> Użytkownik Przemysław Śmiały napisał:
>
>>
>>
>>
> jasne dawaj :) ja też nad tym ślęcze i nie bardzo widać poprawę. Tylko
> jakieś komentarze. Pozdrawiam
>
Proszę bardzo!
Gotowe do uzycia na DSL 2M o ile pozmieniacie sobi IP

To jest obecna konfiguracja interfejsu wyjściowego, na dzień dzisiejszy
zabieram się za ipp2p z patch-o-matic-ng do kolejkowania programów p2p.
Sugestie i przeróbki jak najbardziej polecane.

#Zaczynamy bajkę
#! /bin/bash
DEV=eth1
RATEUP=180

if [ "$1" = "status" ]
then
    echo "[qdisc]"
    tc -s qdisc show dev $DEV
    echo "[class]"
    tc -s class show dev $DEV
    echo "[filter]"
    tc -s filter show dev $DEV
    echo "[iptables]"
    iptables -t mangle -L SHAPER_OUT -v -x 2> /dev/null
    exit
fi

tc qdisc del dev $DEV root 2> /dev/null > /dev/null
iptables -t mangle -F SHAPER_OUT 2> /dev/null > /dev/null
iptables -t mangle -F POSTROUTING
iptables -t mangle -X SHAPER_OUT 2> /dev/null > /dev/null
iptables -t mangle -F FORWARD
iptables -t mangle -F OUTPUT

if [ "$1" = "stop" ]
then
    echo "Shaping removed on $DEV."
    exit
fi

ip link set dev $DEV qlen 30
ip link set dev $DEV mtu 1000

tc qdisc add dev $DEV root handle 1: htb default 22
tc class add dev $DEV parent 1: classid 1:1 htb rate ${RATEUP}kbit ceil
${RATEUP}kbit
#www
tc class add dev $DEV parent 1:1 classid 1:20 htb rate 90kbit ceil 180kbit
prio 1
#icmp
tc class add dev $DEV parent 1:1 classid 1:21 htb rate 10kbit ceil 100kbit
prio 4
#reszta portów
tc class add dev $DEV parent 1:1 classid 1:22 htb rate 10kbit ceil 50kbit
prio 5
#zapytania DNS (port 53)
tc class add dev $DEV parent 1:1 classid 1:23 htb rate 15kbit ceil 180kbit
prio 3
#poczta
tc class add dev $DEV parent 1:1 classid 1:24 htb rate 15kbit ceil 120kbit
prio 3
#banki, ssh
tc class add dev $DEV parent 1:1 classid 1:25 htb rate 1kbit ceil 100kbit
prio 3
#listy dyskusyjne
tc class add dev $DEV parent 1:1 classid 1:26 htb rate 10kbit ceil 100kbit
prio 3
#ftp, radio
tc class add dev $DEV parent 1:1 classid 1:27 htb rate 10kbit ceil 180kbit
prio 3
#www od nas
tc class add dev $DEV parent 1:1 classid 1:28 htb rate 5kbit ceil 80kbit
prio 3
#ack
tc class add dev $DEV parent 1:1 classid 1:29 htb rate 15kbit ceil 40kbit
prio 2
#CS i Przekierowania portów
tc class add dev $DEV parent 1:1 classid 1:30 htb rate 5kbit ceil 70kbit
prio 3
#p2p
tc class add dev $DEV parent 1:1 classid 1:31 htb rate 1kbit ceil 5kbit prio
4
#
#tc class add dev $DEV parent 1:1 classid 1:32 htb rate 10kbit ceil 200kbit
prio 1
#
tc qdisc add dev $DEV parent 1:20 handle 20: sfq perturb 10
tc qdisc add dev $DEV parent 1:21 handle 21: sfq perturb 10
tc qdisc add dev $DEV parent 1:22 handle 22: sfq perturb 10
tc qdisc add dev $DEV parent 1:23 handle 23: sfq perturb 10
tc qdisc add dev $DEV parent 1:24 handle 24: sfq perturb 10
tc qdisc add dev $DEV parent 1:25 handle 25: sfq perturb 10
tc qdisc add dev $DEV parent 1:26 handle 26: sfq perturb 10
tc qdisc add dev $DEV parent 1:27 handle 27: sfq perturb 10
tc qdisc add dev $DEV parent 1:28 handle 28: sfq perturb 10
tc qdisc add dev $DEV parent 1:29 handle 29: sfq perturb 10
tc qdisc add dev $DEV parent 1:30 handle 30: sfq perturb 10
tc qdisc add dev $DEV parent 1:31 handle 31: sfq perturb 10
#tc qdisc add dev $DEV parent 1:32 handle 32: sfq perturb 10
#
#
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 20 fw flowid
1:20
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 21 fw flowid
1:21
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 22 fw flowid
1:22
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 23 fw flowid
1:23
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 24 fw flowid
1:24
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 25 fw flowid
1:25
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 26 fw flowid
1:26
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 27 fw flowid
1:27
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 28 fw flowid
1:28
#ACK
tc filter add dev $DEV parent 1:0 protocol ip prio 0 u32 match ip protocol 6
0xff \
    match u8 0x05 0x0f at 0 match u16 0x0000 0xffc0 at 2 match u8 0x10 0xff
at 33 flowid 1:29
#CS i porty
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 30 fw flowid
1:30
tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 31 fw flowid
1:31
#tc filter add dev $DEV parent 1:0 prio 0 protocol ip handle 32 fw flowid
1:32
#
#
#znakowanie pakietów
iptables -t mangle -N SHAPER_OUT
iptables -t mangle -I POSTROUTING -o $DEV -j SHAPER_OUT
#
iptables -t mangle -A SHAPER_OUT -p tcp -s 80.55.116.82 --dport 80 -j
MARK --set-mark 20
iptables -t mangle -A SHAPER_OUT -p tcp -s ! 80.55.116.82 --dport 80 -j
MARK --set-mark 22
iptables -t mangle -A SHAPER_OUT -p icmp -j MARK --set-mark 21
iptables -t mangle -A SHAPER_OUT -m mark --mark 0 -j MARK --set-mark 22
iptables -t mangle -A SHAPER_OUT -p tcp --dport 53 -j MARK --set-mark 23
iptables -t mangle -A SHAPER_OUT -p udp --dport 53 -j MARK --set-mark 23
iptables -t mangle -A SHAPER_OUT -p tcp --sport 53 -j MARK --set-mark 23
iptables -t mangle -A SHAPER_OUT -p udp --sport 53 -j MARK --set-mark 23
iptables -t mangle -A SHAPER_OUT -p tcp --sport 110 -j MARK --set-mark 24
iptables -t mangle -A SHAPER_OUT -p tcp --dport 110 -j MARK --set-mark 24
iptables -t mangle -A SHAPER_OUT -p tcp --sport 25 -j MARK --set-mark 24
iptables -t mangle -A SHAPER_OUT -p tcp --dport 25 -j MARK --set-mark 24
iptables -t mangle -A SHAPER_OUT -p tcp --dport 443 -j MARK --set-mark 25
iptables -t mangle -A SHAPER_OUT -p udp --dport 443 -j MARK --set-mark 25
iptables -t mangle -A SHAPER_OUT -p tcp --sport 22 -j MARK --set-mark 25
iptables -t mangle -A SHAPER_OUT -p tcp --dport 22 -j MARK --set-mark 25
iptables -t mangle -A SHAPER_OUT -p tcp --dport 119 -j MARK --set-mark 26
iptables -t mangle -A SHAPER_OUT -p tcp --dport 21 -j MARK --set-mark 27
iptables -t mangle -A SHAPER_OUT -p tcp --sport 21 -j MARK --set-mark 28
iptables -t mangle -A SHAPER_OUT -p tcp --dport 8018 -j MARK --set-mark 27
iptables -t mangle -A SHAPER_OUT -p tcp --sport 80 -j MARK --set-mark 28
iptables -t mangle -A SHAPER_OUT -p tcp --sport 1002:1035 -j MARK --set-mark
30
iptables -t mangle -A SHAPER_OUT -p udp --sport 1002:1035 -j MARK --set-mark
30
iptables -t mangle -A SHAPER_OUT -p tcp --sport 1170:1180 -j MARK --set-mark
20
iptables -t mangle -A SHAPER_OUT -p tcp --dport 1170:1180 -j MARK --set-mark
20
iptables -t mangle -A SHAPER_OUT -p tcp -d 193.17.41.70 --dport
17000:17100 -j MARK --set-mark 30
iptables -t mangle -A SHAPER_OUT -p tcp -m mport --dports
27005,27015,27016,27017,27020,6112 -j MARK --set-mark 30
iptables -t mangle -A SHAPER_OUT -p udp -m mport --dports
27005,27015,27016,27017,27020,6112 -j MARK --set-mark 30
#talkpro
iptables -t mangle -A SHAPER_OUT -p tcp -m mport --dports 1710,1721,1730 -j
MARK --set-mark 30
iptables -t mangle -A SHAPER_OUT -p udp -m mport --dports
1710,10000:30000 -j MARK --set-mark 30
#
iptables -t mangle -A SHAPER_OUT -p tcp -m mport --dport
411,412,3650:3700 -j MARK --set-mark 31
iptables -t mangle -A SHAPER_OUT -p tcp -m mport --sport
411,412,3650:3700 -j MARK --set-mark 31
#iptables -t mangle -I FORWARD -o $DEV -j SHAPER_OUT
iptables -t mangle -A FORWARD -m string --string '$Send|' -j MARK --set-mark
31
iptables -t mangle -A FORWARD -m string --string '$Search Hub:' -j
MARK --set-mark 31
iptables -t mangle -A FORWARD -p tcp -m string --string "X-Kazaa-" -j
MARK --set-mark 31
iptables -t mangle -A FORWARD -p udp -m string --string "KaZaA" -j
MARK --set-mark 31
iptables -t mangle -A FORWARD -p udp -m string --string "fileshare" -j
MARK --set-mark 31
iptables -t mangle -A FORWARD -p tcp -m string --string "not reachable. You
have aLOWID" -j MARK --set-mark 31
iptables -t mangle -A FORWARD -m string --string "eMule" -j MARK --set-mark
31
iptables -t mangle -A FORWARD -m string --string "emule" -j MARK --set-mark
31
iptables -t mangle -A SHAPER_OUT -p tcp -m mport --dport
4660:4670,4242,6881:6891 -j MARK --set-mark 31
#iptables -t mangle -A PREROUTING -p tcp -s 192.168.1.4 --dport 80 -j
MARK --set-mark 32
#iptables -t mangle -A PREROUTING -s 192.168.1.4 -j RETURN
Received on Thu Nov 4 00:06:10 2004