Il ven, 2002-02-15 alle 19:27, Martin Devera ha scritto:
> post your conf. hard to say without it ..
Ok if I can, this is my conf:
#USCITA DA PPP0
#classe root
echo ppp0 classe root
tc qdisc $1 dev ppp0 root handle 1: prio
#sottoclassi
echo sottoclassi
#tc qdisc $1 dev ppp0 parent 1:1 handle 10: sfq
#tc qdisc $1 dev ppp0 parent 1:2 handle 20: tbf rate 20kbit buffer 1600 limit 3000
#tc qdisc $1 dev ppp0 parent 1:2 handle 20: sfq
#tc qdisc $1 dev ppp0 parent 1:3 handle 30: sfq
tc qdisc $1 dev ppp0 parent 1:1 handle 10: red min 200 max 400 avpkt 50 \
burst 10 limit 600
tc qdisc $1 dev ppp0 parent 1:2 handle 20: red min 300 max 400 avpkt 150 \
burst 10 limit 700
tc qdisc $1 dev ppp0 parent 1:3 handle 30: red min 1500 max 8000 avpkt 250 \
burst 10 limit 20000
# filtri
echo filtro ssh
# ssh
tc filter add dev ppp0 parent 1:0 protocol ip prio 11 u32 \
match ip tos 0x10 0xff classid 1:2
echo filtro icmp
# icmp
tc filter add dev ppp0 parent 1:0 protocol ip prio 12 u32 \
match ip protocol 1 0xff classid 1:2
echo filtro ack
# ack
tc filter add dev ppp0 parent 1: protocol ip prio 10 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u8 0x34 0xff at 3 \
match u8 0x10 0xff at 33 \
classid 1:1
echo filtro resto
# resto
tc filter add dev ppp0 parent 1: protocol ip prio 14 u32 \
match ip dst 0.0.0.0/0 classid 1:3
echo filtro udp
# udp
iptables -A OUTPUT -t mangle -p udp -j MARK --set-mark 2
tc filter add dev ppp0 parent 1: protocol ip prio 13 handle 2 fw \
classid 1:2
#ENTRATA DA ETH0
echo eth0 classe root
#classe root
tc qdisc $1 dev eth0 root handle 1: htb default 13
tc class $1 dev eth0 parent 1: classid 1:1 htb rate 51kbit \
ceil 52kbit burst 3k
echo sottoclassi
#sottoclassi
tc class $1 dev eth0 parent 1:1 classid 1:10 htb rate 4kbit burst 1k \
prio 1 ceil 50kbit
tc class $1 dev eth0 parent 1:1 classid 1:11 htb rate 25kbit burst 3k \
prio 2 ceil 50kbit
tc class $1 dev eth0 parent 1:1 classid 1:12 htb rate 7kbit burst 2k \
prio 3 ceil 50kbit
tc class $1 dev eth0 parent 1:1 classid 1:13 htb rate 4kbit burst 1k \
prio 4 ceil 50kbit
#tc qdisc $1 dev eth0 parent 1:10 handle 10: sfq
#tc qdisc $1 dev eth0 parent 1:11 handle 20: sfq
#tc qdisc $1 dev eth0 parent 1:12 handle 30: sfq
#tc qdisc $1 dev eth0 parent 1:13 handle 40: sfq
tc qdisc $1 dev eth0 parent 1:10 handle 10: red min 200 max 400 avpkt 50 \
burst 10 limit 600
tc qdisc $1 dev eth0 parent 1:11 handle 20: red min 300 max 1500 avpkt 150 \
burst 10 limit 700
tc qdisc $1 dev eth0 parent 1:12 handle 30: red min 1500 max 8000 avpkt 250 \
burst 20 limit 20000
tc qdisc $1 dev eth0 parent 1:13 handle 40: red min 1500 max 8000 avpkt 250 \
burst 10 limit 20000
# filtri
echo ssh
# ssh
tc filter add dev eth0 parent 1: protocol ip prio 10 u32 \
match ip tos 0x10 0xff classid 1:11
echo icmp
# icmp
tc filter add dev eth0 parent 1: protocol ip prio 11 u32 \
match ip protocol 1 0xff classid 1:11
echo ack
# ack
tc filter add dev eth0 parent 1: protocol ip prio 13 u32 \
match ip protocol 6 0xff \
match u8 0x05 0x0f at 0 \
match u8 0x34 0xff at 3 \
match u8 0x10 0xff at 33 \
classid 1:10
echo resto
# resto
tc filter add dev eth0 parent 1: protocol ip prio 15 u32 \
match ip dst 0.0.0.0/0 classid 1:13
echo www
# www
iptables -A PREROUTING -t mangle -p tcp --dport 8080 \
-j MARK --set-mark 1
iptables -A PREROUTING -t mangle -p tcp --sport 8080 \
-j MARK --set-mark 1
iptables -A PREROUTING -t mangle -p tcp --dport 80 \
-j MARK --set-mark 1
iptables -A PREROUTING -t mangle -p tcp --sport 80 \
-j MARK --set-mark 1
tc filter add dev eth0 parent 1: protocol ip prio 14 handle 1 fw \
classid 1:12
echo udp
# udp
iptables -A PREROUTING -t mangle -p udp -j MARK --set-mark 2
tc filter add dev eth0 parent 1: protocol ip prio 12 handle 2 fw \
classid 1:11
