Freesco, NND, CDN, EOS :: Wyświetl temat - ipp2p, markowanie pakietów i niceshaper

: [/] [] ()

# Generated by iptables-save v1.3.4 on Fri Dec 14 20:35:11 2007
*mangle
:PREROUTING ACCEPT [3583616:3005158276]
:INPUT ACCEPT [42828:3905972]
:FORWARD ACCEPT [10232371:5208208329]
:OUTPUT ACCEPT [25565:4084871]
:POSTROUTING ACCEPT [4789172:766431552]
-A PREROUTING -m ipp2p --ipp2p -j MARK --set-mark 0x999 
-A PREROUTING -m ipp2p --ipp2p -j MARK --set-mark 0x999 
-A PREROUTING -m ipp2p --ipp2p -j MARK --set-mark 0x999 
-A PREROUTING -m ipp2p --ipp2p -j MARK --set-mark 0x999 
-A PREROUTING -m ipp2p --ipp2p -j MARK --set-mark 0x999 
-A PREROUTING -m ipp2p --ipp2p -j MARK --set-mark 0x999 
-A PREROUTING -p tcp -j CONNMARK --restore-mark 
-A PREROUTING -p tcp -m mark ! --mark 0x0 -j ACCEPT 
-A PREROUTING -p tcp -m mark --mark 0x999 -j CONNMARK --save-mark 
-A PREROUTING -p tcp -j CONNMARK --restore-mark 
-A PREROUTING -p tcp -m mark ! --mark 0x0 -j ACCEPT 
-A PREROUTING -p tcp -m mark --mark 0x999 -j CONNMARK --save-mark 
-A PREROUTING -p tcp -j CONNMARK --restore-mark 
-A PREROUTING -p tcp -m mark ! --mark 0x0 -j ACCEPT 
-A PREROUTING -p tcp -m mark --mark 0x999 -j CONNMARK --save-mark 
-A FORWARD -p tcp -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP 
-A FORWARD -p tcp -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP 
-A FORWARD -p tcp -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP 
-A FORWARD -p tcp -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP 
-A FORWARD -p tcp -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP 
-A FORWARD -p tcp -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP 
-A FORWARD -p tcp -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP 
-A FORWARD -p tcp -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP 
-A FORWARD -p tcp -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP 
-A FORWARD -p tcp -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP 
-A FORWARD -p tcp -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP 
-A FORWARD -p tcp -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP 
-A FORWARD -p tcp -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP 
-A FORWARD -p tcp -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP 
-A FORWARD -p tcp -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP 
-A FORWARD -p tcp -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP 
-A POSTROUTING -o eth0 -m mark --mark 0x999 -j IMQ --todev 2
-A POSTROUTING -o eth0 -m mark --mark 0x999 -j IMQ --todev 2
-A POSTROUTING -o eth0 -m mark --mark 0x999 -j IMQ --todev 2
-A POSTROUTING -o eth0 -m mark --mark 0x999 -j IMQ --todev 2
-A POSTROUTING -o eth0 -m mark --mark 0x999 -j IMQ --todev 2
-A POSTROUTING -o eth0 -m mark --mark 0x999 -j IMQ --todev 2
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o eth1 -m mark --mark 0x999 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o eth1 -m mark --mark 0x999 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o eth1 -m mark --mark 0x999 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o eth1 -m mark --mark 0x999 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
-A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3
COMMIT
# Completed on Fri Dec 14 20:35:11 2007
# Generated by iptables-save v1.3.4 on Fri Dec 14 20:35:11 2007
*filter
:INPUT DROP [4:184]
:FORWARD DROP [5:5836]
:OUTPUT ACCEPT [4:1264]
-A INPUT -i lo -j ACCEPT 
-A INPUT -p tcp -m multiport --dports 135,445 -j DROP 
-A INPUT -i ppp0 -p tcp -m tcp --dport 80 -j ACCEPT 
-A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 113 -j REJECT --reject-with icmp-port-unreachable 
-A INPUT -p tcp -m tcp --dport 1080 -j REJECT --reject-with icmp-port-unreachable 
-A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT 
-A INPUT -s 192.168.2.4 -i ! ppp0 -j ACCEPT 
-A INPUT -s 192.168.2.5 -i ! ppp0 -j ACCEPT 
-A INPUT -s 192.168.2.6 -i ! ppp0 -j ACCEPT 
-A INPUT -s 192.168.2.7 -i ! ppp0 -j ACCEPT 
-A INPUT -s 192.168.2.8 -i ! ppp0 -j ACCEPT 
-A INPUT -s 192.168.2.9 -i ! ppp0 -j ACCEPT 
-A INPUT -s 192.168.2.10 -i ! ppp0 -j ACCEPT 
-A INPUT -s 192.168.2.11 -i ! ppp0 -j ACCEPT 
-A INPUT -s 192.168.2.12 -i ! ppp0 -j ACCEPT 
-A INPUT -s 192.168.2.13 -i ! ppp0 -j ACCEPT 
-A INPUT -s 192.168.2.14 -i ! ppp0 -j ACCEPT 
-A INPUT -s 192.168.2.15 -i ! ppp0 -j ACCEPT 
-A INPUT -s 192.168.2.16 -i ! ppp0 -j ACCEPT 
-A INPUT -s 192.168.2.17 -i ! ppp0 -j ACCEPT 
-A INPUT -s 192.168.2.18 -i ! ppp0 -j ACCEPT 
-A INPUT -s 192.168.2.19 -i ! ppp0 -j ACCEPT 
-A INPUT -s 192.168.2.20 -i ! ppp0 -j ACCEPT 
-A INPUT -s 192.168.2.21 -i ! ppp0 -j ACCEPT 
-A INPUT -s 192.168.2.22 -i ! ppp0 -j ACCEPT 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A FORWARD -o lo -j ACCEPT 
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu 
-A FORWARD -p tcp -m multiport --dports 135,445 -j DROP 
-A FORWARD -s 192.168.2.5 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP 
-A FORWARD -s 192.168.2.6 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP 
-A FORWARD -s 192.168.2.7 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP 
-A FORWARD -s 192.168.2.8 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP 
-A FORWARD -s 192.168.2.9 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP 
-A FORWARD -s 192.168.2.10 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP 
-A FORWARD -s 192.168.2.11 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP 
-A FORWARD -s 192.168.2.12 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP 
-A FORWARD -s 192.168.2.13 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP 
-A FORWARD -s 192.168.2.14 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP 
-A FORWARD -s 192.168.2.15 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP 
-A FORWARD -s 192.168.2.16 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP 
-A FORWARD -s 192.168.2.17 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP 
-A FORWARD -s 192.168.2.18 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP 
-A FORWARD -s 192.168.2.19 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP 
-A FORWARD -s 192.168.2.20 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP 
-A FORWARD -s 192.168.2.21 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP 
-A FORWARD -s 192.168.2.22 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP 
-A FORWARD -d 192.168.2.4 -p tcp -m tcp --dport 65535 -j ACCEPT 
-A FORWARD -s 192.168.2.4 -p tcp -m tcp --sport 65535 -j ACCEPT 
-A FORWARD -d 192.168.2.4 -p udp -m udp --dport 65535 -j ACCEPT 
-A FORWARD -s 192.168.2.4 -p udp -m udp --sport 65535 -j ACCEPT 
-A FORWARD -d 192.168.2.4 -p tcp -m tcp --dport 6348 -j ACCEPT 
-A FORWARD -s 192.168.2.4 -p tcp -m tcp --sport 6348 -j ACCEPT 
-A FORWARD -d 192.168.2.4 -p udp -m udp --dport 6348 -j ACCEPT 
-A FORWARD -s 192.168.2.4 -p udp -m udp --sport 6348 -j ACCEPT 
-A FORWARD -d 192.168.2.6 -p tcp -m tcp --dport 6889 -j ACCEPT 
-A FORWARD -s 192.168.2.6 -p tcp -m tcp --sport 6889 -j ACCEPT 
-A FORWARD -d 192.168.2.6 -p udp -m udp --dport 6889 -j ACCEPT 
-A FORWARD -s 192.168.2.6 -p udp -m udp --sport 6889 -j ACCEPT 
-A FORWARD -s 192.168.2.4 -i ! ppp0 -j ACCEPT 
-A FORWARD -s 192.168.2.5 -i ! ppp0 -j ACCEPT 
-A FORWARD -s 192.168.2.6 -i ! ppp0 -j ACCEPT 
-A FORWARD -s 192.168.2.7 -i ! ppp0 -j ACCEPT 
-A FORWARD -s 192.168.2.8 -i ! ppp0 -j ACCEPT 
-A FORWARD -s 192.168.2.9 -i ! ppp0 -j ACCEPT 
-A FORWARD -s 192.168.2.10 -i ! ppp0 -j ACCEPT 
-A FORWARD -s 192.168.2.11 -i ! ppp0 -j ACCEPT 
-A FORWARD -s 192.168.2.12 -i ! ppp0 -j ACCEPT 
-A FORWARD -s 192.168.2.13 -i ! ppp0 -j ACCEPT 
-A FORWARD -s 192.168.2.14 -i ! ppp0 -j ACCEPT 
-A FORWARD -s 192.168.2.15 -i ! ppp0 -j ACCEPT 
-A FORWARD -s 192.168.2.16 -i ! ppp0 -j ACCEPT 
-A FORWARD -s 192.168.2.17 -i ! ppp0 -j ACCEPT 
-A FORWARD -s 192.168.2.18 -i ! ppp0 -j ACCEPT 
-A FORWARD -s 192.168.2.19 -i ! ppp0 -j ACCEPT 
-A FORWARD -s 192.168.2.20 -i ! ppp0 -j ACCEPT 
-A FORWARD -s 192.168.2.21 -i ! ppp0 -j ACCEPT 
-A FORWARD -s 192.168.2.22 -i ! ppp0 -j ACCEPT 
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT 
COMMIT
# Completed on Fri Dec 14 20:35:11 2007
# Generated by iptables-save v1.3.4 on Fri Dec 14 20:35:11 2007
*nat
:PREROUTING ACCEPT [199773:37837932]
:POSTROUTING ACCEPT [49505:4378680]
:OUTPUT ACCEPT [81:16606]
-A PREROUTING -i ppp0 -p tcp -m tcp --dport 65535 -j DNAT --to-destination 192.168.2.4 
-A PREROUTING -i ppp0 -p udp -m udp --dport 65535 -j DNAT --to-destination 192.168.2.4 
-A PREROUTING -i ppp0 -p tcp -m tcp --dport 6348 -j DNAT --to-destination 192.168.2.4 
-A PREROUTING -i ppp0 -p udp -m udp --dport 6348 -j DNAT --to-destination 192.168.2.4 
-A PREROUTING -i ppp0 -p tcp -m tcp --dport 6889 -j DNAT --to-destination 192.168.2.6 
-A PREROUTING -i ppp0 -p udp -m udp --dport 6889 -j DNAT --to-destination 192.168.2.6 
-A POSTROUTING -s 192.168.2.4 -o ppp0 -j MASQUERADE 
-A POSTROUTING -s 192.168.2.5 -o ppp0 -j MASQUERADE 
-A POSTROUTING -s 192.168.2.6 -o ppp0 -j MASQUERADE 
-A POSTROUTING -s 192.168.2.7 -o ppp0 -j MASQUERADE 
-A POSTROUTING -s 192.168.2.8 -o ppp0 -j MASQUERADE 
-A POSTROUTING -s 192.168.2.9 -o ppp0 -j MASQUERADE 
-A POSTROUTING -s 192.168.2.10 -o ppp0 -j MASQUERADE 
-A POSTROUTING -s 192.168.2.11 -o ppp0 -j MASQUERADE 
-A POSTROUTING -s 192.168.2.12 -o ppp0 -j MASQUERADE 
-A POSTROUTING -s 192.168.2.13 -o ppp0 -j MASQUERADE 
-A POSTROUTING -s 192.168.2.14 -o ppp0 -j MASQUERADE 
-A POSTROUTING -s 192.168.2.15 -o ppp0 -j MASQUERADE 
-A POSTROUTING -s 192.168.2.16 -o ppp0 -j MASQUERADE 
-A POSTROUTING -s 192.168.2.17 -o ppp0 -j MASQUERADE 
-A POSTROUTING -s 192.168.2.18 -o ppp0 -j MASQUERADE 
-A POSTROUTING -s 192.168.2.19 -o ppp0 -j MASQUERADE 
-A POSTROUTING -s 192.168.2.20 -o ppp0 -j MASQUERADE 
-A POSTROUTING -s 192.168.2.21 -o ppp0 -j MASQUERADE 
-A POSTROUTING -s 192.168.2.22 -o ppp0 -j MASQUERADE 
COMMIT
# Completed on Fri Dec 14 20:35:11 2007

Autor:	Wujek_Bogdan [ poniedziałek, 10 grudnia 2007, 11:32 ]
Tytuł:	ipp2p, markowanie pakietów i niceshaper
Od jakiegoś czasu staram sie skonfigurować podział łącza na moim serwerku. Na początku był debian z czystym htb i niceshaper. niestety nie sprawdzało się z p2p. potem był IPcop (swoja droga ciekawe distro), ale jego filtry l7 i cały ten QoS też nie radziły sobei zbyt dobrze. Postawiłem teraz na NND, ze względu na domyslnie spatchowane jajko, no i pacmana do ktorego mam sentyment ok ale do rzeczy! Chciałbym konfigurować kolejkowanie w oparciu o HTB, za pomocą niceshapera, no i oczywiscie filtry ipp2p, albo l7 stosujac IMQ. Wiem, zeTU jest gotowy poradnik krok po kroku... ale niestety linki na forum i na wiki są w większości martwe! mam na mysli przede wszystkim pliki imq_inter oraz imq_p2p_eth. Domyslam sie ze byly to gotowe skryty odpowiedzialne za tworzenie IMQ oraz za markowanie pakietów. Jesli chodzi o niceshapera, to juz bedzie z gorki. prosze o podanie namiarow na te pliki, albo o jakies wskazowki. 1. tworzenia IMQ 2. mrakowanie pakietow przez iptables edit: : [/] [] () #!/bin/bash modprobe imq ip link set imq0 up ip link set imq1 up iptables -A PREROUTING -t mangle -i eth0 -j IMQ --todev 0 iptables -A PREROUTING -t mangle -i eth1 -j IMQ --todev 1 GeSHi © Codebox Plus narazie wiem jak podniesc interfejy i przekierowac na nie ruch z interfejsow eth0 i eth1, ale to mi nic raczej nie daje. w jaki sposob oznakowac pakiety i przekierowac tylko te oznakowane na wybrany interfejs imq?

Autor:	-MW- [ poniedziałek, 10 grudnia 2007, 13:26 ]
Tytuł:
Cytuj: iptables -A PREROUTING -t mangle -i eth0 -j IMQ --todev 0 iptables -A PREROUTING -t mangle -i eth1 -j IMQ --todev 1 moze tak bedzie lepiej Cytuj: iptables -A PREROUTING -t mangle -i eth0 -j IMQ --todev 0 iptables -A POSTROUTING -t mangle -o ! eth0 -j IMQ --todev 1

Autor:	Wujek_Bogdan [ poniedziałek, 10 grudnia 2007, 14:02 ]
Tytuł:
ha. ciekawe powyzsze wpisy zaczerpnalem z howto n forum slackware i dziala. tzn utworzylem interfejsy imq0 oraz imq1 tak czy inaczej rozumiem, ze te regulki tylko przekierowuja ruch z interfejow eth0 na imq0 oraz eth0 na imq1. chcialbym przekierowac tylko pakiety oznaczone za pomoca l7 albo ipp2p. np pakiety bittorrent. na http://l7-filter.sourceforge.net/HOWTO znalazlem opis. : [/] [] () iptables -t mangle -A POSTROUTING -m layer7 --torrent imap -j MARK --set-mark 3 GeSHi © Codebox Plus markuje mi pakietty torrenta. musze podac na jakim interfejsie maja byc markowane, tak jakw w niceshaper? czy powyzszy wpis wystarczy? jak teraz przekierowac te pakiety na imq? tym zajmie sie juz niceshaper? wracajac do poprzedniego postu. czy znajde jeszcze gdzies skrypty podane na wiki?

Autor:	MalyPL [ czwartek, 20 grudnia 2007, 09:55 ]
Tytuł:
Witam Podepnę sie pod temat. Mam problem z IMQ, ponieważ gdy tylko je podniosę cały ruch idzie odrazu przez imq2 i imq3. Zainstalowany mam pakiet layer l7 i blokuję a raczej staram się blokować p2p przez ipp2p. Przy generowaniu firewalla (Czerwa) wyłączam wszystko chyba co możliwe łącznie z IMQ. Nie wiem czy iptables.rules nie powinno inaczej wyglądać. Co mam jeszcze wyłaczyć przed generacją firewalla, bo wydaje mi się że coś jest nie tak. Plik firewal.rules : [/] [] () # Generated by iptables-save v1.3.4 on Fri Dec 14 20:35:11 2007 mangle :PREROUTING ACCEPT [3583616:3005158276] :INPUT ACCEPT [42828:3905972] :FORWARD ACCEPT [10232371:5208208329] :OUTPUT ACCEPT [25565:4084871] :POSTROUTING ACCEPT [4789172:766431552] -A PREROUTING -m ipp2p --ipp2p -j MARK --set-mark 0x999 -A PREROUTING -m ipp2p --ipp2p -j MARK --set-mark 0x999 -A PREROUTING -m ipp2p --ipp2p -j MARK --set-mark 0x999 -A PREROUTING -m ipp2p --ipp2p -j MARK --set-mark 0x999 -A PREROUTING -m ipp2p --ipp2p -j MARK --set-mark 0x999 -A PREROUTING -m ipp2p --ipp2p -j MARK --set-mark 0x999 -A PREROUTING -p tcp -j CONNMARK --restore-mark -A PREROUTING -p tcp -m mark ! --mark 0x0 -j ACCEPT -A PREROUTING -p tcp -m mark --mark 0x999 -j CONNMARK --save-mark -A PREROUTING -p tcp -j CONNMARK --restore-mark -A PREROUTING -p tcp -m mark ! --mark 0x0 -j ACCEPT -A PREROUTING -p tcp -m mark --mark 0x999 -j CONNMARK --save-mark -A PREROUTING -p tcp -j CONNMARK --restore-mark -A PREROUTING -p tcp -m mark ! --mark 0x0 -j ACCEPT -A PREROUTING -p tcp -m mark --mark 0x999 -j CONNMARK --save-mark -A FORWARD -p tcp -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP -A FORWARD -p tcp -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP -A FORWARD -p tcp -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP -A FORWARD -p tcp -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP -A FORWARD -p tcp -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP -A FORWARD -p tcp -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP -A FORWARD -p tcp -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP -A FORWARD -p tcp -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP -A FORWARD -p tcp -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP -A FORWARD -p tcp -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP -A FORWARD -p tcp -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP -A FORWARD -p tcp -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP -A FORWARD -p tcp -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP -A FORWARD -p tcp -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP -A FORWARD -p tcp -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP -A FORWARD -p tcp -m connlimit --connlimit-above 100 --connlimit-mask 32 -j DROP -A POSTROUTING -o eth0 -m mark --mark 0x999 -j IMQ --todev 2 -A POSTROUTING -o eth0 -m mark --mark 0x999 -j IMQ --todev 2 -A POSTROUTING -o eth0 -m mark --mark 0x999 -j IMQ --todev 2 -A POSTROUTING -o eth0 -m mark --mark 0x999 -j IMQ --todev 2 -A POSTROUTING -o eth0 -m mark --mark 0x999 -j IMQ --todev 2 -A POSTROUTING -o eth0 -m mark --mark 0x999 -j IMQ --todev 2 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o eth1 -m mark --mark 0x999 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o eth1 -m mark --mark 0x999 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o eth1 -m mark --mark 0x999 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o eth1 -m mark --mark 0x999 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 -A POSTROUTING -o ppp0 -m mark --mark 0x1 -j IMQ --todev 2 -A POSTROUTING -o eth1 -m mark --mark 0x1 -j IMQ --todev 3 COMMIT # Completed on Fri Dec 14 20:35:11 2007 # Generated by iptables-save v1.3.4 on Fri Dec 14 20:35:11 2007 filter :INPUT DROP [4:184] :FORWARD DROP [5:5836] :OUTPUT ACCEPT [4:1264] -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m multiport --dports 135,445 -j DROP -A INPUT -i ppp0 -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -i ppp0 -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 113 -j REJECT --reject-with icmp-port-unreachable -A INPUT -p tcp -m tcp --dport 1080 -j REJECT --reject-with icmp-port-unreachable -A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT -A INPUT -s 192.168.2.4 -i ! ppp0 -j ACCEPT -A INPUT -s 192.168.2.5 -i ! ppp0 -j ACCEPT -A INPUT -s 192.168.2.6 -i ! ppp0 -j ACCEPT -A INPUT -s 192.168.2.7 -i ! ppp0 -j ACCEPT -A INPUT -s 192.168.2.8 -i ! ppp0 -j ACCEPT -A INPUT -s 192.168.2.9 -i ! ppp0 -j ACCEPT -A INPUT -s 192.168.2.10 -i ! ppp0 -j ACCEPT -A INPUT -s 192.168.2.11 -i ! ppp0 -j ACCEPT -A INPUT -s 192.168.2.12 -i ! ppp0 -j ACCEPT -A INPUT -s 192.168.2.13 -i ! ppp0 -j ACCEPT -A INPUT -s 192.168.2.14 -i ! ppp0 -j ACCEPT -A INPUT -s 192.168.2.15 -i ! ppp0 -j ACCEPT -A INPUT -s 192.168.2.16 -i ! ppp0 -j ACCEPT -A INPUT -s 192.168.2.17 -i ! ppp0 -j ACCEPT -A INPUT -s 192.168.2.18 -i ! ppp0 -j ACCEPT -A INPUT -s 192.168.2.19 -i ! ppp0 -j ACCEPT -A INPUT -s 192.168.2.20 -i ! ppp0 -j ACCEPT -A INPUT -s 192.168.2.21 -i ! ppp0 -j ACCEPT -A INPUT -s 192.168.2.22 -i ! ppp0 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -o lo -j ACCEPT -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu -A FORWARD -p tcp -m multiport --dports 135,445 -j DROP -A FORWARD -s 192.168.2.5 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP -A FORWARD -s 192.168.2.6 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP -A FORWARD -s 192.168.2.7 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP -A FORWARD -s 192.168.2.8 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP -A FORWARD -s 192.168.2.9 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP -A FORWARD -s 192.168.2.10 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP -A FORWARD -s 192.168.2.11 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP -A FORWARD -s 192.168.2.12 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP -A FORWARD -s 192.168.2.13 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP -A FORWARD -s 192.168.2.14 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP -A FORWARD -s 192.168.2.15 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP -A FORWARD -s 192.168.2.16 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP -A FORWARD -s 192.168.2.17 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP -A FORWARD -s 192.168.2.18 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP -A FORWARD -s 192.168.2.19 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP -A FORWARD -s 192.168.2.20 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP -A FORWARD -s 192.168.2.21 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP -A FORWARD -s 192.168.2.22 -p tcp -m tcp --tcp-flags SYN,RST,ACK SYN -m connlimit --connlimit-above 70 --connlimit-mask 32 -j DROP -A FORWARD -d 192.168.2.4 -p tcp -m tcp --dport 65535 -j ACCEPT -A FORWARD -s 192.168.2.4 -p tcp -m tcp --sport 65535 -j ACCEPT -A FORWARD -d 192.168.2.4 -p udp -m udp --dport 65535 -j ACCEPT -A FORWARD -s 192.168.2.4 -p udp -m udp --sport 65535 -j ACCEPT -A FORWARD -d 192.168.2.4 -p tcp -m tcp --dport 6348 -j ACCEPT -A FORWARD -s 192.168.2.4 -p tcp -m tcp --sport 6348 -j ACCEPT -A FORWARD -d 192.168.2.4 -p udp -m udp --dport 6348 -j ACCEPT -A FORWARD -s 192.168.2.4 -p udp -m udp --sport 6348 -j ACCEPT -A FORWARD -d 192.168.2.6 -p tcp -m tcp --dport 6889 -j ACCEPT -A FORWARD -s 192.168.2.6 -p tcp -m tcp --sport 6889 -j ACCEPT -A FORWARD -d 192.168.2.6 -p udp -m udp --dport 6889 -j ACCEPT -A FORWARD -s 192.168.2.6 -p udp -m udp --sport 6889 -j ACCEPT -A FORWARD -s 192.168.2.4 -i ! ppp0 -j ACCEPT -A FORWARD -s 192.168.2.5 -i ! ppp0 -j ACCEPT -A FORWARD -s 192.168.2.6 -i ! ppp0 -j ACCEPT -A FORWARD -s 192.168.2.7 -i ! ppp0 -j ACCEPT -A FORWARD -s 192.168.2.8 -i ! ppp0 -j ACCEPT -A FORWARD -s 192.168.2.9 -i ! ppp0 -j ACCEPT -A FORWARD -s 192.168.2.10 -i ! ppp0 -j ACCEPT -A FORWARD -s 192.168.2.11 -i ! ppp0 -j ACCEPT -A FORWARD -s 192.168.2.12 -i ! ppp0 -j ACCEPT -A FORWARD -s 192.168.2.13 -i ! ppp0 -j ACCEPT -A FORWARD -s 192.168.2.14 -i ! ppp0 -j ACCEPT -A FORWARD -s 192.168.2.15 -i ! ppp0 -j ACCEPT -A FORWARD -s 192.168.2.16 -i ! ppp0 -j ACCEPT -A FORWARD -s 192.168.2.17 -i ! ppp0 -j ACCEPT -A FORWARD -s 192.168.2.18 -i ! ppp0 -j ACCEPT -A FORWARD -s 192.168.2.19 -i ! ppp0 -j ACCEPT -A FORWARD -s 192.168.2.20 -i ! ppp0 -j ACCEPT -A FORWARD -s 192.168.2.21 -i ! ppp0 -j ACCEPT -A FORWARD -s 192.168.2.22 -i ! ppp0 -j ACCEPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT COMMIT # Completed on Fri Dec 14 20:35:11 2007 # Generated by iptables-save v1.3.4 on Fri Dec 14 20:35:11 2007 *nat :PREROUTING ACCEPT [199773:37837932] :POSTROUTING ACCEPT [49505:4378680] :OUTPUT ACCEPT [81:16606] -A PREROUTING -i ppp0 -p tcp -m tcp --dport 65535 -j DNAT --to-destination 192.168.2.4 -A PREROUTING -i ppp0 -p udp -m udp --dport 65535 -j DNAT --to-destination 192.168.2.4 -A PREROUTING -i ppp0 -p tcp -m tcp --dport 6348 -j DNAT --to-destination 192.168.2.4 -A PREROUTING -i ppp0 -p udp -m udp --dport 6348 -j DNAT --to-destination 192.168.2.4 -A PREROUTING -i ppp0 -p tcp -m tcp --dport 6889 -j DNAT --to-destination 192.168.2.6 -A PREROUTING -i ppp0 -p udp -m udp --dport 6889 -j DNAT --to-destination 192.168.2.6 -A POSTROUTING -s 192.168.2.4 -o ppp0 -j MASQUERADE -A POSTROUTING -s 192.168.2.5 -o ppp0 -j MASQUERADE -A POSTROUTING -s 192.168.2.6 -o ppp0 -j MASQUERADE -A POSTROUTING -s 192.168.2.7 -o ppp0 -j MASQUERADE -A POSTROUTING -s 192.168.2.8 -o ppp0 -j MASQUERADE -A POSTROUTING -s 192.168.2.9 -o ppp0 -j MASQUERADE -A POSTROUTING -s 192.168.2.10 -o ppp0 -j MASQUERADE -A POSTROUTING -s 192.168.2.11 -o ppp0 -j MASQUERADE -A POSTROUTING -s 192.168.2.12 -o ppp0 -j MASQUERADE -A POSTROUTING -s 192.168.2.13 -o ppp0 -j MASQUERADE -A POSTROUTING -s 192.168.2.14 -o ppp0 -j MASQUERADE -A POSTROUTING -s 192.168.2.15 -o ppp0 -j MASQUERADE -A POSTROUTING -s 192.168.2.16 -o ppp0 -j MASQUERADE -A POSTROUTING -s 192.168.2.17 -o ppp0 -j MASQUERADE -A POSTROUTING -s 192.168.2.18 -o ppp0 -j MASQUERADE -A POSTROUTING -s 192.168.2.19 -o ppp0 -j MASQUERADE -A POSTROUTING -s 192.168.2.20 -o ppp0 -j MASQUERADE -A POSTROUTING -s 192.168.2.21 -o ppp0 -j MASQUERADE -A POSTROUTING -s 192.168.2.22 -o ppp0 -j MASQUERADE COMMIT # Completed on Fri Dec 14 20:35:11 2007 GeSHi © Codebox Plus

Autor:	-MW- [ czwartek, 20 grudnia 2007, 13:48 ]
Tytuł:
Cytuj: ha. ciekawe powyzsze wpisy zaczerpnalem z howto n forum slackware i dziala. tzn utworzylem interfejsy imq0 oraz imq1 i jedne regulki i drugie sa poprawne - pytanie do czego maja sluzyc. w pierwszym przypadku na imq1 nie bedziesz mogl filtrowac ruchu po ip hostow z lanu, a jedynie w/g mark. no i wazne jest na jakich miejscach w stsunku do innych regul sie one znajduja.

Freesco, NND, CDN, EOS http://forum.freesco.pl/

ipp2p, markowanie pakietów i niceshaper http://forum.freesco.pl/viewtopic.php?f=22&t=16311	Strona 1 z 1

Strona 1 z 1	Strefa czasowa UTC+2godz.
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/