Èñïðàâëÿåì íèçêóþ ñêîðîñòü PPTP (è íå òîëüêî)

**Hohmach** · 01-11-2008, 07:18

Åñëè òàê, òî èìååò ñìûñë â ñëåäóþùóþ âåðñèþ ïðîøèâêè âêëþ÷èòü ïàò÷ äëÿ SNAT.

À êòî â êóðñå, ÷åì îòëè÷àåòñÿ êîíñòðóêöèÿ SNAT --to-source $IP îò SNAT --to $IP ? Ó ìåíÿ íà ÁÁ ðàáîòàåò èìåííî âòîðîé âàðèàíò, íî îïèñàíèå åãî íå íàøåë. Çà îñíîâó áðàë IP-Masquerade-HOWTO ïóíêò 6.4.1. Stronger IP Firewall (IPTABLES) rulesets.

**DarthSemafor** · 19-11-2008, 22:48

Çà îñíîâó âçÿò ñêðèïò http://wl500g.info/showpost.php?p=103364&postcount=28 íî â âûâîäå êîìàíäû iptables -t nat -nvL POSTROUTING ïîñëå ñòðîê ñî SNAT îòñóòñòâóþò ñòðîêè ñ MASQUERADE.

Code:

Chain POSTROUTING (policy ACCEPT 42 packets, 2573 bytes)
 pkts bytes target     prot opt in     out     source               destination
   29  1392 SNAT       all  --  *      ppp0   !95.23.156.132        0.0.0.0/0          to:95.23.156.132
    0     0 SNAT       all  --  *      eth1   !10.165.8.114         0.0.0.0/0          to:10.165.8.114  
    3   548 SNAT       all  --  *      br0     192.168.1.0/24       192.168.1.0/24     to:192.168.1.1

Ýòî íåêðèòè÷íî? IP-äèíàìèêà

**Danya0w** · 20-11-2008, 12:16

Originally Posted by theMIROn

ïðè ïîëó÷åíèè íîâîãî ip, ïåðåïîäêëþ÷åíèè pptp/l2tp áóäåò âûïîëíåí post-firewall

ÿ ïðàâèëüíî ïîíÿë, ÷òî äëÿ l2tp ýòî òîæå ãîäèòñÿ, íî òîëüêî â êà÷åñòâå ðàçãðóçêè ïðîöà?

**theMIROn** · 21-11-2008, 08:33

Äî îíî è äëÿ pptp òîæå òîëüêî äëÿ ðàçãðóçêè ïðîöà

**rbn_termit** · 04-12-2008, 22:25

[admin@WL-500G root]$ iptables -t nat -nvL POSTROUTING
Chain POSTROUTING (policy ACCEPT 336 packets, 28785 bytes)
pkts bytes target prot opt in out source destination
2 120 SNAT all -- * br0 192.168.1.0/24 192.168.1.0/24 to:192.168.1.1
0 0 SNAT all -- * vlan1 !10.91.39.254 0.0.0.0/0 to:10.91.39.254
75 22288 SNAT all -- * ppp0 !85.21.71.104 0.0.0.0/0 to:85.21.71.104
1 1400 MASQUERADE all -- * ppp0 !85.21.71.104 0.0.0.0/0
0 0 MASQUERADE all -- * vlan1 !10.91.39.254 0.0.0.0/0
0 0 MASQUERADE all -- * br0 192.168.1.0/24 192.168.1.0/24
[admin@WL-500G root]$

åñëè òàêîé âûâîä - âñå ïðàâèëüíî?

UPD: Ïîõîæå ÷òî íåò - ïðîöåññ ksoftirqd_CPU0 êóøàåò 84% ïðè 1.5 ìá/ñ in è 1.2 ìá/ñ out..

**oberonk** · 08-12-2008, 17:22

Âñå ñäåëàë êàê îïèñàíî, â ðåçóëüòàòå ÷åãî ñêîðîñòü äàæå âûðîñëà, íî...
ÿ íå çíàþ ïîâëèÿëè ëè óêàçàííûå â 1 ïîñòå ñêðèïòû íà òî, ÷òî ó ìåíÿ èñ÷åç äîñòóï èç èíåòà íà ðîóòåð, êàê ê íàñòðîéêàì, òàê è ê òîððåíòàì, ôòï - ðàáîòàåò...
Ïðîñòî áîëüøå íè÷åãî íå ìåíÿë

Ïîäñêàæèòå êàê èñïðàâèòü.
Ñïàñèáî

**theMIROn** · 29-12-2008, 10:00

Originally Posted by cobain

ðåøåíèå êðàñèâîå, íî íå óíèâåðñàëüíîå ñ òî÷êè çðåíèÿ íåâîçìîæíîñòè èñïîëüçîâàíèÿ ìàññèâîâ â sh ò.ê. ïî óìîë÷àíèþ (è äî ìîíòèðîâàíèÿ /opt) ýòî æå busybox.

ìîíòèðîâàíèå /opt ñîâåðøåííî íå ïðè ÷åì, ïîòîìó ÷òî íóæåí òîëüêî ôóíêöèîíàë awk (êîòîðûé åñòü â busybox), â ïëàíå ñïëèòà ñòðîêè íà ìàññèâ è èñïîëüçîâàíèÿ åãî ýëåìåíòîâ.
ãäå âû âèäèòå èñïîëüçîâàíèå ìàññèâîâ sh'à?

**cobain** · 29-12-2008, 11:01

/usr/local/sbin/masq2snat

Originally Posted by theMIROn

îïòèìèçèðîâàííûé ñêðèïò áóäåò âûãëÿäåòü òàê:
äîñòàòî÷íî äîáàâèòü â íà÷àëî post-firewall

Òàêîé ñêðèïò çàìåíû âñåõ MASQUERADE íà SNAT â ÷åéíå POSTROUTING âûãëÿäèò áîëåå êðàñèâî. Ïðåäëàãàþ åãî òîæ â øàïêå óïîìèíóòü.
Òîëüêî óòèëèòû íàäî àáñîëþòíî çàäàâàòü, ò.å.
iptables=/usr/sbin/iptables
awk=/usr/bin/awk
grep=/bin/grep
à òîæ awk íå èç busybox ñîâñåì ïî äðóãîìó ðàáîòàåò.

**leshiy_odessa** · 06-01-2009, 21:52

Originally Posted by cobain

Òàêîé ñêðèïò çàìåíû âñåõ MASQUERADE íà SNAT â ÷åéíå POSTROUTING âûãëÿäèò áîëåå êðàñèâî. Ïðåäëàãàþ åãî òîæ â øàïêå óïîìèíóòü.
Òîëüêî óòèëèòû íàäî àáñîëþòíî çàäàâàòü, ò.å.
iptables=/usr/sbin/iptables
awk=/usr/bin/awk
grep=/bin/grep
à òîæ awk íå èç busybox ñîâñåì ïî äðóãîìó ðàáîòàåò.

Ò.å. ñêðèïò äîæåí âûãëÿäåòü òàê?

Code:

/usr/sbin/iptables -t nat -nvL POSTROUTING | /bin/grep MASQUERADE | /usr/bin/awk '{
    "ifconfig "$7" | /bin/grep Mask" | getline ip;
    split(ip,ip,":"); split(ip[2],ip," ");
    split($8,src,"!");
    if (src[1]=="") {src="! -s "src[2]} else {src="-s "src[1]};
    if ($9=="0.0.0.0/0") {dst=""} else {dst="-d "$9};
    system("/usr/sbin/iptables -t nat -A POSTROUTING -o "$7" "src" "dst" -j SNAT --to-source "ip[1]);
    system("/usr/sbin/iptables -t nat -D POSTROUTING -o "$7" "src" "dst" -j MASQUERADE");
}'

**theMIROn** · 06-01-2009, 21:57

äà íå îáÿçàòåëüíî, awk âåçäå ïî-îäèíàêîâîìó ðàáîòàåò, òàê, êàê îïèñàíî â ìàíàõ

**Sympatique** · 23-01-2009, 21:30

Âñåì ïðèâåò.
Ëþáîïûòñòâà ðàäè ðåøèë ïðîäåëàòü âñ¸ ýòî, àâîñü ÷òî-íèáóäü óëó÷øèòñÿ

íî ò.ê. íå øàðþ íè ÷åðòà... åñòåñòâåííî çàòûê ïðîèçîø¸ë.

Âûêëàäûâàþ èíôó äëÿ îáñóæäåíèÿ, ñêàæèòå, ÷òî íå òàê?

Ïîñëå íàïèñàíèÿ âñåõ ñêðèïòîâ (ÿ ïðàâèëüíî ïîíèìàþ, ÷òî ââîäÿòñÿ îíè ÷åðåç òåëíåò êàæäûé ïî îòäåëüíîñòè ðóêàìè? ãåìîðíûé ïðîöåññ...) íà êîìàíäû äàþòñÿ ñëåäóþùèå îòâåòû:

iptables -t nat -nvL POSTROUTING

Code:

Chain POSTROUTING (policy ACCEPT 8 packets, 508 bytes)
 pkts bytes target     prot opt in     out     source               destination

    2   594 MASQUERADE  all  --  *      ppp0   !10.0.41.35           0.0.0.0/0

   11   528 MASQUERADE  all  --  *      vlan1  !10.192.5.10          0.0.0.0/0

    0     0 MASQUERADE  all  --  *      br0     192.168.1.0/24       192.168.1.0/24

cat /usr/local/sbin/post-firewall

Code:

#!/bin/sh
/usr/local/sbin/masq2snat

cat /tmp/ppp/options.wan0

Code:

noauth refuse-eap
user '*****'
password '*****'
connect true
sync pty '/usr/sbin/pptp --idle-wait 0 vpn.nln.ru --nolaunchpppd --nobuffer --sy
nc'
lock
nomppe-stateful  mtu 1400
idle 1800 demand
maxfail 0
usepeerdns
persist
ipcp-accept-remote ipcp-accept-local noipdefault
ktune
default-asyncmap nopcomp noaccomp
novj nobsdcomp nodeflate
lcp-echo-interval 10
lcp-echo-failure 6
unit 0

Device: WL-520gU
Firmware: 1.9.2.7-10

ß òàê ïîíèìàþ, ÷òî íè÷åãî íå ïðîèçîøëî. ×òî íå òàê äåëàþ? Ìîæíî êàê-íèáóäü îáëåã÷èòü ïðîöåññ çàáèâàíèÿ ñêðèïòîâ, à òî ðó÷êàìè òÿæåëîâàòî

**Sympatique** · 25-01-2009, 15:57

Help me

**sasha502** · 29-01-2009, 11:14

ñïàñèáî áîëüøîå ïîìîãëî, íó ìîæåò åù¸
Additional pppd options:nomppe nomppc sync maxfail 0 holdoff 60
Heart-Beat or PPTP/L2TP (VPN) Server: --sync --nobuffer
íà ë2òï ñêîðîñòü íà 4,5 ìåã â ñêóíäó ïîäíÿëàñü )))

**leshiy_odessa** · 03-02-2009, 18:44

Îáúÿñíèòå ïî÷åìó òðåòüÿ ñòðîêà íå âñòàâëÿåòñÿ.

Code:

echo "#!/bin/sh" > /usr/local/sbin/post-firewall
echo "iptables -t nat -nvL POSTROUTING | grep MASQUERADE | awk '{" >> /usr/local/sbin/post-firewall
echo "    "ifconfig "$7" | grep Mask" | getline ip;" >> /usr/local/sbin/post-firewall
echo "    split(ip,ip,":"); split(ip[2],ip," ");" >> /usr/local/sbin/post-firewall
echo "    split($8,src,"!");" >> /usr/local/sbin/post-firewall
echo "    if (src[1]=="") {src="! -s "src[2]} else {src="-s "src[1]};" >> /usr/local/sbin/post-firewall
echo "    if ($9=="0.0.0.0/0") {dst=""} else {dst="-d "$9};" >> /usr/local/sbin/post-firewall
echo "    system("iptables -t nat -A POSTROUTING -o "$7" "src" "dst" -j SNAT --to-source "ip[1]);" >> /usr/local/sbin/post-firewall
echo "    system("iptables -t nat -D POSTROUTING -o "$7" "src" "dst" -j MASQUERADE");" >> /usr/local/sbin/post-firewall
echo "}'" >> /usr/local/sbin/post-firewall

Ïîäñêàæèòå êàê ñäåëàòü ñ ïîìîùüþ echo, à òî çàìîðà÷èâàòüñÿ ñ vi íåîõîòà.

**VaniaLSD** · 03-02-2009, 20:44

À ìîæíî ïî ïîäðîáíåå(( à òî ÿ íå ïîíèìàþ ïðî ñêðèïòû è äèðåêòîðèè(((

Thread: Èñïðàâëÿåì íèçêóþ ñêîðîñòü PPTP (è íå òîëüêî)

Thread Tools

Display

Èñïðàâëÿåì íèçêóþ ñêîðîñòü PPTP (è íå òîëüêî)

Similar Threads

Íàñòðîéêà PPTP VPN (accel-pppd) íà ðîóòåðå Asus

Ïðîáëåìû ñ l2tp è pptp â Êîðáèëàéíå

Êòî-íèáóäü íàñòðàèâàë PPtP ïîâåðõ PPPoE?

Äîñòóï ê lighttpd ñ ssl òîëüêî ïî ñåðòèôèêàòàì

Ñêîðîñòü ñêà÷êè è çàêà÷êè íà ftp

Tags for this Thread

Posting Permissions