иметь отношение к вашей проблеме, но все-таки... Непорядок'c, вроде как.. ;)

[Den_LocalNet]

Что-то у Вас мне непонятна ситуация с памятью.. Судя по конфигу, у вас 4Гб, а вот top показывает что-то странное..

Может быть у вас ядро не видит всю память? Подобная ситуация у меня была, пришлось пересобрать ядро.

P.S. Не уверен, что все вышенаписанное может иметь отношение к вашей проблеме, но все-таки... Непорядок'c, вроде как.. ;)

Да, действительно не видит. Но побороть это дело не смог. Гугл читал. Если вы знаете как решить эту проблему - помогите.

[Den_LocalNet]

что-бы каждое новое правило обрабатывало как можно меньше.

простите, но я не понял. не хватает существительного. обрабатывало что?

[EvilShadow]

Что-то у Вас мне непонятна ситуация с памятью.. Судя по конфигу, у вас 4Гб, а вот top показывает что-то странное..

Может быть у вас ядро не видит всю память? Подобная ситуация у меня была, пришлось пересобрать ядро.

P.S. Не уверен, что все вышенаписанное может иметь отношение к вашей проблеме, но все-таки... Непорядок'c, вроде как.. ;)

Да, действительно не видит. Но побороть это дело не смог. Гугл читал. Если вы знаете как решить эту проблему - помогите.

http://www.google.com.ua/search?q=freebsd+memory+limit - ?

[edwin]

> простите, но я не понял. не хватает существительного. обрабатывало что?

 

пакетов.

К примеру:

У Вас есть правила:

 

00050 allow ip from any to me

00050 allow ip from me to any

 

Зачем тогда ?:

 

00101 allow ip from me to any

00101 allow ip from any to me

00110 allow ip from any to me

00110 allow ip from me to any

 

Затем к примеру:

 

00051 pipe 2323 ip from any to any in via vlan200

00051 pipe 2424 ip from any to any out via vlan200

 

Очень желательно сразу после pipe's описывать разрешения для интерфейса ..... что-бы эти пакеты дальше по цепочке не гуляли.

Или к примеру - если Вы знаете что например сети X.X.X.X никогда не бдут шейпиться - то описываем разрешение до pipe's

[Lexasoft]

Если используется pf покажи pfctl -si

[AlKov]

Так может сначала все-таки навести порядок с памятью? Ведь если ОС не знает сколько чего и где у нее находится, ИМХО, её поведение будет непредсказуемо.. Довольно странно еще, что машина вообще в кору не сваливается..

[Den_LocalNet]

Это сейчас... но сейчас все бегает

 

 No ALTQ support in kernel
ALTQ related functions disabled
Status: Enabled for 0 days 13:00:28           Debug: Urgent

Hostid: 0x8f340628

State Table                          Total             Rate
  current entries                     3061
  searches                      1904252784        40664.8/s
  inserts                          1064067           22.7/s
  removals                         1061006           22.7/s
Counters
  match                         1784429577        38106.0/s
  bad-offset                             0            0.0/s
  fragment                              66            0.0/s
  short                                  6            0.0/s
  normalize                              0            0.0/s
  memory                              3845            0.1/s
  bad-timestamp                          0            0.0/s
  congestion                             0            0.0/s
  ip-option                              6            0.0/s
  proto-cksum                            0            0.0/s
  state-mismatch                     61901            1.3/s
  state-insert                           0            0.0/s
  state-limit                            0            0.0/s
  src-limit                              0            0.0/s
  synproxy                               0            0.0/s

[Lexasoft]

set limit states 900000000

set limit src-nodes 900000000

set limit frags 90000000

 

добавь это в pf.conf — у тебя не хватает памяти под таблицу состояний

[Den_LocalNet]

set limit states 900000000

set limit src-nodes 900000000

set limit frags 90000000

 

добавь это в pf.conf — у тебя не хватает памяти под таблицу состояний

не помогло

 

в консоль постоянно сыпет вот такое:

ipfw: pullup failed
ipfw: pullup failed
ipfw: ouch!, skip past end of rules, denying packet
ipfw: ouch!, skip past end of rules, denying packet
ipfw: ouch!, skip past end of rules, denying packet
ipfw: ouch!, skip past end of rules, denying packet
ipfw: ouch!, skip past end of rules, denying packet
ipfw: ouch!, skip past end of rules, denying packet
ipfw: ouch!, skip past end of rules, denying packet
Limiting closed port RST response from 248 to 200 packets/sec