Nimash nikakav problem da izpolzvash iproute2(tc+ip)ako si
kompiliral saotvetnite opcii v kernela: ama s RH pri default
kernel ste ti se nalozi da go compilirash nanovo i
zasto ne si smenish ipchains s iptables(poveche vazmoznosti)
...tai i tai ste triabva da prekompiliras s toia RH da si
vkluchish opciite
1.za da rabotish s iproute2 komandite v kernela slagash:
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_MULTIPATH=y
2.za iptables:
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_MATCH_LIMIT=m
CONFIG_IP_NF_MATCH_PSD=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_MATCH_IPLIMIT=m
CONFIG_IP_NF_MATCH_STRING=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_ROUTE_TOS=y
CONFIG_SYN_COOKIES=y
prekompilirash si pravish prioritizaciata na trafika po ip i
po protokoli ako iskash. izpolzvai CBQ naprimer za
shaiping-a. Za celta ti tryabwa file-a cbq.init
http://linux.davecentral.com/projects/cbqinit/
Sled towa w /etc/sysconfig/cbq/ ili kudeto si ukajesh ako
redaktirash cbq.init si prawish conf files za wsyako IP
koeto iskash da shape-nesh.
********
DEVICE=eth0,10Mbit,1Mbit
RATE=10Kbit
WEIGHT=1Kbit
PRIO=5
RULE=192.168.100.13
*********
DEVICE=eth1,10Mbit,1Mbit
RATE=40Kbit
WEIGHT=4Kbit
PRIO=5
RULE=192.168.100.13
*********
Towa sa dwa conf-a za razlichni posoki na shapewane ideata e
slednata eth0
<-> linux <-> eth1<-> clients
Mnogo podrobno e opisano wsichko w cbq.init, mojesh da
zadawash port, grupa ot portowe, po wreme etc. Wajno e i kak
shte imenuwash otdelnite failcheta, towa sushto e opisano w
cbq.init .
naprimer:
DEVICE=eth0,10Mbit,1Mbit
TIME=09:00-12:00;50Kbit/5Kbit
RATE=30Kbit
WEIGHT=3Kbit
PRIO=5
## FTP ports
RULE=192.168.100.2:20
RULE=192.168.100.2:21
## web ports
RULE=192.168.100.2:80
## proxy port
RULE=192.168.100.2:3128
RULE=192.168.100.2:8080
RULE=192.168.100.2:7070
## IRC ports
RULE=192.168.100.2:6666
RULE=192.168.100.2:6667
RULE=192.168.100.2:6668
RULE=192.168.100.2:6669
## Real Player port
RULE=192.168.100.2:554
## Audiogalaxy ports
RULE=192.168.100.2:41060
RULE=192.168.100.2:41133
## Napster ports
RULE=192.168.100.2:6699
RULE=192.168.100.2:6700
## Socks ports
RULE=192.168.100.2:1080
## Mail
RULE=192.168.100.2:25
----------------------------------------
PS.Tova e za shaiping i prioritizaciata a moze da si
poigraesh s TOS bitovete s iptables da marklirash paketiit i
sled tova s tc da pravish prioritizacia po protokoli da
pravish burst-ove i kvot si iskash vmesto s cbq.init i da si
napishesh sobstveni scriptove.
--------------------------------------
OpenBSDfan
|