Freesco, NND, CDN, EOS :: Wyświetl temat

: [/] [] ()

VER=0.21-05.02.13

# --------------------------------------------
# Prorytert klas htb 
# klasa         LAN(download)   WAN(upload)
# ACK               1
# ICMP         1      2
# Gry         2      3
# Userzy      3      4
# Goscie                                5
# p2p         4      6
# ruch lokalny      5
# --------------------------------------------
# Priorytety filtrow
# filtr            LAN(download)   WAN(upload)
# ACK                                   1
# ICMP                  1               2
# Gry                   2               3
# p2p                   3               4
# Userzy      5      5
# Goscie                      9
# ruch lokalny      6                    

        
#  Konfiguracja
htb_config=/etc/htb.conf
#htb_config=./htb_config
WANINT=eth0   # iterfejs do internetu
LANINT=eth1   # interfejs do Lanu
WANDOWN=800   # Download w kbit/s
WANUP=512   # Upload w kbit/s
P2PDOWN=500   # max download p2p w kbit/s
P2PUP=50    # max upload p2p w kbit/s
#LANSPD=4094   # LAN zwykly w [kbit/s]
LANSPD=9400   # LAN dla ftp w [kbit/s]
ICMPSPD=53   # Predkosc dla klasy ICMP (rate)
PRIOPORT=22   # Port priorytetowy
SERVHLDS=256    # HLDS
SERVSPD=300
SERVWWWSPD=30   # Szybkosc WWW
SERVFTP=30      # Szybkosc FTP
USERDOWNMAX=700 # Szybkosc maxymalna dla usera w dol
USERUPMAX=200   # Szybkosc maxymalna dla usera w gore
# Koniec konfiguracji


SFQ="sfq perturb 10"   # SFQ
STARTMRK=10      # Startowy MARK
h=/sbin/rchtb_tc
#h=echo 
i=iptables
#i=echo 

stop()
{
 $i -F -t mangle
 $i -X -t mangle
 $h qdisc del root dev $WANINT 2> /dev/null
 $h qdisc del root dev $LANINT 2> /dev/null
   
}

start()
{
 stop # dla bezpieczeństwa
 godz=`date +%H%M`    
 if [ $godz -ge  "0700" -a $godz -lt  "1700" ];then
    pora=1 # dzien
 elif [ $godz -ge  "1700" -a $godz -lt  "2300" ];then
    pora=2 # wieczor
 elif [ $godz -ge  "2300" -o $godz -lt  "0700" ];then
    pora=3 # noc
 fi
 # obliczenia
 WANDOWN=$[$WANDOWN*98/100]
 WANUP=$[$WANUP*98/100]
 LANSPD=$[$LANSPD*95/100]
 LOCAL=$[$LANSPD-$WANDOWN]
 ACKSPD=$[$WANDOWN/20]    
 CNT=1
 for ii in `cat $htb_config|grep [0123456789] | cut -d "#" -f1 |awk '{print $1}'`;do
    CNT=$[$CNT+1]
 done  
 USERDOWN=$[$WANDOWN/$CNT]
 USERUP=$[$WANUP-$ACKSPD-$ICMPSPD-$SERVSPD]
 USERUP=$[$USERUP/$CNT]
 if [ $USERDOWN \< 1 ];then
    USERDOWN=1
 fi
 if [ $USERUP \< 1 ];then
     USERUP=1
 fi
 # INTERFEJS LANINT (ruch przychodzący)
 $h qdisc add dev $LANINT root handle 1:0 htb default 3 r2q 1
 
 # Główna klasa dla LANINT
 $h class add dev $LANINT parent 1:0 classid 1:1 htb rate ${LANSPD}kbit ceil ${LANSPD}kbit
 
 # Podział na pasmo dla łącza internetowego i resztę
 $h class add dev $LANINT parent 1:1 classid 1:2 htb rate ${WANDOWN}kbit ceil ${WANDOWN}kbit
 $h class add dev $LANINT parent 1:1 classid 1:3 htb rate ${LOCAL}kbit ceil ${LOCAL}kbit prio 5
 $h qdisc add dev $LANINT parent 1:3 $SFQ 

 # pasmo priorytetowe dla ICMP, TOS 0x10 (min. delay) oraz wybranego portu 22
 $h class add dev $LANINT parent 1:2 classid 1:4 htb rate 1000kbit ceil 1000kbit prio 1 quantum 1500
 $h class add dev $LANINT parent 1:2 classid 1:5 htb rate ${USERDOWNMAX}kbit ceil ${USERDOWNMAX}kbit prio 3 quantum 1500
 $h qdisc add dev $LANINT parent 1:4 sfq perturb 10
 $h qdisc add dev $LANINT parent 1:5 $SFQ
 $h filter add dev $LANINT protocol ip prio 1 parent 1:0 u32 match ip sport 22 0xffff flowid 1:4
 $h filter add dev $LANINT protocol ip prio 1 parent 1:0 u32 match ip tos 0x10 0xff flowid 1:4
 $h filter add dev $LANINT protocol ip prio 1 parent 1:0 u32 match ip protocol 1 0xff flowid 1:4

 # transfer serwer->LAN
 $h filter add dev $LANINT protocol ip prio 6 parent 1:0 handle 1 fw flowid 1:3
   
 # INTERFEJS  (ruch wychodzący)
 $h qdisc add dev $WANINT root handle 2:0 htb default 11 r2q 1
     
 # główna klasa
 $h class add dev $WANINT parent 2:0 classid 2:1 htb rate ${WANUP}kbit ceil ${WANUP}kbit

 # Server HLDS
 $h class add dev $WANINT parent 2:1 classid 2:50 htb rate ${SERVHLDS}kbit ceil ${SERVHLDS}kbit prio 3 
 $h filter add dev $WANINT parent 2:0 protocol ip prio 3 handle 1 fw flowid 2:50
 $i -t mangle -A OUTPUT -p UDP -j MARK --set-mark 1

 # Pasmo dla WWW
  $h class add dev $WANINT parent 2:1 classid 2:8 htb rate ${SERVWWWSPD}kbit ceil ${SERVWWWSPD}kbit prio 4 quantum 1500
  $h filter add dev $WANINT parent 2:0 protocol ip prio 4 handle 7 fw flowid 2:8
  $i -t mangle -A OUTPUT -p TCP --dport 80 -j MARK --set-mark 7
  $i -t mangle -A OUTPUT -p TCP --sport 80 -j MARK --set-mark 7

 # Pasmo dla FTP
  $h class add dev $WANINT parent 2:1 classid 2:9 htb rate ${SERVFTP}kbit ceil ${SERVFTP}kbit prio 4 quantum 1500
  $h filter add dev $WANINT parent 2:0 protocol ip prio 4 handle 8 fw flowid 2:9
  $i -t mangle -A OUTPUT -p TCP --dport 21 -j MARK --set-mark 8 
  $i -t mangle -A OUTPUT -p TCP --sport 21 -j MARK --set-mark 8

 # Userzy MAX
 $h filter add dev $LANINT parent 1:2 protocol ip prio 6 handle 9 fw flowid 1:5
 $i -t mangle -A FORWARD -o eth1 -j MARK --set-mark 9
       
 # klasa priorytetowa ACK
 $h class add dev $WANINT parent 2:1 classid 2:2 htb rate ${ACKSPD}kbit ceil ${USERUPMAX}kbit prio 1 quantum 1500
 $h qdisc add dev $WANINT parent 2:2 sfq perturb 10
 $h filter add dev $WANINT parent 2:0 protocol ip prio 1 u32 match ip protocol 6 0xff \
 match u8 0x05 0x0f at 0 match u16 0x0000 0xffc0 at 1 match u8 0x10 0xff at 33 flowid 2:2 # ACK

 # klasa priorytetowa TOS 0x10 oraz ICMP i DNS
 $h class add dev $WANINT parent 2:1 classid 2:3 htb rate ${ICMPSPD}kbit ceil ${USERUPMAX}kbit prio 2 quantum 1500
 $h qdisc add dev $WANINT parent 2:3 $SFQ
 $h filter add dev $WANINT parent 2:0 protocol ip prio 1 u32 match ip tos 0x10 0xff flowid 2:3 # TOS
 $h filter add dev $WANINT parent 2:0 protocol ip prio 2 u32 match ip dport 22 0xffff flowid 2:3 # port 22
 $h filter add dev $WANINT parent 2:0 protocol ip prio 2 u32 match ip sport 22 0xffff flowid 2:3 # port 22
 $h filter add dev $WANINT parent 2:0 protocol ip prio 2 u32 match ip dport 53 0xffff flowid 2:3 # port 53
 $h filter add dev $WANINT parent 2:0 protocol ip prio 2 u32 match ip protocol 1 0xff flowid 2:3 # ICMP

  # Userzy
 CNT=1
 MARK=$[$STARTMRK+2]
 grep "^" $htb_config | grep -v "^#"|grep [0123456789] | while read IP USERDOWN[1] USERUP[1] USERDOWN[2] USERUP[2] USERDOWN[3] USERUP[3] REM; do
    USERDOWN0=$USERDOWN
    USERUP0=$USERUP
    if [ $USERDOWN -gt ${USERDOWN[$pora]} ]; then
   USERDOWN0=${USERDOWN[$pora]}
    fi   
    if [ $USERUP -gt ${USERUP[$pora]} ]; then
        USERUP0=${USERUP[$pora]}
    fi
    $h class add dev $LANINT parent 1:5 classid 1:$[10+$CNT] htb rate ${USERDOWN0}kbit ceil ${USERDOWN[$pora]}kbit prio 3 quantum 1500
    $h qdisc add dev $LANINT parent 1:$[10+$CNT] $SFQ
    $h filter add dev $LANINT protocol ip prio 5 parent 1:0 u32 match ip dst $IP flowid 1:$[10+$CNT]
    $i -t mangle -A PREROUTING -s $IP -j MARK --set-mark $MARK
    $h class add dev $WANINT parent 2:1 classid 2:$[10+$CNT] htb rate ${USERUP0}kbit ceil ${USERUP[$pora]}kbit prio 4 quantum 1500
    $h qdisc add dev $WANINT parent 2:$[10+$CNT] $SFQ
    $h filter add dev $WANINT parent 2:0 protocol ip prio 5 handle $MARK fw flowid 2:$[10+$CNT]
    MARK=$[$MARK+1]
    CNT=$[$CNT+1]
 done

 # Pasmo dla p2p
  $h class add dev $LANINT parent 1:5 classid 1:7 htb rate ${P2PDOWN}kbit ceil ${P2PDOWN}kbit prio 4 quantum 1500
  $h qdisc add dev $LANINT parent 1:7 $SFQ
  $h class add dev $WANINT parent 2:1 classid 2:5 htb rate ${P2PUP}kbit ceil ${P2PUP}kbit prio 6 quantum 1500
  $h qdisc add dev $WANINT parent 2:5 $SFQ
  $h filter add dev $LANINT parent 1:0 protocol ip prio 3 handle 2 fw flowid 1:7
  $h filter add dev $WANINT parent 2:0 protocol ip prio 4 handle 2 fw flowid 2:5

# -----------------------------8><------------------------------
 # Pasmo dla gier, zaplotkuj lub wykasuj jesli nie uzywasz
 $h class add dev $LANINT parent 1:5 classid 1:6 htb rate 100kbit ceil 200kbit prio 2 quantum 1500
 $h qdisc add dev $LANINT parent 1:6 $SFQ
 $h class add dev $WANINT parent 2:1 classid 2:6 htb rate 50kbit ceil 100kbit prio 3 quantum 1500
 $h qdisc add dev $WANINT parent 2:6 $SFQ    
 $i -t mangle -A PREROUTING -p tcp -m multiport --port 27015,27095 -j MARK --set-mark 3
 $h filter add dev $LANINT parent 1:0 protocol ip prio 2 handle 3 fw flowid 1:6
 $h filter add dev $WANINT parent 2:0 protocol ip prio 3 handle 3 fw flowid 2:6
# -----------------------------><8-------------------------------
    
 # reszta    
 $h filter add dev $WANINT parent 2:0 protocol ip prio 9 u32 match ip dst 0/0 flowid 2:4
}

Autor:	Felek [ niedziela, 27 listopada 2005, 16:00 ]
Tytuł:	HTB
Niech ktos mi powie co tutaj jest zle: : [/] [] () VER=0.21-05.02.13 # -------------------------------------------- # Prorytert klas htb # klasa LAN(download) WAN(upload) # ACK 1 # ICMP 1 2 # Gry 2 3 # Userzy 3 4 # Goscie 5 # p2p 4 6 # ruch lokalny 5 # -------------------------------------------- # Priorytety filtrow # filtr LAN(download) WAN(upload) # ACK 1 # ICMP 1 2 # Gry 2 3 # p2p 3 4 # Userzy 5 5 # Goscie 9 # ruch lokalny 6 # Konfiguracja htb_config=/etc/htb.conf #htb_config=./htb_config WANINT=eth0 # iterfejs do internetu LANINT=eth1 # interfejs do Lanu WANDOWN=800 # Download w kbit/s WANUP=512 # Upload w kbit/s P2PDOWN=500 # max download p2p w kbit/s P2PUP=50 # max upload p2p w kbit/s #LANSPD=4094 # LAN zwykly w [kbit/s] LANSPD=9400 # LAN dla ftp w [kbit/s] ICMPSPD=53 # Predkosc dla klasy ICMP (rate) PRIOPORT=22 # Port priorytetowy SERVHLDS=256 # HLDS SERVSPD=300 SERVWWWSPD=30 # Szybkosc WWW SERVFTP=30 # Szybkosc FTP USERDOWNMAX=700 # Szybkosc maxymalna dla usera w dol USERUPMAX=200 # Szybkosc maxymalna dla usera w gore # Koniec konfiguracji SFQ="sfq perturb 10" # SFQ STARTMRK=10 # Startowy MARK h=/sbin/rchtb_tc #h=echo i=iptables #i=echo stop() { $i -F -t mangle $i -X -t mangle $h qdisc del root dev $WANINT 2> /dev/null $h qdisc del root dev $LANINT 2> /dev/null } start() { stop # dla bezpieczeństwa godz=`date +%H%M` if [ $godz -ge "0700" -a $godz -lt "1700" ];then pora=1 # dzien elif [ $godz -ge "1700" -a $godz -lt "2300" ];then pora=2 # wieczor elif [ $godz -ge "2300" -o $godz -lt "0700" ];then pora=3 # noc fi # obliczenia WANDOWN=$[$WANDOWN98/100] WANUP=$[$WANUP98/100] LANSPD=$[$LANSPD*95/100] LOCAL=$[$LANSPD-$WANDOWN] ACKSPD=$[$WANDOWN/20] CNT=1 for ii in `cat $htb_config\|grep [0123456789] \| cut -d "#" -f1 \|awk '{print $1}'`;do CNT=$[$CNT+1] done USERDOWN=$[$WANDOWN/$CNT] USERUP=$[$WANUP-$ACKSPD-$ICMPSPD-$SERVSPD] USERUP=$[$USERUP/$CNT] if [ $USERDOWN \< 1 ];then USERDOWN=1 fi if [ $USERUP \< 1 ];then USERUP=1 fi # INTERFEJS LANINT (ruch przychodzący) $h qdisc add dev $LANINT root handle 1:0 htb default 3 r2q 1 # Główna klasa dla LANINT $h class add dev $LANINT parent 1:0 classid 1:1 htb rate ${LANSPD}kbit ceil ${LANSPD}kbit # Podział na pasmo dla łącza internetowego i resztę $h class add dev $LANINT parent 1:1 classid 1:2 htb rate ${WANDOWN}kbit ceil ${WANDOWN}kbit $h class add dev $LANINT parent 1:1 classid 1:3 htb rate ${LOCAL}kbit ceil ${LOCAL}kbit prio 5 $h qdisc add dev $LANINT parent 1:3 $SFQ # pasmo priorytetowe dla ICMP, TOS 0x10 (min. delay) oraz wybranego portu 22 $h class add dev $LANINT parent 1:2 classid 1:4 htb rate 1000kbit ceil 1000kbit prio 1 quantum 1500 $h class add dev $LANINT parent 1:2 classid 1:5 htb rate ${USERDOWNMAX}kbit ceil ${USERDOWNMAX}kbit prio 3 quantum 1500 $h qdisc add dev $LANINT parent 1:4 sfq perturb 10 $h qdisc add dev $LANINT parent 1:5 $SFQ $h filter add dev $LANINT protocol ip prio 1 parent 1:0 u32 match ip sport 22 0xffff flowid 1:4 $h filter add dev $LANINT protocol ip prio 1 parent 1:0 u32 match ip tos 0x10 0xff flowid 1:4 $h filter add dev $LANINT protocol ip prio 1 parent 1:0 u32 match ip protocol 1 0xff flowid 1:4 # transfer serwer->LAN $h filter add dev $LANINT protocol ip prio 6 parent 1:0 handle 1 fw flowid 1:3 # INTERFEJS (ruch wychodzący) $h qdisc add dev $WANINT root handle 2:0 htb default 11 r2q 1 # główna klasa $h class add dev $WANINT parent 2:0 classid 2:1 htb rate ${WANUP}kbit ceil ${WANUP}kbit # Server HLDS $h class add dev $WANINT parent 2:1 classid 2:50 htb rate ${SERVHLDS}kbit ceil ${SERVHLDS}kbit prio 3 $h filter add dev $WANINT parent 2:0 protocol ip prio 3 handle 1 fw flowid 2:50 $i -t mangle -A OUTPUT -p UDP -j MARK --set-mark 1 # Pasmo dla WWW $h class add dev $WANINT parent 2:1 classid 2:8 htb rate ${SERVWWWSPD}kbit ceil ${SERVWWWSPD}kbit prio 4 quantum 1500 $h filter add dev $WANINT parent 2:0 protocol ip prio 4 handle 7 fw flowid 2:8 $i -t mangle -A OUTPUT -p TCP --dport 80 -j MARK --set-mark 7 $i -t mangle -A OUTPUT -p TCP --sport 80 -j MARK --set-mark 7 # Pasmo dla FTP $h class add dev $WANINT parent 2:1 classid 2:9 htb rate ${SERVFTP}kbit ceil ${SERVFTP}kbit prio 4 quantum 1500 $h filter add dev $WANINT parent 2:0 protocol ip prio 4 handle 8 fw flowid 2:9 $i -t mangle -A OUTPUT -p TCP --dport 21 -j MARK --set-mark 8 $i -t mangle -A OUTPUT -p TCP --sport 21 -j MARK --set-mark 8 # Userzy MAX $h filter add dev $LANINT parent 1:2 protocol ip prio 6 handle 9 fw flowid 1:5 $i -t mangle -A FORWARD -o eth1 -j MARK --set-mark 9 # klasa priorytetowa ACK $h class add dev $WANINT parent 2:1 classid 2:2 htb rate ${ACKSPD}kbit ceil ${USERUPMAX}kbit prio 1 quantum 1500 $h qdisc add dev $WANINT parent 2:2 sfq perturb 10 $h filter add dev $WANINT parent 2:0 protocol ip prio 1 u32 match ip protocol 6 0xff \ match u8 0x05 0x0f at 0 match u16 0x0000 0xffc0 at 1 match u8 0x10 0xff at 33 flowid 2:2 # ACK # klasa priorytetowa TOS 0x10 oraz ICMP i DNS $h class add dev $WANINT parent 2:1 classid 2:3 htb rate ${ICMPSPD}kbit ceil ${USERUPMAX}kbit prio 2 quantum 1500 $h qdisc add dev $WANINT parent 2:3 $SFQ $h filter add dev $WANINT parent 2:0 protocol ip prio 1 u32 match ip tos 0x10 0xff flowid 2:3 # TOS $h filter add dev $WANINT parent 2:0 protocol ip prio 2 u32 match ip dport 22 0xffff flowid 2:3 # port 22 $h filter add dev $WANINT parent 2:0 protocol ip prio 2 u32 match ip sport 22 0xffff flowid 2:3 # port 22 $h filter add dev $WANINT parent 2:0 protocol ip prio 2 u32 match ip dport 53 0xffff flowid 2:3 # port 53 $h filter add dev $WANINT parent 2:0 protocol ip prio 2 u32 match ip protocol 1 0xff flowid 2:3 # ICMP # Userzy CNT=1 MARK=$[$STARTMRK+2] grep "^" $htb_config \| grep -v "^#"\|grep [0123456789] \| while read IP USERDOWN[1] USERUP[1] USERDOWN[2] USERUP[2] USERDOWN[3] USERUP[3] REM; do USERDOWN0=$USERDOWN USERUP0=$USERUP if [ $USERDOWN -gt ${USERDOWN[$pora]} ]; then USERDOWN0=${USERDOWN[$pora]} fi if [ $USERUP -gt ${USERUP[$pora]} ]; then USERUP0=${USERUP[$pora]} fi $h class add dev $LANINT parent 1:5 classid 1:$[10+$CNT] htb rate ${USERDOWN0}kbit ceil ${USERDOWN[$pora]}kbit prio 3 quantum 1500 $h qdisc add dev $LANINT parent 1:$[10+$CNT] $SFQ $h filter add dev $LANINT protocol ip prio 5 parent 1:0 u32 match ip dst $IP flowid 1:$[10+$CNT] $i -t mangle -A PREROUTING -s $IP -j MARK --set-mark $MARK $h class add dev $WANINT parent 2:1 classid 2:$[10+$CNT] htb rate ${USERUP0}kbit ceil ${USERUP[$pora]}kbit prio 4 quantum 1500 $h qdisc add dev $WANINT parent 2:$[10+$CNT] $SFQ $h filter add dev $WANINT parent 2:0 protocol ip prio 5 handle $MARK fw flowid 2:$[10+$CNT] MARK=$[$MARK+1] CNT=$[$CNT+1] done # Pasmo dla p2p $h class add dev $LANINT parent 1:5 classid 1:7 htb rate ${P2PDOWN}kbit ceil ${P2PDOWN}kbit prio 4 quantum 1500 $h qdisc add dev $LANINT parent 1:7 $SFQ $h class add dev $WANINT parent 2:1 classid 2:5 htb rate ${P2PUP}kbit ceil ${P2PUP}kbit prio 6 quantum 1500 $h qdisc add dev $WANINT parent 2:5 $SFQ $h filter add dev $LANINT parent 1:0 protocol ip prio 3 handle 2 fw flowid 1:7 $h filter add dev $WANINT parent 2:0 protocol ip prio 4 handle 2 fw flowid 2:5 # -----------------------------8><------------------------------ # Pasmo dla gier, zaplotkuj lub wykasuj jesli nie uzywasz $h class add dev $LANINT parent 1:5 classid 1:6 htb rate 100kbit ceil 200kbit prio 2 quantum 1500 $h qdisc add dev $LANINT parent 1:6 $SFQ $h class add dev $WANINT parent 2:1 classid 2:6 htb rate 50kbit ceil 100kbit prio 3 quantum 1500 $h qdisc add dev $WANINT parent 2:6 $SFQ $i -t mangle -A PREROUTING -p tcp -m multiport --port 27015,27095 -j MARK --set-mark 3 $h filter add dev $LANINT parent 1:0 protocol ip prio 2 handle 3 fw flowid 1:6 $h filter add dev $WANINT parent 2:0 protocol ip prio 3 handle 3 fw flowid 2:6 # -----------------------------><8------------------------------- # reszta $h filter add dev $WANINT parent 2:0 protocol ip prio 9 u32 match ip dst 0/0 flowid 2:4 } GeSHi © Codebox Plus To dla w lanuchu OUTPUT w mangle jest dla serwera cs`a i tu zaczyna sie caly bol. Jak jest tylko jakis ruch ze strony sieci do internetu, wtedy lacze osiaga wlasnie maksymalnie ok 200-250 Kbits i nic wiecej i na serwerze sa lagi. Niech ktos to przesledzi , moze zobaczy jakis blad.

Autor:	Felek [ czwartek, 8 grudnia 2005, 18:48 ]
Tytuł:
Naprawde nikomu sie nie chce w to spojrzec i powiedziec, jest ok, albo TUTAJ jest zle ?

Freesco, NND, CDN, EOS http://forum.freesco.pl/

HTB http://forum.freesco.pl/viewtopic.php?f=24&t=10051	Strona 1 z 1

Strona 1 z 1	Strefa czasowa UTC+2godz.
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/