Zdraveite. Tezi dni se zanimavam sus shaperd no neshto ne se
spravqm kakto trqbva. Chetoh man stranicata, documentaciqta
i izpolzvah example config failovete s malko promeni za da
podkaram tova jivotinche. shaperd si trugva bez problem, no
s edna malka podrobnost - ne ogranichava izobshto trafika.
Ako nqkoi ima opit s tova shaperche neka go spodeli. Razbira
se predi da pusna postinga imashe procedura na tursene v
tozi sait no ne namerih nishto sushtestveno :) Eto config
faila:
==========================================================
# example.2.conf.divert: priority-based shaping (for 2.2
kernels)
#
# send a SIGHUP to reload this file with the command killall
-HUP shaperd
# this is an "internal" log level (all logs are sent with
facility daemon,
# priority info; see the syslog manpage for more
information).
# valid levels are:
# alert (1)
# error (2)
# warning (3)
# info (4)
# debug1 (5)
# debug2 (6)
# log levels beggining from warning (3) will log unmatched
packets
log level = info
# this is a required option. note that shaperd must have
been built with
# the correct forwarding mechanism(s) in order for these to
work
# see the README for further details
packet forwarding = divert # check "divert port" and "divert
reinjection"
# for divert sockets, you must also specify a port number
# this number should be the same value you use in the
firewall rules
divert port = 1111
# this is useful for debugging
# shaperd will run detached if set to "yes"
daemon = yes
# full path to shaperd's pidfile
# it will be generated in daemon mode only
pidfile = /var/run/shaperd.pid
class from_A {
bandwidth = 2 kbyte/s
# shape every telnet/ssh packet coming from A's net
(client)
# note: you can also use real (dns) host names
instead of ip addresses
ipv4 classifier prio=1 proto=tcp \
saddr=172.16.0.1/255.255.0.0 \
daddr=172.16.0.2/255.255.0.0
dport=telnet,ssh
# we'll also give high priority to icmp packets (to
measure rtt)
ipv4 classifier prio=1 proto=icmp \
saddr=172.16.0.1/255.255.0.0 \
daddr=172.16.0.2/255.255.0.0
# finally, shape the rest of the bits
ipv4 classifier prio=0 \
saddr=172.16.0.1/255.255.0.0 \
daddr=172.16.0.2/255.255.0.0
# divert sockets forward entire datagrams, so we
*must* limit each
# queue's memory footprint
queue limits = 2 kb 0 packets
}
class from_C {
bandwidth = 100 kbyte/s
# shape every telnet/ssh packet coming from C's net
(server)
ipv4 classifier prio=1 proto=tcp \
saddr=192.168.0.0/255.255.255.0
sport=telnet,ssh \
daddr=192.168.1.0/255.255.255.0
# we'll also give high priority to icmp packets (to
measure rtt)
ipv4 classifier prio=1 proto=icmp \
saddr=192.168.0.0/255.255.255.0 \
daddr=192.168.1.0/255.255.255.0
# shape the rest of the bits :-)
ipv4 classifier prio=0 \
saddr=192.168.0.0/255.255.255.0 \
daddr=192.168.1.0/255.255.255.0
# divert sockets forward entire datagrams, so we
*must* limit each
# queue's memory footprint
queue limits = 100 kb 0 packets
}
Ideqta e na mashinata 172.16.0.2 da se ogranichi trafika.
Razbira se tova e experementalen opit s cel izuchavane na
dadeniqt softuer. Eto zashto molq ne me suvetvaite da
izpolzvam HTB ili CBQ ili drugi takiva klasiki v janra.
BLagodarq na vseki koito chete postinga i oshte poveche na
vseki koito shte se smeli nad men i shte mi otgovori :)
|