[ SlackList ] [ WkikiSlack ]



Re: HTB i ruch wychodzacy - jak to zrobic?

From: Przemysław Śmiały <xtc1@poczta.onet.pl>
Date: Sat Sep 06 2003 - 15:59:31 CEST
[slacklist] Re: HTB i ruch wychodzacy - jak to zrobic?

Będzie trochę długo :).
--------------------------------
SPOSÓB1
______________________________
Ja u siebie miałem tak (potrzebna łata = mport.patch z pakietu patch-o-matic)
#!/bin/bash
DEV=eth1
RATEUP=256

if [ "$1" = "status" ]
then
    echo "[qdisc]"
    tc -s qdisc show dev $DEV
    echo "[class]"
    tc -s class show dev $DEV
    echo "[filter]"
    tc -s filter show dev $DEV
    echo "[iptables]"
    iptables -t mangle -L SHAPER_OUT = -v -x 2> /dev/null
    exit
fi

tc qdisc del dev $DEV root 2> /dev/null > = /dev/null
iptables -t mangle -F SHAPER_OUT 2> /dev/null > = /dev/null
iptables -t mangle -X SHAPER_OUT 2> /dev/null > = /dev/null

if [ "$1" = "stop" ]
then
    echo "Shaping removed on = $DEV."
    exit
fi

ip link set dev $DEV qlen 30
ip link set dev $DEV mtu 1000

tc qdisc add dev $DEV root handle 1: htb default = 22
tc class add dev $DEV parent 1: classid 1:1 htb rate = ${RATEUP}kbit ceil
${RATEUP}kbit

tc class add dev $DEV parent 1:1 classid 1:20 htb rate = 100kbit ceil 200kbit
prio 1
tc class add dev $DEV parent 1:1 classid 1:21 htb = rate 20kbit ceil 250kbit
prio 2
tc class add dev $DEV parent 1:1 classid 1:22 htb = rate 20kbit ceil 60kbit
prio 4
tc class add dev $DEV parent 1:1 classid 1:23 htb = rate 20kbit ceil 180kbit
prio 3
tc class add dev $DEV parent 1:1 classid 1:24 htb = rate 20kbit ceil 180kbit
prio 3

tc qdisc add dev $DEV parent 1:20 handle 20: sfq = perturb 10
tc qdisc add dev $DEV parent 1:21 handle 21: sfq = perturb 10
tc qdisc add dev $DEV parent 1:22 handle 22: sfq = perturb 10
tc qdisc add dev $DEV parent 1:23 handle 23: sfq = perturb 10
tc qdisc add dev $DEV parent 1:24 handle 24: sfq = perturb 10

tc filter add dev $DEV parent 1:0 prio 0 protocol ip = handle 20 fw flowid
1:20
tc filter add dev $DEV parent 1:0 prio 0 protocol ip = handle 21 fw flowid
1:21
tc filter add dev $DEV parent 1:0 prio 0 protocol ip = handle 22 fw flowid
1:22
tc filter add dev $DEV parent 1:0 prio 0 protocol ip = handle 23 fw flowid
1:23
tc filter add dev $DEV parent 1:0 prio 0 protocol ip = handle 24 fw flowid
1:24

iptables -t mangle -N SHAPER_OUT
iptables -t mangle -I POSTROUTING -o $DEV -j = SHAPER_OUT

iptables -t mangle -A SHAPER_OUT -p tcp --dport 80 -j = MARK --set-mark 20
iptables -t mangle -A SHAPER_OUT -p icmp -j MARK = --set-mark 21
#jeśli nie masz łaty mport to musisz zrobić = wpisy takie jak dla portu 80 (2
linijki  wyżej) dla każdego z portów = króry chcesz puścić do klasy
iptables -t mangle -A SHAPER_OUT -m mark --mark 0 -j = MARK --set-mark 22
iptables -t mangle -A SHAPER_OUT -p tcp -m mport = --sports
22,25,53,80,110,143,1000:1035 -j MARK --set-mark = 23
___________________________________________
SPOSÓB2
mozna też markować pakiety wychodzące od = poszczególnych użytkowników w sumie
u mnie nie działało to najlepiej ale pomysł = można wykorzystać w dowolny
sposób. Znajdziesz to na stronie http://www.ds14.agh.edu.p= l/~prism/htb/
 __________________________________________
SPOSÓB3
I w końcu bez używania iptables:

#czyszczenie tablicy
tc qdisc del root dev eth1
#dodanie kolejki głównej
tc qdisc add dev eth1 root handle 1:0 htb default = 3
#
tc class add dev eth1 parent 1:0 classid 1:1 htb rate = 250kbit ceil 250kbit
#podział całego pasma na :www,ftp,inne
#www
tc class add dev eth1 parent 1:1 classid 1:2 htb rate = 140kbit ceil 250kbit
prio 1
#
#reszta portow
tc class add dev eth1 parent 1:1 classid 1:3 htb rate = 10kbit ceil 80kbit
prio 2
#ograniczenie na kaze
tc class add dev eth1 parent 1:1 classid 1:4 htb rate = 3kbit ceil 3kbit prio
2
#ograniczenie na Dicect Connect
tc class add dev eth1 parent 1:1 classid 1:5 htb rate = 3kbit ceil 200kbit
prio 2
tc class add dev eth1 parent 1:1 classid 1:6 htb rate = 3kbit ceil 200kbit
prio 2
#ograniczenie na eDonkey
tc class add dev eth1 parent 1:1 classid 1:7 htb rate = 3kbit ceil 3kbit prio
2
tc class add dev eth1 parent 1:1 classid 1:8 htb rate = 3kbit ceil 3kbit prio
2
#wpuszczenie poczty
tc class add dev eth1 parent 1:1 classid 1:9 htb rate = 10kbit ceil 250kbit
prio 2
#wpuszczenie portow CS
tc class add dev eth1 parent 1:1 classid 1:10 htb = rate 10kbit ceil 250kbit
prio 2
tc class add dev eth1 parent 1:1 classid 1:11 htb = rate 10kbit ceil 250kbit
prio 2
tc class add dev eth1 parent 1:1 classid 1:12 htb = rate 10kbit ceil 250kbit
prio 2
#
#ograniczenie portu 1544(Mirek)
tc class add dev eth1 parent 1:1 classid 1:13 htb = rate 3kbit ceil 3kbit prio
2
#inne porty (Mirek)
tc class add dev eth1 parent 1:1 classid 1:14 htb = rate 3kbit ceil 3kbit prio
2
#
tc class add dev eth1 parent 1:1 classid 1:15 htb = rate 9kbit ceil 250kbit
prio 2
tc class add dev eth1 parent 1:1 classid 1:16 htb = rate 9kbit ceil 250kbit
prio 2
#
#
#filtry www i ftp, poczta i inne
#www
tc filter add dev eth1 protocol ip parent 1:0 u32 = match ip dport 80 0xffff
flowid 1:2
#kazaa
tc filter add dev eth1 protocol ip parent 1:0 u32 = match ip dport 1214 0xffff
flowid 1:4
#Direct connect
tc filter add dev eth1 protocol ip parent 1:0 u32 = match ip dport 411 0xffff
flowid 1:5
tc filter add dev eth1 protocol ip parent 1:0 u32 = match ip sport 412 0xffff
flowid 1:6
#eDonkey
tc filter add dev eth1 protocol ip parent 1:0 u32 = match ip dport 4662 0xffff
flowid 1:7
tc filter add dev eth1 protocol ip parent 1:0 u32 = match ip sport 4662 0xffff
flowid 1:8
#poczta
tc filter add dev eth1 protocol ip parent 1:0 u32 = match ip dport 110 0xffff
flowid 1:9
#porty CS
tc filter add dev eth1 protocol ip parent 1:0 u32 = match ip dport 27015
0xffff flowid 1:10
tc filter add dev eth1 protocol ip parent 1:0 u32 = match ip dport 27016
0xffff flowid 1:11
tc filter add dev eth1 protocol ip parent 1:0 u32 = match ip dport 27020
0xffff flowid 1:12
#port 1544(Mirek)
tc filter add dev eth1 protocol ip parent 1:0 u32 = match ip dport 1544 0xffff
flowid 1:13
#
tc filter add dev eth1 protocol ip parent 1:0 u32 = match ip sport 4772 0xffff
flowid 1:14
#
tc filter add dev eth1 protocol ip parent 1:0 u32 = match ip dport 22 0xffff
flowid 1:15
tc filter add dev eth1 protocol ip parent 1:0 u32 = match ip sport 22 0xffff
flowid 1:16

#
#
#wszystkim po równo
tc qdisc add dev eth1 parent 1:2 handle 2:0 sfq = perturb 10
tc qdisc add dev eth1 parent 1:3 handle 3:0 sfq = perturb 10
tc qdisc add dev eth1 parent 1:4 handle 4:0 sfq = perturb 10
tc qdisc add dev eth1 parent 1:5 handle 5:0 sfq = perturb 10
tc qdisc add dev eth1 parent 1:6 handle 6:0 sfq = perturb 10
tc qdisc add dev eth1 parent 1:7 handle 7:0 sfq = perturb 10
tc qdisc add dev eth1 parent 1:8 handle 8:0 sfq = perturb 10
tc qdisc add dev eth1 parent 1:9 handle 9:0 sfq = perturb 10
tc qdisc add dev eth1 parent 1:10 handle 10:0 sfq = perturb 10
tc qdisc add dev eth1 parent 1:11 handle 11:0 sfq = perturb 10
tc qdisc add dev eth1 parent 1:12 handle 12:0 sfq = perturb 10
tc qdisc add dev eth1 parent 1:13 handle 13:0 sfq = perturb 10
tc qdisc add dev eth1 parent 1:14 handle 14:0 sfq = perturb 10
tc qdisc add dev eth1 parent 1:15 handle 15:0 sfq = perturb 10
tc qdisc add dev eth1 parent 1:16 handle 16:0 sfq = perturb 10
#tc qdisc add dev eth1 parent 1:17 handle 17:0 sfq = perturb 10
#
#


Received on Sat Feb 21 03:39:09 2004
This archive was generated by hypermail 2.1.8. Wyprawa Shackleton 2014