|
|
|
ВНИМАНИЕ: Използвайте форумите на сайта за дa зададете вашите въпроси.
| Въпрос |
| От: Djimbo (djimbo __@__ ssi__dot__bg) |
Дата: 08/02/2002 |
Zdr fenove
Vaprosat mi e sledniqt
Definiram posredstvom tc dva class za eth0 i eth1 kakto i
dva tc filter pak za eth0 i eth1 s rate za eth1 9Kbit
(download chanell).
Po kakav nachin stava defenitaneto s iptables???
###iptables -t mangle -A ......... -j ...... ??????
|
| Отговор #1 |
| От: raptor |
Дата: 08/04/2002 |
iptables -A PREROUTING -t mangle -i eth0 -j MARK --set-mark
1
|
| Отговор #2 |
| От: Djimbo (djimbo __@__ ssi< dot >bg) |
Дата: 08/04/2002 |
Dobre zashto togava neraboti
ili az nedefiniram pravilno class ili tva s iptbles nevarshi
rabota
Eto kakvo pravq::
#tc qdisc add dev eth0 root handle 1: cbq bandwidth 10Mbit
avpkt 1000 cell 8
#tc qdisc add dev eth1 root handle 1: cbq bandwidth 10Mbit
avpkt 1000 cell 8
#tc class add dev eth0 parent 1:0 classid 1:1 est 1 sec 2
sec bandwidth 10Mbit rate 33600 allot 1514 cell 8 weight 1
prio 5 maxburst 20 avpkt 1000 bounded
#tc class add dev eth1 parent 1:0 classid 1:2 est 1 sec 2
sec bandwidth 10Mbit rate 9600 allot 1514 cell 8 weight 1
prio 5 maxburst 20 avpkt 1000 bounded
#tc filter add dev eth0 protocol ip u32 match ip dst
192.168.0.0/24 flowid 1:1
#tc filter add dev eth1 protocol ip u32 match ip src
192.168.0.0/24 flowid 1:1
#tc filter add dev eth0 protocol ip handle 1 fw classid 1:1
#tc filter add dev eth1 protocol ip handle 2 fw classid 1:2
--------
#iptables -A POSTROUTING -t mangle -i eth0 -j MARK
---set-mark 1
#iptables -A POSTROUTING -t mangle -i eth1 -j MARK
---set-mark 2
#iptables -A POSTROUTING -t mangle -i eth0 -p tcp --dport
21:22 -s 192.168.0.0/24 -j MARK ---set-mark 2
iptables -A POSTROUTING -t mangle -i eth1 -p tcp --dport
21:22 -j MARK ---set-mark 2
--------
##?? TC e primer koito ti si mi dal
|
| Отговор #4 |
| От: raptor |
Дата: 08/04/2002 |
da ne bi da blokirash trafica s nqkoi drugi iptables prawila
?!
wsichkite sa komentirani, koe defacto polzwash ?
Koq mreva e kam eth0m koq e kam erh1 ? ot kade na kade se
prawi wryzkata ?
kakwo tochno ne raboti ? nqma nikakaw trafic ili ne
ogranichawa ?
S kakwo go testwash sys "scp" li ?
|
| Отговор #5 |
| От: Djimbo (djimbo __@__ ssi[ точка ]bg) |
Дата: 08/05/2002 |
Znachi polzvam sledmoto:
Eto kakvo pravq::
tc qdisc add dev eth0 root handle 1: cbq bandwidth 10Mbit
avpkt 1000 cell 8
tc qdisc add dev eth1 root handle 1: cbq bandwidth 10Mbit
avpkt 1000 cell 8
tc class add dev eth0 parent 1:0 classid 1:1 est 1 sec 2
sec bandwidth 10Mbit rate 33600 allot 1514 cell 8 weight 1
prio 5 maxburst 20 avpkt 1000 bounded
tc class add dev eth1 parent 1:0 classid 1:2 est 1 sec 2
sec bandwidth 10Mbit rate 9600 allot 1514 cell 8 weight 1
prio 5 maxburst 20 avpkt 1000 bounded
tc filter add dev eth0 protocol ip u32 match ip dst
192.168.0.0/24 flowid 1:1
tc filter add dev eth1 protocol ip u32 match ip src
192.168.0.0/24 flowid 1:1
#tc filter add dev eth0 protocol ip handle 1 fw classid 1:1
#tc filter add dev eth1 protocol ip handle 2 fw classid 1:2
iptables -A POSTROUTING -t mangle -i eth0 -j MARK
---set-mark 1
iptables -A POSTROUTING -t mangle -i eth1 -j MARK
---set-mark 2
No neshto ne se poluchava ..,ne ogranichava eth1 pri
download ot mashina src 192.168.0.0/24 ((192.168.0.30)) prez
port 3128 taykato sam napravil redirect na vsichki -s
192.168.0.0/24 --dport 80 .
Neznam kade gresha mojebi treba da napravq forwards za port
3128 neshto podobno mojebi
#iptables -y mangle -A PREROUTING -p tcp --dport 3128 -s
192.168.0.0/24 -i eth0 (ili mojebi da e za eth0 na koeto mi
raboti realno proxy?
Posavetvay me neshto?
Testvam go s download na file ..
Kak da stane s scp?
10x
|
| Отговор #6 |
| От: Djimbo (djimbo __@__ ssi __точка__ bg) |
Дата: 08/05/2002 |
eto taka stana:
tc qdisc add dev eth1 root handle 1: cbq bandwidth 10Mbit
avpkt 1000 cell 8
tc class add dev eth0 parent 1:0 classid 1:1 est 1sec 2sec
bandwidth 10Mbit rate 100Kbit allot 1514 cell 8 weight 1
prio 5 maxburst 20 avpkt 1000 bounded
tc class add dev eth0 parent 1:0 classid 1:2 est 1sec 2sec
bandwidth 10Mbit rate 56Kbit allot 1514 cell 8 weight 1
prio 5 maxburst 20 avpkt 1000 bounded
tc filter add dev eth1 protocol ip handle 1 fw classid 1:1
tc filter add dev eth0 protocol ip handle 2 fw classid 1:2
----------
iptables -t mangle -A PREROUTING -i eth0 -p tcp --dport 3128
-s 192.168.0.0/24 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -i eth1 -p tcp --dport
20:21 -s <moeto real ip> -j MARK --set-mark 2
iptables -t mangle -A PREROUTING -i eth1 -p tcp --sport
20:21 -d <moeto real ip> -j MARK --set-mark 2
Vsichko e tok no zashto pri download ot mrejata na providera
mi se varzvam na 30-40/ i nagore Kbit??
E tva sega nemoga da si obesnq
|
| Отговор #7 |
| От: raptor |
Дата: 08/11/2002 |
sorry naposledyk imam mnogo rabota i ne gledam foruma...
Dokolkoto gledam na posledniq msg koito si pratil si
naprawil samo edin kanal 56Kb/s i ako eth0 ti e kam
dostawchika towa oznachawa che ogranichawash samo
UP-kanala...
trqbwa da imash slednoto neshto shematichno :
eth0 - qdisc
|__ class 100Kbit
|___ class 56kbit
eth1 - qdisc
|__ class 100Kbit
|___ class 56kbit
i ediniq filter da sochi eth0-56kbit(upload) a drugiq
eth1-56kbit(dload) ...
Shapwaneto obiknowenno stawa na egress(izhodniq) interfeisa,
kogato e na ingress (whodniq se wodi obiknowenno policing )
|
<< perl programirane problem (4
) | vapros (2
) >>
|
|
|
|
|
|
