Będzie trochę długo :).
--------------------------------
SPOSÓB1
______________________________
Ja u siebie miałem tak (potrzebna łata =
mport.patch z pakietu patch-o-matic)
#!/bin/bash
DEV=eth1
RATEUP=256
if [ "$1" = "status" ]
then
echo "[qdisc]"
tc -s qdisc show dev $DEV
echo "[class]"
tc -s class show dev $DEV
echo "[filter]"
tc -s filter show dev $DEV
echo "[iptables]"
iptables -t mangle -L SHAPER_OUT =
-v -x 2> /dev/null
exit
fi
tc qdisc del dev $DEV root 2> /dev/null > =
/dev/null
iptables -t mangle -F SHAPER_OUT 2> /dev/null > =
/dev/null
iptables -t mangle -X SHAPER_OUT 2> /dev/null > =
/dev/null
if [ "$1" = "stop" ]
then
echo "Shaping removed on =
$DEV."
exit
fi
ip link set dev $DEV qlen 30
ip link set dev $DEV mtu 1000
tc qdisc add dev $DEV root handle 1: htb default =
22
tc class add dev $DEV parent 1: classid 1:1 htb rate =
${RATEUP}kbit ceil
${RATEUP}kbit
tc class add dev $DEV parent 1:1 classid 1:20 htb rate =
100kbit ceil 200kbit
prio 1
tc class add dev $DEV parent 1:1 classid 1:21 htb =
rate 20kbit ceil 250kbit
prio 2
tc class add dev $DEV parent 1:1 classid 1:22 htb =
rate 20kbit ceil 60kbit
prio 4
tc class add dev $DEV parent 1:1 classid 1:23 htb =
rate 20kbit ceil 180kbit
prio 3
tc class add dev $DEV parent 1:1 classid 1:24 htb =
rate 20kbit ceil 180kbit
prio 3
tc qdisc add dev $DEV parent 1:20 handle 20: sfq =
perturb 10
tc qdisc add dev $DEV parent 1:21 handle 21: sfq =
perturb 10
tc qdisc add dev $DEV parent 1:22 handle 22: sfq =
perturb 10
tc qdisc add dev $DEV parent 1:23 handle 23: sfq =
perturb 10
tc qdisc add dev $DEV parent 1:24 handle 24: sfq =
perturb 10
tc filter add dev $DEV parent 1:0 prio 0 protocol ip =
handle 20 fw flowid
1:20
tc filter add dev $DEV parent 1:0 prio 0 protocol ip =
handle 21 fw flowid
1:21
tc filter add dev $DEV parent 1:0 prio 0 protocol ip =
handle 22 fw flowid
1:22
tc filter add dev $DEV parent 1:0 prio 0 protocol ip =
handle 23 fw flowid
1:23
tc filter add dev $DEV parent 1:0 prio 0 protocol ip =
handle 24 fw flowid
1:24
iptables -t mangle -N SHAPER_OUT
iptables -t mangle -I POSTROUTING -o $DEV -j =
SHAPER_OUT
iptables -t mangle -A SHAPER_OUT -p tcp --dport 80 -j =
MARK --set-mark 20
iptables -t mangle -A SHAPER_OUT -p icmp -j MARK =
--set-mark 21
#jeśli nie masz łaty mport to musisz zrobić =
wpisy takie jak dla portu 80 (2
linijki wyżej) dla każdego z portów =
króry chcesz puścić do klasy
iptables -t mangle -A SHAPER_OUT -m mark --mark 0 -j =
MARK --set-mark 22
iptables -t mangle -A SHAPER_OUT -p tcp -m mport =
--sports
22,25,53,80,110,143,1000:1035 -j MARK --set-mark =
23
___________________________________________
SPOSÓB2
mozna też markować pakiety wychodzące od =
poszczególnych użytkowników w sumie
u mnie nie działało to najlepiej ale pomysł =
można wykorzystać w dowolny
sposób. Znajdziesz to na stronie http://www.ds14.agh.edu.p=
l/~prism/htb/
__________________________________________
SPOSÓB3
I w końcu bez używania iptables:
#czyszczenie tablicy
tc qdisc del root dev eth1
#dodanie kolejki głównej
tc qdisc add dev eth1 root handle 1:0 htb default =
3
#
tc class add dev eth1 parent 1:0 classid 1:1 htb rate =
250kbit ceil 250kbit
#podział całego pasma na :www,ftp,inne
#www
tc class add dev eth1 parent 1:1 classid 1:2 htb rate =
140kbit ceil 250kbit
prio 1
#
#reszta portow
tc class add dev eth1 parent 1:1 classid 1:3 htb rate =
10kbit ceil 80kbit
prio 2
#ograniczenie na kaze
tc class add dev eth1 parent 1:1 classid 1:4 htb rate =
3kbit ceil 3kbit prio
2
#ograniczenie na Dicect Connect
tc class add dev eth1 parent 1:1 classid 1:5 htb rate =
3kbit ceil 200kbit
prio 2
tc class add dev eth1 parent 1:1 classid 1:6 htb rate =
3kbit ceil 200kbit
prio 2
#ograniczenie na eDonkey
tc class add dev eth1 parent 1:1 classid 1:7 htb rate =
3kbit ceil 3kbit prio
2
tc class add dev eth1 parent 1:1 classid 1:8 htb rate =
3kbit ceil 3kbit prio
2
#wpuszczenie poczty
tc class add dev eth1 parent 1:1 classid 1:9 htb rate =
10kbit ceil 250kbit
prio 2
#wpuszczenie portow CS
tc class add dev eth1 parent 1:1 classid 1:10 htb =
rate 10kbit ceil 250kbit
prio 2
tc class add dev eth1 parent 1:1 classid 1:11 htb =
rate 10kbit ceil 250kbit
prio 2
tc class add dev eth1 parent 1:1 classid 1:12 htb =
rate 10kbit ceil 250kbit
prio 2
#
#ograniczenie portu 1544(Mirek)
tc class add dev eth1 parent 1:1 classid 1:13 htb =
rate 3kbit ceil 3kbit prio
2
#inne porty (Mirek)
tc class add dev eth1 parent 1:1 classid 1:14 htb =
rate 3kbit ceil 3kbit prio
2
#
tc class add dev eth1 parent 1:1 classid 1:15 htb =
rate 9kbit ceil 250kbit
prio 2
tc class add dev eth1 parent 1:1 classid 1:16 htb =
rate 9kbit ceil 250kbit
prio 2
#
#
#filtry www i ftp, poczta i inne
#www
tc filter add dev eth1 protocol ip parent 1:0 u32 =
match ip dport 80 0xffff
flowid 1:2
#kazaa
tc filter add dev eth1 protocol ip parent 1:0 u32 =
match ip dport 1214 0xffff
flowid 1:4
#Direct connect
tc filter add dev eth1 protocol ip parent 1:0 u32 =
match ip dport 411 0xffff
flowid 1:5
tc filter add dev eth1 protocol ip parent 1:0 u32 =
match ip sport 412 0xffff
flowid 1:6
#eDonkey
tc filter add dev eth1 protocol ip parent 1:0 u32 =
match ip dport 4662 0xffff
flowid 1:7
tc filter add dev eth1 protocol ip parent 1:0 u32 =
match ip sport 4662 0xffff
flowid 1:8
#poczta
tc filter add dev eth1 protocol ip parent 1:0 u32 =
match ip dport 110 0xffff
flowid 1:9
#porty CS
tc filter add dev eth1 protocol ip parent 1:0 u32 =
match ip dport 27015
0xffff flowid 1:10
tc filter add dev eth1 protocol ip parent 1:0 u32 =
match ip dport 27016
0xffff flowid 1:11
tc filter add dev eth1 protocol ip parent 1:0 u32 =
match ip dport 27020
0xffff flowid 1:12
#port 1544(Mirek)
tc filter add dev eth1 protocol ip parent 1:0 u32 =
match ip dport 1544 0xffff
flowid 1:13
#
tc filter add dev eth1 protocol ip parent 1:0 u32 =
match ip sport 4772 0xffff
flowid 1:14
#
tc filter add dev eth1 protocol ip parent 1:0 u32 =
match ip dport 22 0xffff
flowid 1:15
tc filter add dev eth1 protocol ip parent 1:0 u32 =
match ip sport 22 0xffff
flowid 1:16
#
#
#wszystkim po równo
tc qdisc add dev eth1 parent 1:2 handle 2:0 sfq =
perturb 10
tc qdisc add dev eth1 parent 1:3 handle 3:0 sfq =
perturb 10
tc qdisc add dev eth1 parent 1:4 handle 4:0 sfq =
perturb 10
tc qdisc add dev eth1 parent 1:5 handle 5:0 sfq =
perturb 10
tc qdisc add dev eth1 parent 1:6 handle 6:0 sfq =
perturb 10
tc qdisc add dev eth1 parent 1:7 handle 7:0 sfq =
perturb 10
tc qdisc add dev eth1 parent 1:8 handle 8:0 sfq =
perturb 10
tc qdisc add dev eth1 parent 1:9 handle 9:0 sfq =
perturb 10
tc qdisc add dev eth1 parent 1:10 handle 10:0 sfq =
perturb 10
tc qdisc add dev eth1 parent 1:11 handle 11:0 sfq =
perturb 10
tc qdisc add dev eth1 parent 1:12 handle 12:0 sfq =
perturb 10
tc qdisc add dev eth1 parent 1:13 handle 13:0 sfq =
perturb 10
tc qdisc add dev eth1 parent 1:14 handle 14:0 sfq =
perturb 10
tc qdisc add dev eth1 parent 1:15 handle 15:0 sfq =
perturb 10
tc qdisc add dev eth1 parent 1:16 handle 16:0 sfq =
perturb 10
#tc qdisc add dev eth1 parent 1:17 handle 17:0 sfq =
perturb 10
#
#