Øåéïåð ñ ïðèîðåòèçàöèåé ïî ïîðòàì

**Vladimir14** · 04-11-2009, 19:21

Ìàíóàë, íà÷èíàÿ ñ 9-é ãëàâû

"Linux Advanced Routing & Traffic Control HOWTO"
http://gazette.linux.ru.net/rus/arti...rtc/index.html

Ïî÷èòàâ ìàíóàëû, ðåøèë óçíàòü ìíåíèÿ ãóðó ëèíóêñà

"Äåëåíèå êàíàëà èíòåðíåòà ïîïîëàì ÷åðåç tc class, qdisc, filter"
http://www.linux.org.ru/view-message...=1257359431016

Ãîðîäñêàÿ ëîêàëüíàÿ ñåòü 10.0.0.0/8, äîìàøíÿÿ ëîêàëüíàÿ ñåòü 192.168.1.0/24.
Çàäà÷à: äåëèòü ïîïîëàì ìåæäó 192.168.1.2 è 192.168.1.3 âõîäÿùèé è èñõîäÿùèé òðàôèê ppp0 è vlan1.

Îñîáåííî èíòåðåñíî, îòêóäà âçÿëèñü ìíåíèÿ, ÷òî tc íà óñòðîéñòâå br0 îáðàáàòûâàåò òîëüêî èñõîäÿùèå ïàêåòû, íå çàòðàãèâàÿ âõîäÿùèå? Âåäü óñëîâèÿ ôèëüòðàöèè ïîçâîëÿþò íàïðàâëÿòü â íóæíûå êëàññû, êàê âõîäÿùèå, òàê è èñõîäÿùèå ïàêåòû. Íàïðèìåð, óñëîâèÿ ôèëüòðàöèè ïàêåòîâ:

äëÿ âõîäÿùèõ LAN ê 192.168.1.2: prio 15 u32 match ip src 10.0.0.0/8 u32 match ip dst 192.168.1.2
äëÿ âõîäÿùèõ LAN ê 192.168.1.3: prio 15 u32 match ip src 10.0.0.0/8 u32 match ip dst 192.168.1.3
äëÿ èñõîäÿùèõ LAN îò 192.168.1.2: prio 15 u32 match ip src 192.168.1.2 u32 match ip dst 10.0.0.0/8
äëÿ èñõîäÿùèõ LAN îò 192.168.1.3: prio 15 u32 match ip src 192.168.1.3 u32 match ip dst 10.0.0.0/8

äëÿ âõîäÿùèõ WAN ê 192.168.1.2: prio 20 u32 match ip dst 192.168.1.2
äëÿ âõîäÿùèõ WAN ê 192.168.1.3: prio 20 u32 match ip dst 192.168.1.3
äëÿ èñõîäÿùèõ WAN îò 192.168.1.2: prio 20 u32 match ip src 192.168.1.2
äëÿ èñõîäÿùèõ WAN îò 192.168.1.3: prio 20 u32 match ip src 192.168.1.3

**ceramic** · 04-11-2009, 19:36

Originally Posted by Vladimir14

Îñîáåííî èíòåðåñíî, îòêóäà âçÿëèñü ìíåíèÿ, ÷òî tc íà óñòðîéñòâå br0 îáðàáàòûâàåò òîëüêî èñõîäÿùèå ïàêåòû, íå çàòðàãèâàÿ âõîäÿùèå? Âåäü óñëîâèÿ ôèëüòðàöèè ïîçâîëÿþò íàïðàâëÿòü â íóæíûå êëàññû, êàê âõîäÿùèå, òàê è èñõîäÿùèå ïàêåòû.

Íó ýòî íå ñîâñåì ìíåíèå, ïðîñòî îòôèëüòðîâûâàíèå ïðèøåäøèõ íå ïðèîðèòåòíûõ ïàêåòîâ íå óñêîðÿåò ïîëó÷åíèå ïðèîðèòåòíûõ. Ñ îòïðàâêîé ïðîùå: ïðèîðèòåòíûå âïåðåä, îñòàëüíûå â î÷åðåäü.

**Vladimir14** · 09-11-2009, 20:05

×åðåç

tc -s class show dev $DEV

ãäå $DEV - èìÿ óñòðîéñòà, óáåäèëñÿ, ÷òî tc filter îáðàáàòûâàåò òîëüêî èñõîäÿùèå ïàêåòû ñ óñòðîéñòâà, à âõîäÿùèå ïî íóëÿì, åñëè äîïîëíèòåëüíî íå èñïîëüçîâàòü iptable.

"Íîâàÿ ïðîøèâêà Îëåãà 1.9.2.7-d îò ýíòóçèàñòîâ"
http://wl500g.info/showthread.php?t=17136
http://code.google.com/p/wl500g

â êîòîðîé ïî sfq ðåàëüíî äîñòóïíà esfq, ïðè èñïîëüçîâàíèè êîòîðîé ìîæíî áîëåå ïðàâèëüíî äåëèòü êàíàë ïîïîëàì. Íàïèñàë äëÿ íîâîé ïðîøèâêè äåëåíèå âõîäÿùåãî è èñõîäÿùåãî êàíàëîâ ñîåäèíåíèÿ ppp0 ïîïîëàì ìåæäó 192.168.1.2 è 192.168.1.3:

Ñêðèïò çàïóñêà start:

Code:

#/bin/sh

WAN_CEIL_DOWNLOAD=256
WAN_RATE_DOWNLOAD=128

WAN_CEIL_UPLOAD=256
WAN_RATE_UPLOAD=128

DEV_WAN=ppp0
DEV_IN=imq0
DEV_OUT=imq1


# âêëþ÷åíèå IMQ
insmod ipt_IMQ > /dev/null 2>&1
insmod imq behaviour=ab numdevs=2 > /dev/null 2>&1

tmp=`ip link show $DEV_WAN`
tmp=${tmp#*mtu }
MTU=${tmp%% *}

ip link set dev imq0 up
ip link set dev imq1 up
ip link set dev imq0 mtu $MTU
ip link set dev imq1 mtu $MTU


# î÷èñòêà
iptables -t mangle -D PREROUTING -i $DEV_WAN -j IMQ --todev 0
iptables -t mangle -D POSTROUTING -o $DEV_WAN -j IMQ --todev 1

tc qdisc del dev $DEV_IN root 2> /dev/null > /dev/null
tc qdisc del dev $DEV_IN ingress 2> /dev/null > /dev/null

tc qdisc del dev $DEV_OUT root 2> /dev/null > /dev/null
tc qdisc del dev $DEV_OUT ingress 2> /dev/null > /dev/null


# âõîäÿùèé

# êîðåíü äåðåâà 1:0, ïàêåòû íå óäîâëåòâîðÿþùèå âñåì óñëîâèÿì ôèëüòðîâ èäóò â î÷åðåäü êëàññà 1:9
tc qdisc add dev $DEV_IN root handle 1:0 htb default 9
tc class add dev $DEV_IN parent 1:0 classid 1:1 htb rate ${WAN_CEIL_DOWNLOAD}kbit


# êëàññ äëÿ 192.168.1.2
tc class add dev $DEV_IN parent 1:1 classid 1:11 htb rate ${WAN_RATE_DOWNLOAD}kbit ceil ${WAN_CEIL_DOWNLOAD}kbit

# êëàññ äëÿ 192.168.1.3
tc class add dev $DEV_IN parent 1:1 classid 1:12 htb rate ${WAN_RATE_DOWNLOAD}kbit ceil ${WAN_CEIL_DOWNLOAD}kbit


# î÷åðåäü äëÿ 192.168.1.2
tc qdisc add dev $DEV_IN parent 1:11 handle 11:0 sfq hash dst

# î÷åðåäü äëÿ 192.168.1.3
tc qdisc add dev $DEV_IN parent 1:12 handle 12:0 sfq hash dst


# íàïðàâëåíèå ïàêåòîâ èç êîðíÿ 1:0 â î÷åðåäü êëàññà 1:11
tc filter add dev $DEV_IN parent 1:0 protocol ip prio 20 u32 match ip dst 192.168.1.2 flowid 1:11

# íàïðàâëåíèå ïàêåòîâ èç êîðíÿ 1:0 â î÷åðåäü êëàññà 1:12
tc filter add dev $DEV_IN parent 1:0 protocol ip prio 20 u32 match ip dst 192.168.1.3 flowid 1:12


# íåîãðàíè÷åííûé èëè íåêëàññèôèöèðîâàííûé
tc class add dev $DEV_IN parent 1:0 classid 1:9 htb rate 100mbit
tc qdisc add dev $DEV_IN parent 1:9 handle 19:0 sfq perturb 10


# èñõîäÿùèé

# êîðåíü äåðåâà 1:0, ïàêåòû íå óäîâëåòâîðÿþùèå âñåì óñëîâèÿì ôèëüòðîâ èäóò â î÷åðåäü êëàññà 1:9
tc qdisc add dev $DEV_OUT root handle 1:0 htb default 9
tc class add dev $DEV_OUT parent 1:0 classid 1:1 htb rate ${WAN_CEIL_UPLOAD}kbit


# êëàññ äëÿ 192.168.1.2
tc class add dev $DEV_OUT parent 1:1 classid 1:11 htb rate ${WAN_RATE_UPLOAD}kbit ceil ${WAN_CEIL_UPLOAD}kbit

# êëàññ äëÿ 192.168.1.3
tc class add dev $DEV_OUT parent 1:1 classid 1:12 htb rate ${WAN_RATE_UPLOAD}kbit ceil ${WAN_CEIL_UPLOAD}kbit


# î÷åðåäü äëÿ 192.168.1.2
tc qdisc add dev $DEV_OUT parent 1:11 handle 11:0 sfq hash dst

# î÷åðåäü äëÿ 192.168.1.3
tc qdisc add dev $DEV_OUT parent 1:12 handle 12:0 sfq hash dst


# íàïðàâëåíèå ïàêåòîâ èç êîðíÿ 1:0 â î÷åðåäü êëàññà 1:11
tc filter add dev $DEV_OUT parent 1:0 protocol ip prio 20 u32 match ip src 192.168.1.2 flowid 1:11

# íàïðàâëåíèå ïàêåòîâ èç êîðíÿ 1:0 â î÷åðåäü êëàññà 1:12
tc filter add dev $DEV_OUT parent 1:0 protocol ip prio 20 u32 match ip src 192.168.1.3 flowid 1:12


# íåîãðàíè÷åííûé èëè íåêëàññèôèöèðîâàííûé
tc class add dev $DEV_OUT parent 1:0 classid 1:9 htb rate 100mbit
tc qdisc add dev $DEV_OUT parent 1:9 handle 19:0 sfq perturb 10


# ïåðåíàïðàâëåíèå ïàêåòîâ íà imq0, imq1
iptables -t mangle -I PREROUTING -i $DEV_WAN -j IMQ --todev 0
iptables -t mangle -A POSTROUTING -o $DEV_WAN -j IMQ --todev 1

Ñêðèïò îñòàíîâà stop:

Code:

#/bin/sh

DEV_WAN=ppp0
DEV_IN=imq0
DEV_OUT=imq1

iptables -t mangle -D PREROUTING -i $DEV_WAN -j IMQ --todev 0
iptables -t mangle -D POSTROUTING -o $DEV_WAN -j IMQ --todev 1

tc qdisc del dev $DEV_IN root 2> /dev/null > /dev/null
tc qdisc del dev $DEV_IN ingress 2> /dev/null > /dev/null

tc qdisc del dev $DEV_OUT root 2> /dev/null > /dev/null
tc qdisc del dev $DEV_OUT ingress 2> /dev/null > /dev/null

Ñêðèïò âûâîäà ñòàòèñòèêè status:

Code:

#/bin/sh

tc -s class show dev imq0
tc -s class show dev imq1

Ïðîôè, âñ¸ ëè ïðàâèëüíî, íà Âàø âçãëÿä? Áîëüøîå ñïàñèáî.

**UxN** · 14-01-2010, 21:14

Çäðàâñòâóéòå ãîñïîäà. Êóïèë ðîóòåð Dir-320, ïîñòàâèë ïðîøèâêó îò Îëåãà.
ß íîâè÷îê â Ëèíóêñå, ïðè÷åì íåïëîõî ðàçáèðàþñü â ÔðèÁÑÄ.
Ïîìîãèòå ìíå ïîæàëóéñòà ðàçîáðàòñÿ:
1. Ðîóòåð ïîäêëþ÷åí ê ñåòè WAN-192.168.11.0/24 ÷åðåç êîòîðóþ èäåò èíåò.
Òàêæå åñòü ëîêàëêà 172.16.10.0/24 - ìîÿ. Íà ðîóòåðå ñòîèò øåéïåð, íî ïðîáëåìà âîò â ÷åì, åñëè ðîóòåð ðåæåò ñêîðîñòü ïî îïðåäåëåííîìó mac òî - îí ðåæåò âñå, À ìîæíî ëè íàñòðîèòü òàê ÷òîá ðîóòåð íå ðåçàë ëîêàëêó 192.168.11.0/24, à òîëüêî ðåçàë èíåò. Èëè êàê ìíå ðàáîòàòü ñ øåéïåðîì?
2. ß ïîäíÿë ssh ñåðâåð íî ò.ê. ó ìåíÿ ñòàòè÷åñêèé ²Ð òî åñòü ìíîãî ïîïûòîê áðóòà, õîòÿ ìíå íóæíî óäàëåííî çàõîäèòü. Ïîä ÔðèÁÑÄ ÿ ðåøàë ïðîáëåìó ïîäíÿòèåì ssh ñ 22 íà 1234 ïîðò. Êàê åòî ìîæíî ðåàëèçîâàòü èëè æå êàê ìíå ðàáîòàòü ñ ssh (íåòó êîíôèãóðàöèîííîãî ôàéëà /etc/ssh/sshd_config).

**checat** · 14-01-2010, 21:30

Originally Posted by UxN

Çäðàâñòâóéòå ãîñïîäà. Êóïèë ðîóòåð Dir-320, ïîñòàâèë ïðîøèâêó îò Îëåãà.
ß íîâè÷îê â Ëèíóêñå, ïðè÷åì íåïëîõî ðàçáèðàþñü â ÔðèÁÑÄ.
Ïîìîãèòå ìíå ïîæàëóéñòà ðàçîáðàòñÿ:
1. Ðîóòåð ïîäêëþ÷åí ê ñåòè WAN-192.168.11.0/24 ÷åðåç êîòîðóþ èäåò èíåò.
Òàêæå åñòü ëîêàëêà 172.16.10.0/24 - ìîÿ. Íà ðîóòåðå ñòîèò øåéïåð, íî ïðîáëåìà âîò â ÷åì, åñëè ðîóòåð ðåæåò ñêîðîñòü ïî îïðåäåëåííîìó mac òî - îí ðåæåò âñå, À ìîæíî ëè íàñòðîèòü òàê ÷òîá ðîóòåð íå ðåçàë ëîêàëêó 192.168.11.0/24, à òîëüêî ðåçàë èíåò. Èëè êàê ìíå ðàáîòàòü ñ øåéïåðîì?
2. ß ïîäíÿë ssh ñåðâåð íî ò.ê. ó ìåíÿ ñòàòè÷åñêèé ²Ð òî åñòü ìíîãî ïîïûòîê áðóòà, õîòÿ ìíå íóæíî óäàëåííî çàõîäèòü. Ïîä ÔðèÁÑÄ ÿ ðåøàë ïðîáëåìó ïîäíÿòèåì ssh ñ 22 íà 1234 ïîðò. Êàê åòî ìîæíî ðåàëèçîâàòü èëè æå êàê ìíå ðàáîòàòü ñ ssh (íåòó êîíôèãóðàöèîííîãî ôàéëà /etc/ssh/sshd_config).

1. Êóðèòü òåìó http://wl500g.info/showthread.php?t=13609

2. Êóðèòü òåìó http://wl500g.info/showthread.php?t=12833

Îáå òåìû, ÷òî õàðàêòåðíî, äàæå áåç ïîèñêà îáíàðóæèâàþòñÿ íà 1é ñòðàíèöå ôîðóìà

**UxN** · 18-01-2010, 11:35

2. Äåëàåòüñÿ òàê
dropbear -p 1234 > /dev/null 2>&1
êñòàòè ÿ óæå ïîñòàâèë openssh ((((( ³ ñíåñ dropbear

Thread: Øåéïåð ñ ïðèîðåòèçàöèåé ïî ïîðòàì

Thread Tools

Rate This Thread

Display

DIR320 + SHAPER + SSH

Tags for this Thread

Posting Permissions