Èñïðàâëÿåì íèçêóþ ñêîðîñòü PPTP (è íå òîëüêî)

Quote:

---

Originally Posted by Antosha

Æàëü ÷òî áîëüøå 10 ìåãàáèò íå ïîëó÷àåòñÿ :(

---

Ýòî âñå-òàêè ðîóòåð-êîìáàèí ñîõî-êëàññà. Íà áÎëüøèå ñêîðîñòè íàäî ñòàâèòü êàê ìèíèìóì ëèíóêñ-áîêñ óðîâíÿ âòîðîãî ïíÿ.

Quote:

---

Originally Posted by kirillk2

Ýòî âñå-òàêè ðîóòåð-êîìáàèí ñîõî-êëàññà. Íà áÎëüøèå ñêîðîñòè íàäî ñòàâèòü êàê ìèíèìóì ëèíóêñ-áîêñ óðîâíÿ âòîðîãî ïíÿ.

---

Íó ýòî ïîíÿòíî :)
Äëÿ ðåçåðâíîãî êàíàëà íîðìàëüíî.

P.S.
Õîòÿ õî÷åòñÿ áÎëüøåãî :)

Ïîñëå ÷óòü ìåíåå ñóòîê òåñòèðîâàíèÿ ìîãó ñêàçàòü ñëåäóþùåå: íà âíóòðåííåé ñåòêå ñêîðîñòü ïîâûñèëàñü ïðîöåíòîâ íà 10.
Íà âíåøíåé ñåòêè èçìåíåíèé îñîáûõ íåò, ÍÎ çàãðóçêà ïðîöà ñòàëà ìåíüøå. Ïðîöåíòîâ íà 30!
Ïîëó÷àåòñÿ ïî ëþáîìó òþíèíã ïîøåë íà ïîëüçó :cool:

kirillk2, à íå ñëèøêîì ëè ñëîæíàÿ ïðîöåäóðà?
Íàïðèìåð, çà÷åì íàì getip, åñëè â post-firewall ñèñòåìîé ïåðåäàþòñÿ ñëåäóþùèå àðãóìåíòû:
$1 -- WANIF
$2 -- WANIP
$3 -- LANIF
$4 -- LANIP
$5 -- MANIF
$6 -- MANIP
Ìíå êàæåòñÿ âñå ìîæíî ñäåëàòü çíà÷èòåëüíî ïðîùå íåïîñðåäñòâåííî â post-firewall. Ìîæíî êîíå÷íî âûíåñòè è â îòäåëüíûå ñêðèïòû, íî ïåðåäàâàòü òóäà óæå èìåþùèåñÿ àðãóìåíòû èç post-firewall.

×òî-òî ÿ ãäåòî íàêîñÿ÷èë íî íå ìîãó ïîíÿòü ãäå.
Cîçäàë îáà ñêðèïòà, íî ïðè çàïóñêå ñêðèïò âûäàåò îøèáêó awk.line 1. invalid string

Quote:

---

Originally Posted by Reyter

kirillk2, à íå ñëèøêîì ëè ñëîæíàÿ ïðîöåäóðà?
Íàïðèìåð, çà÷åì íàì getip, åñëè â post-firewall ñèñòåìîé ïåðåäàþòñÿ ñëåäóþùèå àðãóìåíòû:
$1 -- WANIF
$2 -- WANIP
$3 -- LANIF
$4 -- LANIP
$5 -- MANIF
$6 -- MANIP
Ìíå êàæåòñÿ âñå ìîæíî ñäåëàòü çíà÷èòåëüíî ïðîùå íåïîñðåäñòâåííî â post-firewall. Ìîæíî êîíå÷íî âûíåñòè è â îòäåëüíûå ñêðèïòû, íî ïåðåäàâàòü òóäà óæå èìåþùèåñÿ àðãóìåíòû èç post-firewall.

---

ýòî íàèáîëåå ïðîñòîé è î÷åâèäíûé âàðèàíò ðåàëèçàöèè, íî îí íå ïîçâîëÿåò çàïóñêàòü ñêðèïò âíå ïîñò-ôàéðâîëë. À ó ìåíÿ èçíà÷àëüíî öåëü áûëà èìåííî òàêîâà. È äåëàòü î÷åâèäíóþ ïåðåäåëêó ïîêà íå âèæó ñìûñëà - ââèäó áÎëüøåé óíèâåðñàëüíîñòè óæå ñäåëàííîãî ðåøåíèÿ.

Quote:

---

Originally Posted by kirillk2

äåëàòü î÷åâèäíóþ ïåðåäåëêó ïîêà íå âèæó ñìûñëà - ââèäó áÎëüøåé óíèâåðñàëüíîñòè óæå ñäåëàííîãî ðåøåíèÿ.

---

À ñìûñë óíèâåðñàëüíîñòè? Îðãàíèçîâûâàòü âñå ýòî íà ÁÁ? Èëè åùå ãäå-òî? Äûê âðîäå òàì ïðîáëåì ñ ïðîèçîäèòåëüíîñòüþ íåò. Ò.å. àêòóàëüíî ýòî òîëüêî äëÿ ðîóòåðà. Èëè ÿ îøèáàþñü?

Quote:

---

Originally Posted by Reyter

À ñìûñë óíèâåðñàëüíîñòè? Îðãàíèçîâûâàòü âñå ýòî íà ÁÁ? Èëè åùå ãäå-òî? Äûê âðîäå òàì ïðîáëåì ñ ïðîèçîäèòåëüíîñòüþ íåò. Ò.å. àêòóàëüíî ýòî òîëüêî äëÿ ðîóòåðà. Èëè ÿ îøèáàþñü?

---

ýòîò "ðåöåïò" ïåðåêî÷åâàë êàê ðàç ñ áá. â ñèëó ðåàëèçàöèè ìàñêàðàäèíãà â ëèíóõå, "ôóíäàìåíòàëüíûé" ïðåäåë â 3 ìåãàáèòà íà ïïòï ìîæíî íàáëþäàòü è íà êîìïàõ óðîâíÿ 4 ïíÿ, ïðè áîëüøîì êîëè÷åñòâå ôðàãìåíòèðîâàííûõ ïàêåòîâ.

Quote:

---

Originally Posted by Daxer

×òî-òî ÿ ãäåòî íàêîñÿ÷èë íî íå ìîãó ïîíÿòü ãäå.
Cîçäàë îáà ñêðèïòà, íî ïðè çàïóñêå ñêðèïò âûäàåò îøèáêó awk.line 1. invalid string

---

ó òåáÿ ÿâíî ñòðîêà çàêîñÿ÷èëàñü ïðè êîïèïàñòå. îòêðîé ôàéëû ðåäàêòîðîì (òåì æå nano èëè vi) è ñðàâíè ñ òåì, ÷òî íà ïåðâîé ñòðàíèöå.

Quote:

---

Originally Posted by kirillk2

ýòîò "ðåöåïò" ïåðåêî÷åâàë êàê ðàç ñ áá. â ñèëó ðåàëèçàöèè ìàñêàðàäèíãà â ëèíóõå, "ôóíäàìåíòàëüíûé" ïðåäåë â 3 ìåãàáèòà íà ïïòï ìîæíî íàáëþäàòü è íà êîìïàõ óðîâíÿ 4 ïíÿ, ïðè áîëüøîì êîëè÷åñòâå ôðàãìåíòèðîâàííûõ ïàêåòîâ.

---

¨êñåëü... Êòî áû ìîã ïîäóìàòü?
Âñå ïîíÿë.

Quote:

---

Originally Posted by BECK

Ñïàñèáî. ß âðîäå áû âñå ñäåëàë, íî ñòðîê ñî snat íåòó.:(:confused:

---

Ó ìåíÿ åñòü, íî íå ïîìîãëî, êàê áûëî 2ÌÁ/ñåê, òàê è îñòàëîñü. Ïðîö íå ñïðàâëÿåòñÿ (97,7% - pptp) + (2,3% - tcp). Ïîäíèìàþ PPTP íà êîìïå - 7ÌÁ/ñåê.

Code:

---

Chain PREROUTING (policy ACCEPT)
target    prot opt source              destination
VSERVER    all  --  0.0.0.0/0            83.170.252.50
VSERVER    all  --  0.0.0.0/0            10.24.7.180

Chain POSTROUTING (policy ACCEPT)
target    prot opt source              destination
SNAT      all  --  10.11.66.0/24        10.11.66.0/24      to:10.11.66.1
SNAT      all  -- !10.24.7.180          0.0.0.0/0          to:10.24.7.180
SNAT      all  -- !83.170.252.50        0.0.0.0/0          to:83.170.252.50

Chain OUTPUT (policy ACCEPT)
target    prot opt source              destination

---

Ó ìåíÿ wl500gP. Firmware Release: 1.9.2.7-10.
Ìîæåò, ÷òî-òî íå òàê äåëàþ? :confused:

Eugene100

cat /tmp/ppp/options.wan0

â ñòóäèþ! (òîêà ïàðîëü ñ ëîãèíîì íå çàáóäü ñòåðåòü ;)

îïòèìèçèðîâàííûé ñêðèïò áóäåò âûãëÿäåòü òàê:

Code:

---

iptables -t nat -nvL POSTROUTING | grep MASQUERADE | awk '{
    "ifconfig "$7" | grep Mask" | getline ip;
    split(ip,ip,":"); split(ip[2],ip," ");
    split($8,src,"!");
    if (src[1]=="") {src="! -s "src[2]} else {src="-s "src[1]};
    if ($9=="0.0.0.0/0") {dst=""} else {dst="-d "$9};
    system("iptables -t nat -A POSTROUTING -o "$7" "src" "dst" -j SNAT --to-source "ip[1]);
    system("iptables -t nat -D POSTROUTING -o "$7" "src" "dst" -j MASQUERADE");
}'

---

äîñòàòî÷íî äîáàâèòü â íà÷àëî post-firewall

Quote:

---

Originally Posted by kirillk2

Eugene100

cat /tmp/ppp/options.wan0

â ñòóäèþ! (òîêà ïàðîëü ñ ëîãèíîì íå çàáóäü ñòåðåòü ;)

---

Èçâèíÿþñü çà çàäåðæêó, ýêñïåðèìåíòèðîâàë.

Code:

---

noauth refuse-eap
user 'íåñêàæó'
password '*********'
connect true
sync pty '/usr/sbin/pptp --idle-wait 0 svit.svitonline.com --nolaunchpppd --nobuffer --sync'
lock
nomppe-stateful -mppc mtu 1400
maxfail 0
persist
ipcp-accept-remote ipcp-accept-local noipdefault
ktune
default-asyncmap nopcomp noaccomp
novj nobsdcomp nodeflate
lcp-echo-interval 10
lcp-echo-failure 6
unit 0
nomppe nomppc mtu 1400

---

Ìîé iptables -L -n -t nat

Code:

---

Chain PREROUTING (policy ACCEPT)
target    prot opt source              destination
VSERVER    all  --  0.0.0.0/0            83.170.252.238
VSERVER    all  --  0.0.0.0/0            10.24.7.180

Chain POSTROUTING (policy ACCEPT)
target    prot opt source              destination
SNAT      all  -- !83.170.252.238      0.0.0.0/0          to:83.170.252.238
SNAT      all  -- !10.24.7.180          0.0.0.0/0          to:10.24.7.180
SNAT      all  --  10.11.66.0/24        10.11.66.0/24      to:10.11.66.1

Chain OUTPUT (policy ACCEPT)
target    prot opt source              destination

Chain VSERVER (2 references)
target    prot opt source              destination
DNAT      all  --  0.0.0.0/0            0.0.0.0/0          to:10.11.66.2

---

Eugene100

âûãëÿäèò âñå â íîðìå.

Ïîñòîé, ó òåáÿ 2 ìåãàáèòà èëè 2 ìåãàáàéòà ïîëó÷àåòñÿ? åñëè 2ìåãàáàéòà/ñåê - òî ýòî íîðìà äëÿ ýòîãî ðîóòåðà íà ïïòï.