|
|
VNIMANIE: Izpolzvaite forumite na saita za da zadadete vashite vuprosi.
Vupros |
Ot: marihuan (marihuan< at >mailru__dot__com) |
Data: 02/16/2003 |
Zdraveite!!!
Nikoi zne li po-dobyr nachin za kontrolirane na izhodiashtia
trafic ot htb???Ili niakoi da dyde syvet za konfiguriraneto
mu pri slednata situatsia: Imam Gateway s edno realno IP i
maskarad zad nego s 8 hosta, kakto i transperantno
proxy???Neznam dali problema s razdelianeto na trafica e
zaradi proxy-to ili zaradi htb, no rezultatite ne za
zadovolitelni!!!
|
Otgovor #1 |
Ot: Ivan |
Data: 02/17/2003 |
Ami zashto ne paste-nesh konfiguraciata ti. Moje v neia da e
problema.
HTB ne e perfekten, no za 1 gateway s 8 hosta mislia che
vurshi mnogo dobra rabota, osven ako ne iskash niakakva
absoliutna preciznost.
|
Otgovor #2 |
Ot: marihuan |
Data: 02/17/2003 |
#!/bin/bash
DOWNLINK=270
UPLINK=125
WANDEV=eth0
LANDEV=br0
TC=/sbin/tc
# Removes any previous classes and disciplines on all
interfaces
$TC qdisc del dev $WANDEV root 2> /dev/null > /dev/null
$TC qdisc del dev
$WANDEV ingress 2> /dev/null > /dev/null
$TC qdisc del dev $LANDEV root
2> /dev/null > /dev/null
$TC qdisc del dev $LANDEV ingress 2> /dev/null >
/dev/null
###################################################################
# Define
upstream policies (traffic going out WANDEV) #
###################################################################
$TC
qdisc add dev $WANDEV root handle 1: htb default 30 r2q 40
$TC
class add dev $WANDEV parent 1: classid 1:1 htb rate
${UPLINK}kbit burst 10k
# High priority class for interactive traffic, ACKs and ICMP
$TC
class add dev $WANDEV parent 1:1 classid 1:10 htb \
rate $[8*$UPLINK/10]kbit burst 10k
# Low priority bulk
traffic
$TC class add dev $WANDEV parent 1:1 classid 1:20 htb \
rate $[2*$UPLINK/10]kbit ceil ${UPLINK}kbit burst 10k
# All
the rest
$TC class add dev $WANDEV parent 1:1 classid 1:30 htb \
rate 1kbit ceil ${UPLINK}kbit burst 15k
# Set Stochastic
Fairness (SFQ)
$TC qdisc add dev $WANDEV parent 1:10 handle 10: sfq perturb
10
$TC qdisc add dev $WANDEV parent 1:20 handle 20: sfq perturb
10
$TC qdisc add dev $WANDEV parent 1:30 handle 30: sfq perturb
10
# Define the filters
# 1. SSH, telnet and ftp-control
$TC filter add dev $WANDEV parent 1:0 protocol ip prio 1 u32
\
match ip tos 0x10 0xff flowid 1:10
# 2. ICMP traffic
$TC filter add dev $WANDEV parent 1:0 protocol ip
prio 2 u32 \
match ip protocol 1 0xff flowid 1:20
# 3. TCP Segments
containing ACKs (to speed up downloads
# when upload is in progress).
$TC filter add dev $WANDEV parent 1:0 protocol ip prio 3 u32
\
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u16 0x0000 0xffc0 at 2 \
match u8 0x10 0xff at 33 \
flowid 1:20
# All the rest (bulk) ends up in 1:30
###################################################################
# Define downstream policies (traffic going out LANDEV)
#
###################################################################
$TC qdisc add dev $LANDEV root handle 1: htb default 30 r2q
40
$TC class add dev $LANDEV parent 1: classid 1:1 htb rate
100mbit burst 10k
$TC class add dev $LANDEV parent 1:1 classid 1:10 htb \
rate $[6*$DOWNLINK/10]kbit ceil ${DOWNLINK}kbit burst
10k prio 1
$TC class add dev $LANDEV parent 1:1 classid 1:20 htb \
rate $[2*$DOWNLINK/10]kbit ceil ${DOWNLINK}kbit burst
10k prio 2
$TC class add dev $LANDEV parent 1:1 classid 1:30 htb \
rate $[2*$DOWNLINK/10]kbit ceil ${DOWNLINK}kbit burst
10k prio 3
# This class is for traffic to LAN, generated by the
internal HTTP,SSH or DNS server in this box
$TC class add dev $LANDEV parent 1:1 classid 1:40 htb \
rate 1kbit ceil 100mbit burst 15k prio 4
$TC qdisc add dev $LANDEV parent 1:10 handle 10: sfq perturb
10
$TC qdisc add dev $LANDEV parent 1:20 handle 20: sfq perturb
10
$TC qdisc add dev $LANDEV parent 1:30 handle 30: sfq perturb
10
$TC qdisc add dev $LANDEV parent 1:40 handle 40: sfq perturb
10
U32_HIGH="$TC filter add dev $LANDEV protocol ip parent 1:0
prio 1 u32"
U32_LOW="$TC filter add dev $LANDEV protocol ip parent 1:0
prio 2 u32"
$U32_HIGH match ip dst 0.0.0.0/32 \
match ip sport 27015 0xffff \
flowid 1:40
$U32_HIGH match ip src 0.0.0.0/32 \
match ip sport 27015 0xffff \
flowid 1:40
$U32_HIGH match ip dst 0.0.0.0/32 \
match ip sport 27016 0xffff \
flowid 1:40
$U32_HIGH match ip src 0.0.0.0/32 \
match ip sport 27016 0xffff \
flowid 1:40
$U32_HIGH match ip src 192.168.0.1/24 \
match ip sport 53 0xffff \
flowid 1:40
$U32_HIGH match ip src 192.168.0.1/24 \
match ip sport 22 0xffff \
flowid 1:40
$U32_LOW match ip dst 192.168.0.0/24 flowid 1:30
$U32_HIGH match ip dst 192.168.0.1/24 flowid 1:10
|
<< ifconfig problem (2
) | services (2
) >>
|
|
|
|
|