[rlug] mark iptables

Gelu Fri, 23 Feb 2007 23:10:42 -0800

Salut,
Incerc sa pun un HTB-tools.0.3.0-beta4 pe o masina FC6 si sa limitez doar 
externul, dar se pare ca nu se mark-eaza bine pachetele si metro intra si el in 
clasa de extern. Mai jos sunt configurarile:


eth0-qos.cfg

 class class_1 { 
 bandwidth 4096; 
 limit 4096; 
 burst 5; 
 priority 1; 
  
  
 client RAMONA_SERBAN { 
 bandwidth 16; 
 limit 768; 
 burst 2; 
 priority 1; 
 src { 
 89.xx.xx.3/32; 
 }; 
 }; 
  
 client IONEL { 
 bandwidth 16; 
 limit 768; 
 burst 2; 
 priority 1; 
 src { 
 89.xx.xx.4/32; 
 }; 
 }; 
  
 client IULICA { 
 bandwidth 16; 
 limit 768; 
 burst 2; 
 priority 1; 
 src { 
 89.xx.xx.5/32; 
 }; 
 }; 
  
...................

 client PAUL { 
 bandwidth 16; 
 limit 768; 
 burst 2; 
 priority 1; 
 src { 
 89.xx.xx.117/32; 
 }; 
 }; 
 }; 
  
 class default { bandwidth 8; };


====================================
====================================

eth1-qos.cfg:

 class class_1 { 
 bandwidth 64 ; 
 limit 768; 
 burst 5; 
 priority 1; 
  
  
 client RAMONA_SERBAN { 
 bandwidth 16; 
 limit 768; 
 burst 2; 
 priority 1; 
 dst { 
 89.xx.xx.3/32; 
 }; 
 }; 
  
 client IONEL { 
 bandwidth 16; 
 limit 768; 
 burst 2; 
 priority 1; 
 dst { 
 89.xx.xx.4/32; 
 }; 
 }; 
  
 client IULICA { 
 bandwidth 16; 
 limit 768; 
 burst 2; 
 priority 1; 
 dst { 
 89.xx.xx.5/32; 
 }; 
 }; 
  
 client CERNAT_PAUL { 
 bandwidth 16; 
 limit 768; 
 burst 2; 
 priority 1; 
 dst { 
 89.xx.xx.6/32; 
 }; 
 }; 
 }; 
  
  class default { bandwidth 8; };

================================
================================

in rc.firewall:

# MARK 4 HTB
iptables -t mangle -N mark_horiz_src
iptables -t mangle -N mark_horiz_dst
iptables -t mangle -A PREROUTING -i $EXTIF -j mark_horiz_src
iptables -t mangle -A PREROUTING -i $INTIF -j mark_horiz_dst
iptables -t mangle -A OUTPUT -o $EXTIF -j mark_horiz_dst
.............................................................
/usr/sbin/importbgp

unde importbgp:

#!/bin/bash
bgp_file=/var/local/ipclasses.bgp
if wget -q  --output-document=$bgp_file 
http://clienti.evolva.ro/subnets.php?net=all ; then
    mipclasses -s mark_horiz_src -d mark_horiz_dst -m 1 < $bgp_file | 
iptables-restore -n
fi

=========================================
=========================================

e compilat un kernel 2.6.20 cu suport pt HTB si iproute2-2.6.19-061214

Multumesc.

 
---------------------------------
Everyone is raving about the all-new Yahoo! Mail beta.
_______________________________________________
RLUG mailing list
[email protected]
http://lists.lug.ro/mailman/listinfo/rlug

[rlug] mark iptables

Raspunde prin e-mail lui