Salut la toata lumea.
Cred ca in ultimele 2 luni am innebunit despre fenomenul asta, si cred
ca am reusit, partial pot spune, in felul urmator:
Script reguli firewall "rc.firewall"
<script>
#!/bin/bash
iptables=/sbin/iptables && \
intif=eth1
extif=eth0
mipclasses=/usr/local/mipclasses/mipclasses
......
# Resetez reguli
$iptables -t mangle -F
$iptables -t mangle -X
$iptables -t mangle -Z
# Mark externul
$iptables -t mangle -A PREROUTING -s 0/0 -j MARK --set-mark 18
# Reguli markare trafic METRO
$iptables -t mangle -N mark_horiz_src
$iptables -t mangle -N mark_horiz_dst
$iptables -t mangle -A PREROUTING -i $ext_if -j mark_horiz_src
$iptables -t mangle -A PREROUTING -i $int_if -j mark_horiz_dst
$iptables -t mangle -A OUTPUT -o $ext_if -j mark_horiz_dst
# Ceva suplimentar
$iptables -A PREROUTING -t mangle -p tcp --sport telnet -j TOS
--set-tos Minimize-Delay
$iptables -A PREROUTING -t mangle -p tcp --sport ssh -j TOS --set-tos
Minimize-Delay
$iptables -A PREROUTING -t mangle -p tcp --sport ftp -j TOS --set-tos
Minimize-Delay
$iptables -A PREROUTING -t mangle -p tcp --sport ftp-data -j TOS
--set-tos Maximize-Throughput
# Marka efectiv METRO
$mipclasses -s mark_horiz_src -d mark_horiz_dst -m 19 < lista.metro |
iptables-restore -n
</script>
Script HTB_Tools - pe eth1 "eth1-qos.cfg"
<script>
class METRO
{
bandwidth 32;
limit 2048;
burst 2;
priority 1;
client Clienti_Metro
{
bandwidth 32;
limit 2048;
burst 2;
priority 1;
mark 19;
};
};
class EXTERN
{
bandwidth 32;
limit 512;
burst 2;
priority 1;
client Clienti_Extern
{
bandwidth 32;
limit 256;
burst 2;
priority 1;
mark 18;
};
};
class default { bandwidth 16; };
</script>
Nedumerirea ar fi in felul urmator sau mai bine zis un whishlist
pentru HTB_Tools, daca s-ar putea combina mark cu dst ar fi apogeul
lui HTB_Tools.
Credeti ca se va putea ajunge la asa ceva ?!
Astept pareri si "suport" sa incurajam acest lucru.
Si nu in ultimul rand mii de multumiri celor care au avut rabdarea sa
faca acest programel.
---
Detalii despre listele noastre de mail: http://www.lug.ro/
