หัวข้อ: gentoo Ipp2p&L7 QoS (อ่าน 1056 ครั้ง)

SNC_Admin · « **เมื่อ:** พฤษภาคม 31, 2008, 07:44:35 pm »

ที่มา : http://gentoo-wiki.com/HOWTO_Packet_Shaping

โค๊ด: [Select]

# Constants
LOCALNET="192.168.1.0/255.255.255.0"

# Setting policy (the default policy is ACCEPT so you don't really need
# this section unless you set the default policy to DROP; that policy is
# NOT recommended for other chains but the INPUT and FORWARD chains
# in the filter table, and SOMETIMES in the OUTPUT)
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P PREROUTING ACCEPT

# Flushing all tables
iptables -t filter -F
iptables -t mangle -F
iptables -t nat    -F
iptables -t raw    -F # (optional)

# Masquerading
iptables -t nat -A POSTROUTING -s $LOCALNET -o eth1 -j MASQUERADE
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -d $LOCALNET -j ACCEPT

# Enable kernel forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

โค๊ด: [Select]

MARKPRIO1="1"
MARKPRIO2="2"
MARKPRIO3="3"
MARKPRIO4="4"

# Setting priority marks

# Prio 1
# icmp
iptables -t mangle -A FORWARD -p icmp -j MARK --set-mark $MARKPRIO1
iptables -t mangle -A OUTPUT -p icmp -j MARK --set-mark $MARKPRIO1
# ssh
iptables -t mangle -A FORWARD -p tcp --dport 22 -j MARK --set-mark $MARKPRIO1
iptables -t mangle -A OUTPUT -p tcp --dport 22 -j MARK --set-mark $MARKPRIO1
# non tcp
iptables -t mangle -A FORWARD -p ! tcp -j MARK --set-mark $MARKPRIO1
iptables -t mangle -A OUTPUT -p ! tcp -j MARK --set-mark $MARKPRIO1

# Prio 2

# Prio 3
# http
iptables -t mangle -A FORWARD -p tcp --dport 80 -j MARK --set-mark $MARKPRIO3
iptables -t mangle -A OUTPUT -p tcp --dport 80 -j MARK --set-mark $MARKPRIO3
# https
iptables -t mangle -A FORWARD -p tcp --dport 443 -j MARK --set-mark $MARKPRIO3
iptables -t mangle -A OUTPUT -p tcp --dport 443 -j MARK --set-mark $MARKPRIO3
# smtp
iptables -t mangle -A FORWARD -p tcp --dport 25 -j MARK --set-mark $MARKPRIO3
iptables -t mangle -A OUTPUT -p tcp --dport 25 -j MARK --set-mark $MARKPRIO3

# Prio 4
# packets > 1024 bytes
iptables -t mangle -A FORWARD -p tcp -m length --length 1024: -j MARK --set-mark $MARKPRIO4
# bittorrent
iptables -t mangle -A FORWARD -i eth0 -p tcp --sport 6881:6889 -j MARK --set-mark $MARKPRIO4
iptables -t mangle -A FORWARD -i eth0 -p tcp --dport 6881:6889 -j MARK --set-mark $MARKPRIO4

# Remaining packets are marked according to TOS
iptables -t mangle -A FORWARD -p tcp -m tos --tos Minimize-Delay -m mark --mark 0 -j MARK --set-mark $MARKPRIO1
iptables -t mangle -A FORWARD -p tcp -m tos --tos Maximize-Throughput -m mark --mark 0 -j MARK --set-mark $MARKPRIO2
iptables -t mangle -A FORWARD -p tcp -m tos --tos Minimize-Cost -m mark --mark 0 -j MARK --set-mark $MARKPRIO4

โค๊ด: [Select]

#Constants

# Interface you want to do shaping on
# eth2, eth1 for direct connection; ppp0 or so for dsl
# and other dialup connections (check ifconfig)
IFACE=eth2

# Priority marks
MARKPRIO1="1"
MARKPRIO2="2"
MARKPRIO3="3"
MARKPRIO4="4"

# Rates
UPRATE="152kbit"
#P2PRATE=$UPRATE
P2PRATE="128kbit"
PRIORATE1="65kbit"
PRIORATE2="46kbit"
PRIORATE3="27kbit"
PRIORATE4="8kbit"

# Quantum
QUANTUM1="12187"
QUANTUM2="8625"
QUANTUM3="5062"
QUANTUM4="1500"

# Burst
BURST1="6k"
BURST2="4k"
BURST3="2k"
BURST4="0k"
CBURST1="3k"
CBURST2="2k"
CBURST3="1k"
CBURST4="0k"

# Set queue length for IFACE
ifconfig $IFACE txqueuelen 16

# Specify queue discipline
tc qdisc add dev $IFACE root handle 1:0 htb default 103 r2q 1

# Set root class
tc class add dev $IFACE parent 1:0 classid 1:1 htb rate $UPRATE burst $BURST1 cburst $CBURST1
# Specify sub classes
tc class add dev $IFACE parent 1:1 classid 1:101 htb rate $PRIORATE1 ceil $UPRATE quantum $QUANTUM1 burst $BURST1 cburst $CBURST1 prio 0
tc class add dev $IFACE parent 1:1 classid 1:102 htb rate $PRIORATE2 ceil $UPRATE quantum $QUANTUM2 burst $BURST2 cburst $CBURST2 prio 1
tc class add dev $IFACE parent 1:1 classid 1:103 htb rate $PRIORATE3 ceil $UPRATE quantum $QUANTUM3 burst $BURST3 cburst $CBURST3 prio 2
tc class add dev $IFACE parent 1:1 classid 1:104 htb rate $PRIORATE4 ceil $P2PRATE quantum $QUANTUM4 burst $BURST4 cburst $CBURST4 prio 3

# Filter packets
tc filter add dev $IFACE parent 1:0 protocol ip prio 0 handle $MARKPRIO1 fw classid 1:101
tc filter add dev $IFACE parent 1:0 protocol ip prio 1 handle $MARKPRIO2 fw classid 1:102
tc filter add dev $IFACE parent 1:0 protocol ip prio 2 handle $MARKPRIO3 fw classid 1:103
tc filter add dev $IFACE parent 1:0 protocol ip prio 3 handle $MARKPRIO4 fw classid 1:104

# Add queuing disciplines
tc qdisc add dev $IFACE parent 1:101 sfq perturb 16 quantum $QUANTUM1
tc qdisc add dev $IFACE parent 1:102 sfq perturb 16 quantum $QUANTUM2
tc qdisc add dev $IFACE parent 1:103 sfq perturb 16 quantum $QUANTUM3
tc qdisc add dev $IFACE parent 1:104 sfq perturb 16 quantum $QUANTUM4

My Community - SystemNetworkCare

ข่าว:

ผู้เขียน หัวข้อ: gentoo Ipp2p&L7 QoS (อ่าน 1056 ครั้ง)

SNC_Admin

gentoo Ipp2p&L7 QoS