Freesco, NND, CDN, EOS

[root@SERWER rc.d]# iptables -t mangle -L PREROUTING
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
MARK all -- anywhere anywhere ipp2p v0.8.1_rc1 --ipp2p MARK set 0x64
MARK all -- Admin anywhere MARK set 0x2
MARK all -- Jagódka anywhere MARK set 0x3
MARK all -- Jewiak anywhere MARK set 0x4
MARK all -- Kopeć anywhere MARK set 0x5
MARK all -- Lachtara anywhere MARK set 0x6
MARK all -- Lipiec anywhere MARK set 0x7
MARK all -- Pazdzioch anywhere MARK set 0x8
MARK all -- Płaza anywhere MARK set 0x9
MARK all -- Proć anywhere MARK set 0xa
MARK all -- Sliwiński anywhere MARK set 0xb
MARK all -- tel_IP anywhere MARK set 0xc
MARK all -- Witkowska anywhere MARK set 0xd
MARK all -- Wojtek anywhere MARK set 0xe

1. Czy lepszym rozwiązaniem od ipp2p jest layer7 ?

2. W jaki sposób zamarkować pakiety p2p i przekazać do klasy, w krórej mają być kolejkowane. Tu w tym drugim pukncie to proszę o wskazówki, bo nie bardzo wiem jak to zrobić.

IPT=/usr/sbin/iptables


$IPT -t mangle -A PREROUTING -s IP-usera -j MARK --set-mark 2
$IPT -t mangle -A PREROUTING -m layer7 --l7proto skypetoskype -j MARK --set-mark 100
$IPT -t mangle -A POSTROUTING -m layer7 --l7proto skypetoskype -j MARK --set-mark 100
$IPT -t mangle -A POSTROUTING -o eth0 -j IMQ --todev 1
$IPT -t mangle -A PREROUTING -i eth0 -j IMQ --todev 0

# INTERFEJS IMQ0 (ruch przychodz±cy)
/sbin/rchtb_tc qdisc add dev imq0 root handle 1:0 htb default 3 r2q 1

# Główna klasa dla imq0
/sbin/rchtb_tc class add dev imq0 parent 1:0 classid 1:1 htb rate 4500kbit ceil 4500kbit

# Podział na pasmo dla ł±cza internetowego i resztę
/sbin/rchtb_tc class add dev imq0 parent 1:1 classid 1:2 htb rate 496kbit ceil 496kbit
/sbin/rchtb_tc class add dev imq0 parent 1:1 classid 1:3 htb rate 4004kbit ceil 4004kbit prio 9
/sbin/rchtb_tc qdisc add dev imq0 parent 1:3 esfq perturb 10 hash dst

# pasmo priorytetowe dla ICMP, TOS 0x10 (min. delay) oraz wybranego portu 22
/sbin/rchtb_tc class add dev imq0 parent 1:2 classid 1:20 htb rate 35kbit ceil 496kbit prio 1 quantum 1500
/sbin/rchtb_tc qdisc add dev imq0 parent 1:20 esfq perturb 10 hash dst
/sbin/rchtb_tc filter add dev imq0 protocol ip prio 3 parent 1:0 u32 match ip sport 22 0xffff flowid 1:20
/sbin/rchtb_tc filter add dev imq0 protocol ip prio 2 parent 1:0 u32 match ip tos 0x10 0xff flowid 1:20
/sbin/rchtb_tc filter add dev imq0 protocol ip prio 2 parent 1:0 u32 match ip protocol 1 0xff flowid 1:20

# user1
/sbin/rchtb_tc class add dev imq0 parent 1:2 classid 1:21 htb rate 35kbit ceil 496kbit prio 2 quantum 1500
/sbin/rchtb_tc qdisc add dev imq0 parent 1:21 esfq perturb 10 hash dst
/sbin/rchtb_tc filter add dev imq0 protocol ip prio 5 parent 1:0 u32 match ip dst 192.168.1.29 flowid 1:21


#user2
.
.
.
#p2p
/sbin/rchtb_tc class add dev imq0 parent 1:2 classid 1:34 htb rate 13kbit ceil 128kbit prio 6 quantum 15000
/sbin/rchtb_tc qdisc add dev imq0 parent 1:34 esfq perturb 10 hash dst
/sbin/rchtb_tc filter add dev imq0 parent 1:0 protocol ip prio 7 handle 100 fw flowid 1:34

# transfer serwer->LAN
/sbin/rchtb_tc filter add dev imq0 protocol ip prio 1 parent 1:0 handle 1 fw flowid 1:3


# INTERFEJS IMQ1 (ruch wychodz±cy)
/sbin/rchtb_tc qdisc add dev imq1 root handle 2:0 htb default 11 r2q 1

# główna klasa
/sbin/rchtb_tc class add dev imq1 parent 2:0 classid 2:1 htb rate 339kbit ceil 339kbit

# klasa priorytetowa ACK
/sbin/rchtb_tc class add dev imq1 parent 2:1 classid 2:10 htb rate 24kbit ceil 24kbit prio 1 quantum 1500
/sbin/rchtb_tc qdisc add dev imq1 parent 2:10 esfq perturb 10 hash dst
/sbin/rchtb_tc filter add dev imq1 parent 2:0 protocol ip prio 2 u32 match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 match u16 0x0000 0xffc0 at 1 match u8 0x10 0xff at 33 flowid 2:10 # ACK

# klasa priorytetowa TOS 0x10 oraz ICMP
/sbin/rchtb_tc class add dev imq1 parent 2:1 classid 2:9 htb rate 6kbit ceil 309kbit prio 2 quantum 1500
/sbin/rchtb_tc qdisc add dev imq1 parent 2:9 esfq perturb 10 hash dst
/sbin/rchtb_tc filter add dev imq1 parent 2:0 protocol ip prio 1 u32 match ip tos 0x10 0xff flowid 2:9 # TOS 0x10
/sbin/rchtb_tc filter add dev imq1 parent 2:0 protocol ip prio 2 u32 match ip dport 22 0xffff flowid 2:9 # port 22
/sbin/rchtb_tc filter add dev imq1 parent 2:0 protocol ip prio 1 u32 match ip protocol 1 0xff flowid 2:9 # ICMP

# ruch serwerowy (pasmo dla go¶ci z zewn±trz)
/sbin/rchtb_tc class add dev imq1 parent 2:1 classid 2:11 htb rate 135kbit ceil 309kbit prio 2 quantum 1500
/sbin/rchtb_tc qdisc add dev imq1 parent 2:11 esfq perturb 10 hash dst
/sbin/rchtb_tc filter add dev imq1 parent 2:0 protocol ip prio 3 handle 1 fw flowid 2:11

# user1
/sbin/rchtb_tc class add dev imq1 parent 2:1 classid 2:12 htb rate 13kbit ceil 309kbit prio 2 quantum 1500
/sbin/rchtb_tc qdisc add dev imq1 parent 2:12 esfq perturb 10 hash dst
/sbin/rchtb_tc filter add dev imq1 parent 2:0 protocol ip prio 5 handle 2 fw flowid 2:12

user2
.
.
.
.

#p2p
/sbin/rchtb_tc class add dev imq1 parent 2:1 classid 2:25 htb rate 13kbit ceil 128kbit prio 6 quantum 1500
/sbin/rchtb_tc qdisc add dev imq1 parent 2:25 esfq perturb 10 hash dst
/sbin/rchtb_tc filter add dev imq1 parent 2:0 protocol ip prio 7 handle 100 fw flowid 2:25

/sbin/rchtb_tc filter add dev imq1 parent 2:0 protocol ip prio 9 u32 match ip dst 0/0 flowid 2:11

adamol chya nie zrozumiałeś pytania

marcin w musisz każdy z osobna wyznaczyć np:


itp

lista:
http://l7-filter.sourceforge.net/protocols