Niech ktos mi powie co tutaj jest zle:
VER=0.21-05.02.13
# --------------------------------------------
# Prorytert klas htb
# klasa LAN(download) WAN(upload)
# ACK 1
# ICMP 1 2
# Gry 2 3
# Userzy 3 4
# Goscie 5
# p2p 4 6
# ruch lokalny 5
# --------------------------------------------
# Priorytety filtrow
# filtr LAN(download) WAN(upload)
# ACK 1
# ICMP 1 2
# Gry 2 3
# p2p 3 4
# Userzy 5 5
# Goscie 9
# ruch lokalny 6
# Konfiguracja
htb_config=/etc/htb.conf
#htb_config=./htb_config
WANINT=eth0 # iterfejs do internetu
LANINT=eth1 # interfejs do Lanu
WANDOWN=800 # Download w kbit/s
WANUP=512 # Upload w kbit/s
P2PDOWN=500 # max download p2p w kbit/s
P2PUP=50 # max upload p2p w kbit/s
#LANSPD=4094 # LAN zwykly w [kbit/s]
LANSPD=9400 # LAN dla ftp w [kbit/s]
ICMPSPD=53 # Predkosc dla klasy ICMP (rate)
PRIOPORT=22 # Port priorytetowy
SERVHLDS=256 # HLDS
SERVSPD=300
SERVWWWSPD=30 # Szybkosc WWW
SERVFTP=30 # Szybkosc FTP
USERDOWNMAX=700 # Szybkosc maxymalna dla usera w dol
USERUPMAX=200 # Szybkosc maxymalna dla usera w gore
# Koniec konfiguracji
SFQ="sfq perturb 10" # SFQ
STARTMRK=10 # Startowy MARK
h=/sbin/rchtb_tc
#h=echo
i=iptables
#i=echo
stop()
{
$i -F -t mangle
$i -X -t mangle
$h qdisc del root dev $WANINT 2> /dev/null
$h qdisc del root dev $LANINT 2> /dev/null
}
start()
{
stop # dla bezpieczeństwa
godz=`date +%H%M`
if [ $godz -ge "0700" -a $godz -lt "1700" ];then
pora=1 # dzien
elif [ $godz -ge "1700" -a $godz -lt "2300" ];then
pora=2 # wieczor
elif [ $godz -ge "2300" -o $godz -lt "0700" ];then
pora=3 # noc
fi
# obliczenia
WANDOWN=$[$WANDOWN*98/100]
WANUP=$[$WANUP*98/100]
LANSPD=$[$LANSPD*95/100]
LOCAL=$[$LANSPD-$WANDOWN]
ACKSPD=$[$WANDOWN/20]
CNT=1
for ii in `cat $htb_config|grep [0123456789] | cut -d "#" -f1 |awk '{print $1}'`;do
CNT=$[$CNT+1]
done
USERDOWN=$[$WANDOWN/$CNT]
USERUP=$[$WANUP-$ACKSPD-$ICMPSPD-$SERVSPD]
USERUP=$[$USERUP/$CNT]
if [ $USERDOWN \< 1 ];then
USERDOWN=1
fi
if [ $USERUP \< 1 ];then
USERUP=1
fi
# INTERFEJS LANINT (ruch przychodzący)
$h qdisc add dev $LANINT root handle 1:0 htb default 3 r2q 1
# Główna klasa dla LANINT
$h class add dev $LANINT parent 1:0 classid 1:1 htb rate ${LANSPD}kbit ceil ${LANSPD}kbit
# Podział na pasmo dla łącza internetowego i resztę
$h class add dev $LANINT parent 1:1 classid 1:2 htb rate ${WANDOWN}kbit ceil ${WANDOWN}kbit
$h class add dev $LANINT parent 1:1 classid 1:3 htb rate ${LOCAL}kbit ceil ${LOCAL}kbit prio 5
$h qdisc add dev $LANINT parent 1:3 $SFQ
# pasmo priorytetowe dla ICMP, TOS 0x10 (min. delay) oraz wybranego portu 22
$h class add dev $LANINT parent 1:2 classid 1:4 htb rate 1000kbit ceil 1000kbit prio 1 quantum 1500
$h class add dev $LANINT parent 1:2 classid 1:5 htb rate ${USERDOWNMAX}kbit ceil ${USERDOWNMAX}kbit prio 3 quantum 1500
$h qdisc add dev $LANINT parent 1:4 sfq perturb 10
$h qdisc add dev $LANINT parent 1:5 $SFQ
$h filter add dev $LANINT protocol ip prio 1 parent 1:0 u32 match ip sport 22 0xffff flowid 1:4
$h filter add dev $LANINT protocol ip prio 1 parent 1:0 u32 match ip tos 0x10 0xff flowid 1:4
$h filter add dev $LANINT protocol ip prio 1 parent 1:0 u32 match ip protocol 1 0xff flowid 1:4
# transfer serwer->LAN
$h filter add dev $LANINT protocol ip prio 6 parent 1:0 handle 1 fw flowid 1:3
# INTERFEJS (ruch wychodzący)
$h qdisc add dev $WANINT root handle 2:0 htb default 11 r2q 1
# główna klasa
$h class add dev $WANINT parent 2:0 classid 2:1 htb rate ${WANUP}kbit ceil ${WANUP}kbit
# Server HLDS
$h class add dev $WANINT parent 2:1 classid 2:50 htb rate ${SERVHLDS}kbit ceil ${SERVHLDS}kbit prio 3
$h filter add dev $WANINT parent 2:0 protocol ip prio 3 handle 1 fw flowid 2:50
$i -t mangle -A OUTPUT -p UDP -j MARK --set-mark 1
# Pasmo dla WWW
$h class add dev $WANINT parent 2:1 classid 2:8 htb rate ${SERVWWWSPD}kbit ceil ${SERVWWWSPD}kbit prio 4 quantum 1500
$h filter add dev $WANINT parent 2:0 protocol ip prio 4 handle 7 fw flowid 2:8
$i -t mangle -A OUTPUT -p TCP --dport 80 -j MARK --set-mark 7
$i -t mangle -A OUTPUT -p TCP --sport 80 -j MARK --set-mark 7
# Pasmo dla FTP
$h class add dev $WANINT parent 2:1 classid 2:9 htb rate ${SERVFTP}kbit ceil ${SERVFTP}kbit prio 4 quantum 1500
$h filter add dev $WANINT parent 2:0 protocol ip prio 4 handle 8 fw flowid 2:9
$i -t mangle -A OUTPUT -p TCP --dport 21 -j MARK --set-mark 8
$i -t mangle -A OUTPUT -p TCP --sport 21 -j MARK --set-mark 8
# Userzy MAX
$h filter add dev $LANINT parent 1:2 protocol ip prio 6 handle 9 fw flowid 1:5
$i -t mangle -A FORWARD -o eth1 -j MARK --set-mark 9
# klasa priorytetowa ACK
$h class add dev $WANINT parent 2:1 classid 2:2 htb rate ${ACKSPD}kbit ceil ${USERUPMAX}kbit prio 1 quantum 1500
$h qdisc add dev $WANINT parent 2:2 sfq perturb 10
$h filter add dev $WANINT parent 2:0 protocol ip prio 1 u32 match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 match u16 0x0000 0xffc0 at 1 match u8 0x10 0xff at 33 flowid 2:2 # ACK
# klasa priorytetowa TOS 0x10 oraz ICMP i DNS
$h class add dev $WANINT parent 2:1 classid 2:3 htb rate ${ICMPSPD}kbit ceil ${USERUPMAX}kbit prio 2 quantum 1500
$h qdisc add dev $WANINT parent 2:3 $SFQ
$h filter add dev $WANINT parent 2:0 protocol ip prio 1 u32 match ip tos 0x10 0xff flowid 2:3 # TOS
$h filter add dev $WANINT parent 2:0 protocol ip prio 2 u32 match ip dport 22 0xffff flowid 2:3 # port 22
$h filter add dev $WANINT parent 2:0 protocol ip prio 2 u32 match ip sport 22 0xffff flowid 2:3 # port 22
$h filter add dev $WANINT parent 2:0 protocol ip prio 2 u32 match ip dport 53 0xffff flowid 2:3 # port 53
$h filter add dev $WANINT parent 2:0 protocol ip prio 2 u32 match ip protocol 1 0xff flowid 2:3 # ICMP
# Userzy
CNT=1
MARK=$[$STARTMRK+2]
grep "^" $htb_config | grep -v "^#"|grep [0123456789] | while read IP USERDOWN[1] USERUP[1] USERDOWN[2] USERUP[2] USERDOWN[3] USERUP[3] REM; do
USERDOWN0=$USERDOWN
USERUP0=$USERUP
if [ $USERDOWN -gt ${USERDOWN[$pora]} ]; then
USERDOWN0=${USERDOWN[$pora]}
fi
if [ $USERUP -gt ${USERUP[$pora]} ]; then
USERUP0=${USERUP[$pora]}
fi
$h class add dev $LANINT parent 1:5 classid 1:$[10+$CNT] htb rate ${USERDOWN0}kbit ceil ${USERDOWN[$pora]}kbit prio 3 quantum 1500
$h qdisc add dev $LANINT parent 1:$[10+$CNT] $SFQ
$h filter add dev $LANINT protocol ip prio 5 parent 1:0 u32 match ip dst $IP flowid 1:$[10+$CNT]
$i -t mangle -A PREROUTING -s $IP -j MARK --set-mark $MARK
$h class add dev $WANINT parent 2:1 classid 2:$[10+$CNT] htb rate ${USERUP0}kbit ceil ${USERUP[$pora]}kbit prio 4 quantum 1500
$h qdisc add dev $WANINT parent 2:$[10+$CNT] $SFQ
$h filter add dev $WANINT parent 2:0 protocol ip prio 5 handle $MARK fw flowid 2:$[10+$CNT]
MARK=$[$MARK+1]
CNT=$[$CNT+1]
done
# Pasmo dla p2p
$h class add dev $LANINT parent 1:5 classid 1:7 htb rate ${P2PDOWN}kbit ceil ${P2PDOWN}kbit prio 4 quantum 1500
$h qdisc add dev $LANINT parent 1:7 $SFQ
$h class add dev $WANINT parent 2:1 classid 2:5 htb rate ${P2PUP}kbit ceil ${P2PUP}kbit prio 6 quantum 1500
$h qdisc add dev $WANINT parent 2:5 $SFQ
$h filter add dev $LANINT parent 1:0 protocol ip prio 3 handle 2 fw flowid 1:7
$h filter add dev $WANINT parent 2:0 protocol ip prio 4 handle 2 fw flowid 2:5
# -----------------------------8><------------------------------
# Pasmo dla gier, zaplotkuj lub wykasuj jesli nie uzywasz
$h class add dev $LANINT parent 1:5 classid 1:6 htb rate 100kbit ceil 200kbit prio 2 quantum 1500
$h qdisc add dev $LANINT parent 1:6 $SFQ
$h class add dev $WANINT parent 2:1 classid 2:6 htb rate 50kbit ceil 100kbit prio 3 quantum 1500
$h qdisc add dev $WANINT parent 2:6 $SFQ
$i -t mangle -A PREROUTING -p tcp -m multiport --port 27015,27095 -j MARK --set-mark 3
$h filter add dev $LANINT parent 1:0 protocol ip prio 2 handle 3 fw flowid 1:6
$h filter add dev $WANINT parent 2:0 protocol ip prio 3 handle 3 fw flowid 2:6
# -----------------------------><8-------------------------------
# reszta
$h filter add dev $WANINT parent 2:0 protocol ip prio 9 u32 match ip dst 0/0 flowid 2:4
}
To dla w lanuchu OUTPUT w mangle jest dla serwera cs`a i tu zaczyna sie caly bol. Jak jest tylko jakis ruch ze strony sieci do internetu, wtedy lacze osiaga wlasnie maksymalnie ok 200-250 Kbits i nic wiecej i na serwerze sa lagi. Niech ktos to przesledzi , moze zobaczy jakis blad.
Zaloguj się
Zarejestruj się
FAQ
Szukaj
