1.
Ne moge ograniczyc wysyłania klientom (download
dziala bez zarzutu).
moj plik rc.htb:
#!/bin/sh
IPT=/usr/sbin/iptables
TC=/sbin/tc
LAN=eth0
LAN2=eth2
WAN=eth1
IMQ=imq0
DOWNLOAD=2000kbit
UPLOAD=512bit
# ----------------------------------------------------------------
BURST="burst 30k"
stop ()
{
$IPT -t mangle -D FORWARD -i $WAN -j LIMITS >/dev/null 2>&1
$IPT -t mangle -D FORWARD -o $WAN -j LIMITS >/dev/null 2>&1
$IPT -t mangle -F LIMITS >/dev/null 2>&1
$IPT -t mangle -X LIMITS >/dev/null 2>&1
$IPT -t mangle -F OUTPUT
#$IPT -t filter -F FORWARD
#$IPT -t mangle -D INPUT -p tcp --dport 8080 -j LIMITS >/dev/null 2>&1
#$IPT -t mangle -D OUTPUT -p tcp --sport 8080 -j LIMITS >/dev/null 2>&1
$TC qdisc del dev $LAN root 2> /dev/null
$TC qdisc del dev $WAN root 2> /dev/null
}
start ()
{
stop
$IPT -t mangle -N LIMITS
$IPT -t mangle -I FORWARD -i $WAN -j LIMITS
$IPT -t mangle -I FORWARD -o $WAN -j LIMITS
$IPT -t mangle -I INPUT -p tcp --dport 8080 -j LIMITS >/dev/null 2>&1
$IPT -t mangle -I OUTPUT -p tcp --sport 8080 -j LIMITS >/dev/null 2>&1
# incomming traffic
$TC qdisc add dev $LAN root handle 1:0 htb default 3 r2q 1
$TC class add dev $LAN parent 1:0 classid 1:1 htb rate 99000kbit ceil
99000kbit quantum 1500
$TC class add dev $LAN parent 1:1 classid 1:2 htb rate $DOWNLOAD ceil
$DOWNLOAD
# outgoing traffic
$TC qdisc add dev $WAN root handle 2:0 htb default 11 r2q 1
$TC class add dev $WAN parent 2:0 classid 2:1 htb rate $UPLOAD ceil $UPLOAD
$IPT -t mangle -A LIMITS -s 192.168.0.9 -j MARK --set-mark 100
# ADMIN(pelen zakres)
$IPT -t mangle -A LIMITS -d 192.168.0.2 -j MARK --set-mark 101
$TC class add dev $WAN parent 2:1 classid 2:101 htb rate 300.00kbit ceil
512.00kbit $BURST prio 2 quantum 1500
$TC qdisc add dev $WAN parent 2:101 esfq perturb 10 hash dst
$TC filter add dev $WAN parent 2:0 protocol ip prio 5 handle 101 fw flowid
2:101
$TC class add dev $LAN parent 1:2 classid 1:101 htb rate 500.00kbit ceil
2000.00kbit $BURST prio 2 quantum 1500
$TC qdisc add dev $LAN parent 1:101 esfq perturb 10 hash dst
$TC filter add dev $LAN parent 1:0 protocol ip prio 5 handle 101 fw flowid
1:101
$IPT -t mangle -A LIMITS -s 192.168.0.23 -j MARK --set-mark 102
# ZWYKLY UZYTKOWNIK:
$IPT -t mangle -A LIMITS -d 192.168.0.6 -j MARK --set-mark 112
$TC class add dev $WAN parent 2:1 classid 2:112 htb rate 25.00kbit ceil
50.00kbit $BURST prio 2 quantum 1500
$TC qdisc add dev $WAN parent 2:112 esfq perturb 10 hash dst
$TC filter add dev $WAN parent 2:0 protocol ip prio 5 handle 112 fw flowid
2:112
$TC class add dev $LAN parent 1:2 classid 1:112 htb rate 150.00kbit ceil
200.00kbit $BURST prio 2 quantum 1500
$TC qdisc add dev $LAN parent 1:112 esfq perturb 10 hash dst
$TC filter add dev $LAN parent 1:0 protocol ip prio 5 handle 112 fw flowid
1:112
$IPT -t mangle -A LIMITS -s 192.168.0.30 -j MARK --set-mark 113
}
case "$1" in
'start')
start
;;
'stop')
stop
;;
'status')
echo "WAN Interface"
echo "============="
$TC class show dev $WAN | grep root
$TC class show dev $WAN | grep -v root | sort | nl
echo "LAN Interface"
echo "============="
$TC class show dev $LAN | grep root
$TC class show dev $LAN | grep -v root | sort | nl
;;
*)
echo -e "
Usage: rc.htb start|stop|status"
;;
esac
Jak wylistować liste otwartych portów przez użytkowników sieci.
polecenie netstat -nat listuje tylko ze przed nr portu pokazuje ip serwera.
3.Jak zmienic port na ktorym działa SSH ?
ok to narazie tyle
Zaloguj się
Zarejestruj się
FAQ
Szukaj
