salut . Vreau sa folosesc mipclases pentru marcarea traficului
metropolitan si m-am cam impotmolit chiar la inceput....
Ce am facut eu: am compilat mipclases si am urmat instructiunile de acolo.
Am adugat in firewall ( eu folosesc shorewall..de unde si comanda "run_iptables"
cele 5 linii care trebuiesc adaugate. eth0 este interfata externa iar
eth1 este interfata spre LAN. Marea mea dilema a fost cum clasific
pachetele marcate in firewall... si am ajuns la concluzia ca ar trebui
marcate cu "set-mark" si asa ca am mai adaugat urmatoarele 2 linii.
(sper ca nu am facut ce mai mare "inventie" posibila...
run_iptables -t mangle -N mark_horiz_src
run_iptables -t mangle -N mark_horiz_dst
run_iptables -t mangle -A PREROUTING -i eth0 -j mark_horiz_src
run_iptables -t mangle -A PREROUTING -i eth1 -j mark_horiz_dst
run_iptables -t mangle -A OUTPUT -o eth0 -j mark_horiz_dst
run_iptables -t mangle -A mark_horiz_src -i eth0 -j MARK --set-mark 6
run_iptables -t mangle -A mark_horiz_dst -i eth1 -j MARK --set-mark 7
apoi am ajuns la urmatorul scriptulet care l-am creat doar pentru un
singur ip dar vreau sa-l generalizez pentru toata reteaua:
DEV=eth1
TC=/sbin/tc
U32="$TC filter add dev $DEV protocol ip parent 1:0 prio 1 u32"
echo "Del prev root"
$TC qdisc del dev $DEV root
echo "Add new root class - handle 1:"
$TC qdisc add dev $DEV root handle 1: htb default 15
echo "|-Add LAN band - classid 1:1, parent 1:"
$TC class add dev $DEV parent 1: classid 1:1 htb rate 50Mbit ceil
100Mbit burst 64k
echo "Add from 192.168.0.0/26 to LAN IP class band - classid 1:0x21, parent 1:1"
$TC class add dev $DEV parent 1:1 classid 1:0x21 htb rate 50Mbit
ceil 100Mbit burst 2k
$U32 match ip dst 192.168.0.0/26 match ip src 192.168.0.0/26 flowid 1:0x21
$TC qdisc add dev $DEV parent 1:0x21 handle 0x21: pfifo
echo "Add client Metropolitan band - classid 1:0x25, parent 1:1"
$TC class add dev $DEV parent 1:1 classid 1:0x25 htb rate 512kbit
ceil 512kbit burst 2k
echo "| |-Add client 192.168.0.2 metro band - classid 1:31, parent 1:0x25"
$TC class add dev $DEV parent 1:0x25 classid 1:0x31 htb rate
128kbit ceil 512kbit burst 2k prio 1
# $U32 match ip dst 192.168.0.2/32 match ip src 62.192.70.0/23
flowid 1:0x31
( filtrul U32 era pus intr-un script care facea mark dupa o lista
de ip-uri metropolitane iar ip-ul 62.192.. era unul dintre ele...)
# incercare desi ma indoiesc ca e bine...
$TC filter add dev $DEV protocol ip parent 1:0x31 prio 1 handle 6 fw
flowid 1:0x31
$TC qdisc add dev $DEV parent 1:0x31 handle 0x31: sfq
echo "| |-Add client EXTERN band - classid 1:0x50, parent 1:0x25"
$TC class add dev $DEV parent 1:0x25 classid 1:0x50 htb rate
480kbit ceil 512kbit burst 2k
echo "| |-Add client 192.168.0.2 extern band - classid 1:60,
parent 1:0x50"
$TC class add dev $DEV parent 1:0x50 classid 1:0x60 htb rate
16kbit ceil 64kbit burst 2k prio 1
$U32 match ip dst 192.168.0.2/32 flowid 1:60
$TC qdisc add dev $DEV parent 1:60 handle 60: sfq
echo "|-Add client default band - classid 1:15, parent 1:1"
$TC class add dev $DEV parent 1:1 classid 1:15 htb rate 4kbit
ceil 4kbit burst 2k
$TC qdisc add dev $DEV parent 1:15 handle 15: pfifo
Precizez ca nu am testat scriptul ca ma cam indoiesc ca ar
functiona...si ca am citit toate (cred eu) thread-urile de pe lista
legate de mipclases. poate nu le-am citit cu atentie...Daca poate
cineva sa ma lumineze...macar hint-uri ceva...m-am tot uitat pe net
dar nu sunt lamurit cum face marcarea mipclases si cum o "apelez" in
htb.
Multumesc de intelegere,
Alexban
---
Detalii despre listele noastre de mail: http://www.lug.ro/
