Spawa wyglada tak:
- Zainstalowalem najnowsze NND
- Potem powrocilem do starego kernela 2.4.31-1nnd ( z nowym nie moglem za cholre skonfigurowac lancuchow ipp2p bo zawsze cos wylatywalo...
- sciagnalem sobie ipp2p w wersji stabilnej 0.8
- modprobe itd
- odpalilem skrypty podnoszace interfacy (podniosly sie elegancko)
- odpalilem imq_ipp2p_eth i tez poszlo bez zajakniecia...
ale teraz na mrtg obserwuje ze caly ruch kierowany jest do imq(0,1) a w imq(2,3) sa znikome wartosci... co prawda wyglada na to ze niby obcina p2p ale tak jakos dziwnie strasznie... np uzytkownik ciagnie z 24KB/s i wysyla 6KB/s czy tez np 9KB/s w niceshaper stats porobily mi sie dziwne limity ( nie takie jak zdeklarowalem w configu)
oto moje configi:
imq_inter:
#! /bin/sh
# Podnoszenie interfejsów wirtulanych IMQ
#
case "$1" in
start)
#
echo ""
echo " Wirtualne interfejsy IMQ ----- WŁACZONE ------> ON "
echo ""
/sbin/modprobe imq numdevs=6 &>/dev/null
/sbin/ifconfig imq0 up &>/dev/null
/sbin/ifconfig imq1 up &>/dev/null
/sbin/ifconfig imq2 up &>/dev/null
/sbin/ifconfig imq3 up &>/dev/null
/sbin/ifconfig imq4 up &>/dev/null
/sbin/ifconfig imq5 up &>/dev/null
#
;;
stop)
#
echo ""
echo " Wirtualne interfejsy IMQ ----- WYŁACZONE -----> OFF "
echo ""
/sbin/ifconfig imq0 down &>/dev/null
/sbin/ifconfig imq1 down &>/dev/null
/sbin/ifconfig imq2 down &>/dev/null
/sbin/ifconfig imq3 down &>/dev/null
/sbin/ifconfig imq4 down &>/dev/null
/sbin/ifconfig imq5 down &>/dev/null
/sbin/rmmod imq &>/dev/null
#
;;
restart)
$0 stop
$0 start
;;
*)
echo ""
echo "U¿ycie: rc.imq [ start | stop | restart ]"
echo ""
exit
;;
esac
plik imq_p2p_eth
#!/bin/bash
# shape_p2p
ECHO="/bin/echo"
MODUL="/sbin/modprobe"
TC="/sbin/tc"
i="/usr/sbin/iptables"
case "$1" in
start)
$ECHO ""
$ECHO " Kolejkowanie P2P ----ON---- "
$ECHO ""
ul=0
dl=0 #zerowanie
godz=`date +%H%M`
if [ $godz -ge "0100" -a $godz -lt "0700" ];then
ul=20 # 5KB
dl=100 # 10KB
pora=noc
fi
if [ $godz -ge "0700" -a $godz -lt "0900" ];then
ul=80 # 10KB
dl=120 # 15KB
pora=ranek
fi
if [ $godz -ge "0900" -a $godz -lt "2300" ];then
ul=16 # 2KB
dl=40 # 5KB
pora=dzien
fi
if [ $godz -ge "2300" -o $godz -lt "0100" ];then
ul=16 # 2KB
dl=40 # 5KB
pora=wieczor
fi
echo " "
echo "---------------------------------------"
echo " "$pora" UL-"$((ul/8))""KB/s" DL-"$((dl/8))"KB/s"
echo " "$ul"kbit "$dl"kbit"
echo "---------------------------------------"
$i -t mangle -A PREROUTING -p tcp -m mark --mark 0x999 -j CONNMARK --save-mark
$i -t mangle -A PREROUTING -m ipp2p --ipp2p -j MARK --set-mark 0x999
$i -t mangle -A PREROUTING -p tcp -m mark ! --mark 0 -j ACCEPT
$i -t mangle -A PREROUTING -p tcp -j CONNMARK --restore-mark
#markowanie pakietow
$i -t mangle -A POSTROUTING -o eth0 -m mark --mark 0x999 -j IMQ --todev 2
$i -t mangle -A POSTROUTING -o eth1 -m mark --mark 0x999 -j IMQ --todev 3
#ul
$TC qdisc add dev imq2 root handle 4:0 htb r2q 1
$TC class add dev imq2 parent 4:0 classid 4:1 htb rate $((ul/1))kbit burst 6k cburst 3k
$TC class add dev imq2 parent 4:1 classid 4:101 htb rate 1kbit ceil ${ul}kbit quantum 1500 burst 0k cburst 0k prio 7
$TC filter add dev imq2 parent 4:0 protocol ip prio 7 handle 0x999 fw classid 4:401
$TC qdisc add dev imq2 parent 4:101 sfq perturb 10 quantum 1500
#dl
$TC qdisc add dev imq3 root handle 5:0 htb default 103 r2q 1
$TC class add dev imq3 parent 5:0 classid 5:1 htb rate $((dl/1))kbit burst 6k cburst 3k
$TC class add dev imq3 parent 5:1 classid 5:101 htb rate 1kbit ceil ${dl}kbit quantum 1500 burst 0k cburst 0k prio 7
$TC filter add dev imq3 parent 5:0 protocol ip prio 7 handle 0x999 fw classid 5:101
$TC qdisc add dev imq3 parent 5:101 sfq perturb 10 quantum 1500
################################## ---p2p-- rozwala upload niceshapera - restartuj----
sleep 2
/usr/bin/niceshaper stop
sleep 5
/usr/bin/niceshaper start
################################## -------------- restart niceshapera! ---------------
#
;;
stop)
#
$ECHO ""
$ECHO " Kolejkowanie P2P ----OFF---- "
$ECHO ""
#
iptables -t mangle -D PREROUTING -p tcp -j CONNMARK --restore-mark
iptables -t mangle -D PREROUTING -p tcp -m mark ! --mark 0 -j ACCEPT
iptables -t mangle -D PREROUTING -m ipp2p --ipp2p -j MARK --set-mark 0x999
#iptables -t mangle -D PREROUTING -m ipp2p --ipp2p -data -j MARK --set-mark 0x999
#dopisane
iptables -t mangle -A PREROUTING -p udp -m ipp2p --ipp2p -j MARK --set-mark 1
iptables -t mangle -D PREROUTING -p tcp -m mark --mark 0x999 -j CONNMARK --save-mark
iptables -t mangle -D POSTROUTING -o eth0 -m mark --mark 0x999 -j IMQ --todev 2
iptables -t mangle -D POSTROUTING -o eth1 -m mark --mark 0x999 -j IMQ --todev 3
$TC qdisc del dev imq2 root
$TC qdisc del dev imq3 root
#
;;
restart)
$0 stop
sleep 1
$0 start
;;
*)
$ECHO ""
$ECHO " U¿ycie kolejkowanie P2P [ start | stop | restart ] "
$ECHO ""
exit
;;
esac
config niceshapera:
<global>
iface inet eth0 83.16.49.98/29
iface local eth1 195.182.164.1/24
#do not shape local 83.16.49.98 with 195.182.164.0/24
#do not shape local 195.182.164.1 with 195.182.164.0/24
shape router true low 8kbps ceil 14kbps prio 2
stats unit kbps # dump 5c file /var/www/stats/nsstats.txt
resolve hostname true
method imq
reload 3s
</global>
<download>
link speed 250kbps shape 240kbps
user low 0kbps ceil 60kbps strict 50%
# interactive rate 0kbps ceil 0kbps
# interactive srcport 27960,22 dstport 27960,22
# interactive srcip 208.231.90.235
# interactive u32 match ip protocol 1 0xff
# interactive u32 match ip tos 0x10 0xff
policy dynamic
</download>
<upload>
link speed 64kbps shape 55kbps
user low 0kbps ceil 8kbps strict 50%
# interactive rate 0kbps ceil 0kbps
# interactive srcport 22,27960 dstport 22,27960
# interactive dstip 208.231.90.235
policy dynamic
</upload>
wycinek pliku users:
...
195.182.164.3 eth1 dl_low 5kbps ul_low 1kbps dl_ceil 64kbps ul_ceil 8kbps
195.182.164.4 eth1 dl_low 5kbps ul_low 1kbps dl_ceil 64kbps ul_ceil 8kbps
195.182.164.5 eth1 dl_low 5kbps ul_low 1kbps dl_ceil 64kbps ul_ceil 8kbps
...
plik po zapisie firewalla:
# Generated by iptables-save v1.3.1 on Sat Feb 25 22:11:55 2006
*filter
:INPUT DROP [154967:10750902]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [84380:25295968]
:mrtg_traffic - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m multiport --dports 135,445 -j DROP
-A INPUT -p tcp -m tcp --dport 113 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -p tcp -m tcp --dport 1080 -j REJECT --reject-with icmp-port-unreachable
-A INPUT -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT
-A INPUT -i ! eth0 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j mrtg_traffic
-A FORWARD -o lo -j ACCEPT
-A FORWARD -p tcp -m multiport --dports 135,445 -j DROP
-A FORWARD -i ! eth0 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A mrtg_traffic -d 127.0.0.1 -j RETURN
-A mrtg_traffic -s 127.0.0.1 -j RETURN
-A mrtg_traffic -d 195.182.164.1 -j RETURN
-A mrtg_traffic -s 195.182.164.1 -j RETURN
-A mrtg_traffic -d 195.182.164.2 -j RETURN
...
-A mrtg_traffic -d 195.182.164.151 -j RETURN
-A mrtg_traffic -s 195.182.164.151 -j RETURN
COMMIT
# Completed on Sat Feb 25 22:11:55 2006
# Generated by iptables-save v1.3.1 on Sat Feb 25 22:11:55 2006
*mangle
:PREROUTING ACCEPT [10367227:4909024470]
:INPUT ACCEPT [247507:35557148]
:FORWARD ACCEPT [10170156:4920476165]
:OUTPUT ACCEPT [85463:25383607]
:POSTROUTING ACCEPT [10200971:4943200957]
:niceshaper_dl - [0:0]
:niceshaper_ul - [0:0]
-A PREROUTING -p udp -m ipp2p --ipp2p -j MARK --set-mark 0x1
-A PREROUTING -p udp -m ipp2p --ipp2p -j MARK --set-mark 0x1
-A PREROUTING -p udp -m ipp2p --ipp2p -j MARK --set-mark 0x1
-A PREROUTING -p tcp -m mark --mark 0x999 -j CONNMARK --save-mark
-A PREROUTING -m ipp2p --ipp2p -j MARK --set-mark 0x999
-A PREROUTING -p tcp -m mark ! --mark 0x0 -j ACCEPT
-A PREROUTING -p tcp -j CONNMARK --restore-mark
-A PREROUTING -s 195.182.164.0/255.255.255.0 -i eth1 -j niceshaper_ul
-A INPUT -d 83.16.49.98 -i eth0 -j niceshaper_dl
-A OUTPUT -s 83.16.49.98 -o eth0 -j niceshaper_ul
-A POSTROUTING -d 195.182.164.0/255.255.255.0 -o eth1 -j niceshaper_dl
-A POSTROUTING -o eth0 -m mark --mark 0x999 -j IMQ --todev 2
-A POSTROUTING -o eth1 -m mark --mark 0x999 -j IMQ --todev 3
-A niceshaper_dl
-A niceshaper_dl -d 83.16.49.98 -i eth0 -j RETURN
-A niceshaper_dl -d 195.182.164.3 -o eth1 -j IMQ --todev 1
-A niceshaper_dl -d 195.182.164.4 -o eth1 -j IMQ --todev 1
...
-A niceshaper_dl -d 195.182.164.139 -o eth1 -j IMQ --todev 1
-A niceshaper_dl -d 195.182.164.200 -o eth1 -j IMQ --todev 1
-A niceshaper_ul
-A niceshaper_ul -s 83.16.49.98 -o eth0 -j IMQ --todev 0
-A niceshaper_ul -s 195.182.164.3 -i eth1 -j IMQ --todev 0
...
-A niceshaper_ul -s 195.182.164.139 -i eth1 -j IMQ --todev 0
-A niceshaper_ul -s 195.182.164.200 -i eth1 -j IMQ --todev 0
COMMIT
# Completed on Sat Feb 25 22:11:55 2006
# Generated by iptables-save v1.3.1 on Sat Feb 25 22:11:55 2006
*nat
:PREROUTING ACCEPT [620181:38191784]
:POSTROUTING ACCEPT [2878:150648]
:OUTPUT ACCEPT [191:14415]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Sat Feb 25 22:11:55 2006
link do moich statystyk:
http://mrtg.adminet.pl
Jest to DSL 2mb/512kb
... kurde juz nie wiem jak to wszystko ma byc niby chodzi a jakos tego nie widac... za wszelka pomoc wielkie dzieki
P.S.
kurcze moze mi czegos brakuje albo cos... no juz sam nie wiem... za skomplikowane to jak dla mnie troche
bo sie cala noc pocilem zeby to odpalic
Zaloguj się
Zarejestruj się
FAQ
Szukaj
Z tego co wiem (nie moge sobie przypomniec skad 
